[TYPO3-core] RFC: #10017: [felogin] New Method for "forgotPassword"

[Xavier Perseguers]

Hi,

> after some quite time :-)
> here is the new patch. It's for trunk only, so i don't want to include 
> this in 4_2 anymore.
> 
> Remark: the forgot-messages changed due the new handling, as there are 
> no emails send with passwords anymore. Also no email address is printed 
> out, so there is no chance to see if entered data fit to user or not.
> 
> So the right messages for email sent are only correct in english 
> (default), other languages must be translated newly.
> Please test.

Would it be possible to change this:

Pre-hook
-----------------------------------
When updating the password, a test is made to see whether kb_md5fepw is 
loaded, if so, the tx_t3secsaltedpw_phpass class is instantiated to hash 
the password. I do not like keeping such a hard link to a 3rd party 
extension (feuser is updated, let's remove old code). I propose to 
introduce a hook that would let *any* extension to update the password 
(hash it, encrypt it in some way, ...):

$newPass = '...';

// Hook

$GLOBALS['TYPO3_DB']->exec_UPDATEquery(...)

This means kb_md5fepw should be updated to use the hook which should not 
be a big problem as author is a core member...

I was thinking about a post-hook to let me do some other stuff once the 
password has been updated in table fe_users but I could use the pre-hook 
to do this for my extension. That is please use a hook and I will be 
more than happy!

PS: I created my own authentication method against a MS-SQL database 
which contains users. Thus I need a way to hook somewhere to update the 
MS-SQL DB too. The pre-hook is the solution to both problems (kb_md5fepw 
and my case). This could be useful too for other authentication methods, 
e.g., with LDAP if the connecting user has a way to update LDAP records.

-- 
Xavier Perseguers
http://xavier.perseguers.ch/en

One contribution a day keeps the fork away