[TYPO3-core] RFC #14727: Code cleanup: tx_saltedpasswords_sv1 should use parent object instead of TYPO3_MODE

Alexander Stehlik alexander.stehlik at googlemail.com
Sun Jan 9 15:30:52 CET 2011


Hi,

you are right this problem is quite tricky.

The only solution I could think of is a modification of 
t3lib_div::makeInstanceService, that provides additional information in 
the t3lib_svbase::info array (see attached patch).

What do you think of it?

Kind regards,
Alex

Am 09.01.2011 01:30, schrieb Marcus Krause:
> Hi!
>
> Steffen Gebert schrieb am 01/08/2011 02:27 PM Uhr:
>>> Bugtracker references:
>>> http://bugs.typo3.org/view.php?id=0014727
>>>
>>> Branches:
>>> trunk
>>>
>>> Problem:
>>> At the moment, tx_saltedpasswords_sv1 uses the TYPO3_MODE constant to
>>> determine in which table the password should be updated (in
>>> updatePassword() method).
>>> This isn't very clean and can lead to problems if you use some kind of
>>> be/fe login combination extension like simulatebe. There, the user
>>> logs in to the Frontend, to TYPO3_MODE is "FE" but wants to
>>> authenticate a BE user.
>>>
>>> Solution:
>>> A simple solution to this is the usage of the $pObj field. See the
>>> attached patch. It makes things much simpler and cleaner as far as I
>>> can see.
>>
>> +1 by reading and testing
>>
>> Attached a cleaned-up patch against svn root.
>
> Although this is a nice catch, the patch doesn't solve the problem once
> and forever.
>
> In tx_saltedpasswords_sv1::init() there's a function call to
> tx_saltedpasswords_div::isUsageEnabled() which determines if
> saltedpasswords is enabled for the desired TYPO3_MODE.
>
> To completely fix this problem, you would hand over the mode somehow
> retrieved from $pObj to tx_saltedpasswords_div::isUsageEnabled().
>
> Luckily, isUsageEnabled() accepts an optional parameter with the TYPO3_MODE.
> Unluckily, $pObj is not yet available at this state. It's available with
> tx_sv_authbase::initAuth(), the next call in authentication service
> instanciation/service.
>
>
> Marcus.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 14727_v3.diff
Type: text/x-patch
Size: 2747 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20110109/0fa2ff0e/attachment.bin>


More information about the TYPO3-team-core mailing list