[TYPO3-core] RFC #13754: Secure Install Tool Login

[Xavier Perseguers]

Hi,

On 03/06/10 12:20 , Steffen Ritter wrote:
> Steffen Ritter schrieb:
>> -1 because rsaauth is not supportet
> should read: rsaauth is not supportet on every server (needs openssl
> library to be installed and accesible)

By reading, there seems to be a test whether this is activated or not.

However, by reading, it cannot work as you have at least one typo:

$fomrStart instead of $fo*rm*Start but using $formStart (no typo) a few line after the initialization.

Furthermore, there's quite lots of problem with current CGL and a few "no-common" stuff.

Examples:

*typo3/sysext/saltedpasswords/sv1/class.tx_saltedpasswords_sv1.php*:

$GLOBALS['TYPO3_DB']->exec_UPDATEquery( 'be_users', sprintf('uid = %u', $uid), $updateFields);

- space after opening parenthese
- using sprintf instead of simple concatenate (not wrong but personally never seen in Core)

*typo3/sysext/install/mod/class.tx_install.php*:

- single line test instead of using {}
- using "true" and "false" instead of "TRUE" and "FALSE"
- useless use of ternary if operator:

$passwordOk = ($this->hashedPassword == $GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword']) ? true: false;

instead of simple

$passwordOk = ($this->hashedPassword === $GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword']);

- Using == instead of === at many places

*typo3/sysext/rsaauth/hooks/class.tx_rsaauth_loginformhook.php*:

- Signature of getLoginFormTag was changed to remove the type hint of second parameter (I guess it's needed?) but the PHPdoc was not updated
- Same for getLoginScripts

Cheers
-- 
Xavier Perseguers
http://xavier.perseguers.ch/en