Bug #18009 » t3lib_userauth_r2944.diff
t3lib/class.t3lib_userauth.php (working copy) | ||
---|---|---|
var $formfield_uident = ''; // formfield with password
|
||
var $formfield_chalvalue = ''; // formfield with a unique value which is used to encrypt the password and username
|
||
var $formfield_status = ''; // formfield with status: *'login', 'logout'. If empty login is not verified.
|
||
var $security_level = 'normal'; // sets the level of security. *'normal' = clear-text. 'challenged' = hashed password/username from form in $formfield_uident. 'superchallenged' = hashed password hashed again with username.
|
||
var $security_level = ''; // sets the level of security. *'normal' = clear-text. 'challenged' = hashed password/username from form in $formfield_uident. 'superchallenged' = hashed password hashed again with username.
|
||
var $auth_include = ''; // this is the name of the include-file containing the login form. If not set, login CAN be anonymous. If set login IS needed.
|
||
... | ... | |
// backend or frontend login - used for auth services
|
||
$this->loginType = ($this->name=='fe_typo_user') ? 'FE' : 'BE';
|
||
// set level to normal if not already set
|
||
$this->security_level = $this->security_level ? $this->security_level : 'normal';
|
||
// set level to normal if not already set
|
||
if (!$this->security_level) {
|
||
if ($TYPO3_CONF_VARS[$this->loginType]['loginSecurityLevel']) {
|
||
$this->security_level = $TYPO3_CONF_VARS[$this->loginType]['loginSecurityLevel'];
|
||
} else {
|
||
$this->security_level = 'normal';
|
||
}
|
||
}
|
||
// enable dev logging if set
|
||
if ($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['writeDevLog']) $this->writeDevLog = TRUE;
|
||
... | ... | |
* @internal
|
||
*/
|
||
function processLoginData($loginData, $security_level='') {
|
||
global $TYPO3_CONF_VARS;
|
||
$loginSecurityLevel = $security_level ? $security_level : ($TYPO3_CONF_VARS[$this->loginType]['loginSecurityLevel'] ? $TYPO3_CONF_VARS[$this->loginType]['loginSecurityLevel'] : $this->security_level);
|
||
$loginSecurityLevel = $security_level ? $security_level : $this->security_level;
|
||
// Processing data according to the state it was submitted in.
|
||
// ($loginSecurityLevel should reflect the security level used on the data being submitted in the login form)
|
||
if ($loginSecurityLevel=='normal') {
|
||
$loginData['uident_text'] = $loginData['uident'];
|
||
$loginData['uident_challenged'] = (string)md5($loginData['uname'].':'.$loginData['uident'].':'.$loginData['chalvalue']);
|
||
$loginData['uident_superchallenged'] = (string)md5($loginData['uname'].':'.(md5($loginData['uident'])).':'.$loginData['chalvalue']);
|
||
$loginData['uident'] = $loginData['uident_text'];
|
||
} elseif ($loginSecurityLevel=='challenged') {
|
||
$loginData['uident_text'] = '';
|
||
$loginData['uident_challenged'] = $loginData['uident'];
|
||
$loginData['uident_superchallenged'] = '';
|
||
$loginData['uident'] = $loginData['uident_challenged'];
|
||
} elseif ($loginSecurityLevel=='superchallenged') {
|
||
$loginData['uident_text'] = '';
|
||
$loginData['uident_challenged'] = '';
|
||
$loginData['uident_superchallenged'] = $loginData['uident'];
|
||
}
|
||
// The password "uident" is set based on the internal security setting of TYPO3
|
||
// Example:
|
||
// $this->security_level for the backend must be "superchallenged" because passwords are stored as md5-hashes in the be_users table
|
||
// $this->security_level for the frontend must be "normal" or "challenged" because passwords are stored as clear-text in the fe_users tables
|
||
if ($this->security_level=='normal') {
|
||
$loginData['uident'] = $loginData['uident_text'];
|
||
} elseif ($this->security_level=='challenged') {
|
||
$loginData['uident'] = $loginData['uident_challenged'];
|
||
} elseif ($this->security_level=='superchallenged') {
|
||
$loginData['uident'] = $loginData['uident_superchallenged'];
|
||
}
|
||
return $loginData;
|
||
}
|
||
... | ... | |
switch ($security_level) {
|
||
case 'superchallenged': // If superchallenged the password in the database ($user[$this->userident_column]) must be a md5-hash of the original password.
|
||
$F_chalvalue = $loginData['chalvalue'];
|
||
if (strlen($F_chalvalue)) {
|
||
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('count(*) as count', 'tx_felogin_challenge', 'challenge='.$GLOBALS['TYPO3_DB']->fullQuoteStr($F_chalvalue, 'tx_felogin_challenge'));
|
||
$row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res);
|
||
$cnt = $row['count'];
|
||
// If we don't find this challenge in the database it's invalid
|
||
if (!$cnt) {
|
||
if ($this->writeDevLog) t3lib_div::devLog('Table stored superchallenge-Code did not match submitted challenge "'.$loginData['chalvalue'].'" , so authentication failed!', 't3lib_userAuth', 2);
|
||
$this->logoff();
|
||
return FALSE;
|
||
} else {
|
||
$GLOBALS['TYPO3_DB']->exec_DELETEquery('tx_felogin_challenge', 'challenge='.$GLOBALS['TYPO3_DB']->fullQuoteStr($F_chalvalue, 'tx_felogin_challenge'));
|
||
}
|
||
}
|
||
else {
|
||
if ($this->writeDevLog) t3lib_div::devLog('No chalvalue found, so authentication failed!', 't3lib_userAuth', 2);
|
||
$this->logoff();
|
||
return FALSE;
|
||
}
|
||
case 'challenged':
|
||
// Check challenge stored in cookie:
|
- « Previous
- 1
- 2
- 3
- Next »