Project

General

Profile

Actions

Bug #14939

closed

auth services lack correct fallback

Added by old_fholzke over 19 years ago. Updated over 18 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
-
Target version:
-
Start date:
2005-08-23
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
3.8.0
PHP Version:
4
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

First I tried demo auth service with (an already user/password configured) typo3 3.8 and I could not login any more. Error analysis turned out: In normal backend login (without superchallenged) somewhere the md5 value for comparison with the saved value in the database is calculated, but the challenge string is needed nevertheless. Otherwise typo3 password check will break where session challenge is compared to current challenge (which is empty). The diff presented in additional information fixed it.

--- index.php.orig 2005-05-23 02:41:18.000000000 0200
++ index.php 2005-08-20 12:49:20.000000000 0200
@ -200,8 +200,8 @
';
} elseif ($this->loginSecurityLevel == 'normal') {
$TBE_TEMPLATE->form = '
- <form action="index.php" method="post" name="loginform" onsubmit="document.loginform.userident.value=document.loginform.p_field.value;document.loginform.p_field.value=\'\';document.loginform.challenge.value=\'\';return true;">
- ';
<form action="index.php" method="post" name="loginform" nsubmit="document.loginform.userident.value=document.loginform.p_field.value;document.loginform.p_field.value=\'\';return true;">
+ ';
} else { // if ($this->loginSecurityLevel == 'superchallenged') {
$TBE_TEMPLATE->form = '
<form action="index.php" method="post" name="loginform" onsubmit="doChallengeResponse(1);">

(issue imported from #M1398)

Actions

Also available in: Atom PDF