[TYPO3-core] RFC #14236: logging into the Install Tool gives an alert

[Jeff Segars]

On 5/24/10 3:13 PM, Steffen Gebert wrote:
> Am 24.05.2010, 22:11 Uhr, schrieb Steffen Gebert
> <steffen at steffen-gebert.de>:
>
>> Am 24.05.2010, 17:54 Uhr, schrieb Benjamin Mack <benni at typo3.org>:
>>
>>> Hey Steffen,
>>>
>>> I like v2 way better, and this might be the way to go.
>> :)
>>
>>> One thing though: You removed the Cookie Notice, maybe we could add
>>> this notice to the "Install Tool Locked" screen?
>> Uhm.. to be honest: I don't see the need for this.
>> If sb. has cookies disabled, he will have problems on many sites. So
>> when the user has a failed login, he (in my mind) enables cookies for
>> this specific site.
>> Can't imagine a user having cookies disabled by default without an
>> easy way to enable them by one click (e.g. by browser extensions).
>>
>> If you and others have another optionion towards this, I can add
>> another (3rd or 4th? ;-)) message box.
>
> Ah, sorry.. the install tool enabled screen.. uhm.. no, IMHO that's the
> wrong place. If it's shown anywhere, then at the place, where the user's
> login fails..
>
> Steffen

I agree that the cookie error should be shown on the login screen. With 
the current patch, login silently fails if cookies are disabled so 
there's no hint that this is in fact the problem.

As for the option of showing the default password when it is still set, 
remember that this immediately tells *anyone* that the default password 
is in place.  There's certainly some convenience to v2 but I think it's 
safer to show the default password all the time or never.

My last note is just a tiny one. If it were me, I would move any flash 
messages based on user actions (login failure, cookies disabled, etc) 
above the login form to make sure it is seen. The static message about 
changing the password seems fine below though.

Thanks for the work to finish out the Install Tool!
Jeff