[TYPO3-german] Backend-Logindaten außerhalb von T3 prüfen, möglich?

Thu Oct 6 16:59:01 CEST 2011

Okay super, danke. Das werde ich mal ausprobieren, aber sieht auf den ersten Blick schon sehr interessant und nützlich aus.

Gruß Philip

-- 
Philip Hahn | Software-Schmie.de
mailto:info at software-schmie.de | http://www.software-schmie.de/
Stresemannallee 130 | 22529 Hamburg | Germany
Impressum/Kontakt: http://www.software-schmie.de/kontakt/

Am 06.10.2011 um 11:25 schrieb Georg Ringer:

> Hallo,
> 
> wir haben das mal für FE-User gemacht, das ganze via EID eingebunden.
> 
> -------------------
> <?php
> 
> class Tx_Fo_Eid_Index {
> 
> 	const allowedUsergroup = 1;
> 	const allowedPid = 155;
> 
> 	public function main() {
> 		$action = t3lib_div::_GP('action');
> 		try {
> 			$out = '';
> 
> 			switch ($action) {
> 				case 'login':
> 					$out = $this->loginAction();
> 					break;
> 				default:
> 					throw new Exception('No action defined');
> 			}
> 
> 			echo $out;
> 
> 		} catch (Exception $e) {
> 			exit;
> 		}
> 	}
> 
> 	/**
> 	 * Check by a given username and password if
> 	 * a user is found which matches
> 	 *
> 	 * @return serialized array
> 	 */
> 	protected function loginAction() {
> 		$username = t3lib_div::_GET('username');
> 		$password = t3lib_div::_GET('password');
> 
> 		if (empty($username) || empty($password)) {
> 			throw new UnexpectedValueException('Username or password not given');
> 		}
> 
> 		tslib_eidtools::connectDB();
> 
> 		$userRecord = $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow(
> 			'*',
> 			'fe_users',
> 			'disable=0 AND (username=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($username) . ' OR email=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($username) . ' ) AND pid=' . (int)self::allowedPid
> 		);
> 		if (!is_array($userRecord)) {
> 			throw new Exception('User with username not found');
> 		}
> 
> 			// check usergroup
> 		if (!t3lib_div::inList($userRecord['usergroup'], self::allowedUsergroup)) {
> 			throw new Exception('Usergroup is wrong');
> 		}
> 
> 			// compare password
> 		$validPassword = $this->compareUserRecordWithPassword($userRecord, $password);
> 
> 		if ($validPassword) {
> 			return serialize($userRecord);
> 		} else {
> 			throw new Exception('No valid password');
> 		}
> 
> 	}
> 
> 	/**
> 	 * Check password of user with a given one
> 	 *
> 	 * @param array $userRecord
> 	 * @param string $password
> 	 * @return boolean
> 	 */
> 	private function compareUserRecordWithPassword(array $userRecord, $password) {
> 		t3lib_div::requireOnce(t3lib_extMgm::extPath('saltedpasswords', 'classes/salts/class.tx_saltedpasswords_salts_factory.php'));
> 
> 		$this->objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance($userRecord['password'], 'FE');
> 		if (!is_object($this->objInstanceSaltedPW)) {
> 			$isValid = md5($password) == $userRecord['password'];
> 			return $isValid;
> 		}
> 		$validPassword = $this->objInstanceSaltedPW->checkPassword($password, $userRecord['password']);
> 		return $validPassword;
> 	}
> 
> }
> 
> $resolver = t3lib_div::makeInstance('Tx_Fo_Eid_Index');
> $resolver->main();
> 
> ?>
> ------------
> 
> tx_saltedpasswords_salts_factory::getSaltingInstance => BE statt FE sollte funktionieren.
> 
> IP-Sperren usw sollte natürlich auch noch gemacht werden
> 
> 
> lg georg
> _______________________________________________
> TYPO3-german mailing list
> TYPO3-german at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-german