[TYPO3-core] RFC: Feature Request #7139: Integration of fe_users password encryption

[Steffen Kamper]

"Martin Kutschker" <martin.kutschker-n0spam at no5pam-blackbox.net> schrieb im 
Newsbeitrag 
news:mailman.1.1200252052.10348.typo3-team-core at lists.netfielders.de...
> Steffen Kamper schrieb:
>>
>> first: yes, i catched your proposal and did it this easy way, tested and 
>> it works.
>> I don't understand what you feel wrong.
>
> t3lib_userautch is a base class for BE (t3lib_beuserauth) and FE 
> (tslib_feuserauth). Introducing code into the BE class that checks for 
> stuff that belongs (at best) to one of it's children is wrong.
>
> A possible solution would have been to make a new method in 
> tslib_feuserauth. I did not follow that path because I felt the problem 
> could be handled by the existing securityLevel model.
>
>> now i tried to follow what you've done. You introduced a new flag and set 
>> loginSecurityLevel to 'hashed'.
>
> That part is optional. If you want to send the password plain you have to 
> use type "normal", which is the default anyway (also in my propsal).
>
> > In userauth there are two existing
>> securityLevels, challenged and superchallenged, so this is also new.
>> // password sent as md5 hash without challenge
>> so you have to md5 the password before sending, i don't see how. This 
>> requires at least a JS to do this.
>>
>> At the end you come to the same result. In my case you don't need any JS. 
>> And with challenge or superchallenge it works too.
>>
>> So what is the conclusion?
>
> That you didn't understand my suggestion. You don't need JS. You need it 
> only for the simple new "hashed" or the old "superchallenged".
>
> Masi

ok, i think i got what you mean. I will try to modify this in 
tslib_feuserauth.
So i think method processLoginData should be modified there to write the md5 
in the uident, so base class do the comparison in mode "normal".

vg Steffen