[TYPO3-core] RFC: Feature integrated, #7241, Superchallenged MD5 support in felogin

Steffen Ritter info at rs-websystems.de
Tue Jan 22 20:26:13 CET 2008 

Well,
kb_md5pw sv checks if uident is correct (as normal authservice with 
compareUident from t3lib_userauth) and after it if challenge code is 
known from database.
we can come through without having an own authservice, if we change
t3lib.userauth, function compareUident.
At the moment there's not differed between challenged and 
superchallenged. We may create an own bevhavoiur for superchallenged and 
get rid of own service... So that correct uid is only returned if 
challenge code is known from database.
Another point we could act at is the service sv_auth itself. There the 
Modifications, the new service takes care of can also be integrated (if 
T3Conf is set to superchallenged).
What do you think is the better position to work at?
For me it t3lib_userauth itself, if the mods do not affect login in the 
backend.

Greetings



Steffen Ritter schrieb:
> Okay,
> 
> user_getChallenge.php is only needed if you want to build your own 
> Loginbox with Typoscript. It's the possibility to include the challenge 
> code. We may leave it out, but it's typic behavoiur to build 
> TS-Loginboxes, and if it's a core feature there should be a possibility 
> provided to include superchallenged Login with TS. I will think about 
> another solution.
> About the auth service I will have a detailed look, if we can have it 
> without overwriting it.
> 
> Steffen
> 
> Steffen Kamper schrieb:
>> "Steffen Ritter" <info at rs-websystems.de> schrieb im Newsbeitrag 
>> news:mailman.1.1201016340.32120.typo3-team-core at lists.netfielders.de...
>>> Hello,
>>> I'm sorry about that.
>>> I just used TortoiseSVN to build patch against the folder.
>>> Since I'm using it not for long time, I did not know that there is no
>>> warning if files have been updatet on server when I update the trunk
>>> (while my files are changed).
>>> I copied my changes into the current trunk version and again made a
>>> diff, this time, calling from root.
>>> I hope I did right this time.
>>>
>>> so far
>>>
>>> Steffen
>>>
>> once again :-)
>>
>> two files are double in your patch
>> - user_getChallange.php
>> - class.tx_felogin_sv1.php
>>
>> I don't know if it's really good to overwrite the auth-service. If 
>> this don't work with the original one, this has to be improved, 
>> because user_auth supports superchallenged.
>>
>> vg  Steffen
>>

More information about the TYPO3-team-core mailing list