[TYPO3-core] RFC: #7189: Bugfix: Processing of loginSecurityLevel in t3lib_userauth
Steffen Kamper
steffen at sk-typo3.de
Thu Jan 17 13:41:33 CET 2008
"Steffen Ritter" <info at rs-websystems.de> schrieb im Newsbeitrag
news:mailman.1.1200572822.10691.typo3-team-core at lists.netfielders.de...
> Steffen Kamper schrieb:
>> "Steffen Ritter" <info at rs-websystems.de> schrieb im Newsbeitrag
>> news:mailman.1.1200570989.23586.typo3-team-core at lists.netfielders.de...
>>> This is an SVN patch request.
>>>
>>> Type: Bugfix
>>>
>>> Bugtracker references:
>>> http://bugs.typo3.org/view.php?id=7189
>>>
>>> Branches:
>>> trunk
>>>
>>> Problem:
>>> t3lib_userauth::start() does not set t3_lib_userauth::security_level
>>> depending on a change of $TYPO3_CONF_VARS[FE/BE]['loginsecurityLevel']
>>> but t3lib_userauth::processLoginData() changes the array of loginData
>>> based upon this information.
>>> Due to this, Frontend Login with challenged oder superchallenged mode is
>>> not possible, because $loginData['uident'] becomes cleared.
>>>
>>> Solution:
>>> adding:
>>> if ( $TYPO3_CONF_VARS[$this->loginType]['loginSecurityLevel'] ) {
>>> $this->security_level =
>>> $TYPO3_CONF_VARS[$this->loginType]['loginSecurityLevel'];
>>> }
>>>
>>> to t3lib_userauth::start();
>>>
>>>
>>> Notes:
>>> Se Patch attached
>>>
>>> Greetings
>>>
>>> Steffen
>>
>> Hi Steffen,
>>
>> in general i agree. but you have to account for prior settings, see
>> comment above:
>> // set level to normal if not already set
>>
>> in this case you overwrite it.
>>
>> vg Steffen
>
> Yes you're right. I did not think of this.
>
> Hardcoded it's set to normal. (Line 135).
> So
> // set level to normal if not already set
> $this->security_level = $this->security_level ? $this->security_level :
> 'normal';
>
> does not have any effect.
>
> But you're right, the value can't be overwritten without cecking...
> Probably wie should change my if statement and ask
> if ( ($this->security_level=='normal')
> &&$TYPO3_CONF_VARS[$this->loginType]['loginSecurityLevel'] )
>
> which would have the effect, that the value only is written over if was
> not modified before.
>
> Greetings
i would change it arround:
if (!$this->security_level) {
if ($TYPO3_CONF_VARS[$this->loginType]['loginSecurityLevel']) {
$this->security_level =
$TYPO3_CONF_VARS[$this->loginType]['loginSecurityLevel'];
} else {
$this->security_level = 'normal';
}
}
btw: it does not make sense in processLoginData to ask this value again, it
should be replaced then with $this->security_level
vg Steffen
More information about the TYPO3-team-core
mailing list