Bug #22018
closed
reset password form ignores usage of kb_md5fepw
0%
Description
I'm using md5 encrypted passwords with kb_md5fepw and Typo3 4.3.1.
While resetting the password via frontend form the new passwords are saved NOT md5 encrypted in the database but in clear text.
This way a front user is blocked out completely.
According to a German forum thread the cause could be a missing marker ###ON_SUBMIT### in the tmplate part CHANGEPASSWORD_FORM.
http://www.typo3.net/forum/list/list_post//95631/
regards
Akali Heiko Hänsge
(issue imported from #M13352)
Updated by Matthew Kennewell about 14 years ago
Hi,
I just saw this bug report after submitting similar bug over here http://bugs.typo3.org/view.php?id=14101
In my bug report i suggest a quick fix for now and suggestions on how to resolve long term.
Updated by Jigal van Hemert over 12 years ago
- Status changed from New to Closed
- Target version deleted (
0) - TYPO3 Version set to 4.3
The hook $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] can be used by extensions to manipulate the password before it's stored. This is already used by saltedpasswords, etc.