TYPO3 Core

First I tried demo auth service with (an already user/password configured) typo3 3.8 and I could not login any more. Error analysis turned out: In normal backend login (without superchallenged) somewhere the md5 value for comparison with the saved value in the database is calculated, but the challenge string is needed nevertheless. Otherwise typo3 password check will break where session challenge is compared to current challenge (which is empty). The diff presented in additional information fixed it.

--- index.php.orig 2005-05-23 02:41:18.000000000 0200
++ index.php 2005-08-20 12:49:20.000000000 0200
@ -200,8 +200,8 @
';
} elseif ($this->loginSecurityLevel == 'normal') {
$TBE_TEMPLATE->form = '
- <form action="index.php" method="post" name="loginform" onsubmit="document.loginform.userident.value=document.loginform.p_field.value;document.loginform.p_field.value=\'\';document.loginform.challenge.value=\'\';return true;">
- ';
<form action="index.php" method="post" name="loginform" nsubmit="document.loginform.userident.value=document.loginform.p_field.value;document.loginform.p_field.value=\'\';return true;">
+ ';
} else { // if ($this->loginSecurityLevel == 'superchallenged') {
$TBE_TEMPLATE->form = '
<form action="index.php" method="post" name="loginform" onsubmit="doChallengeResponse(1);">

(issue imported from #M1398)