Bug #70118
closed
Backend Login not successful with correct password
Added by Stefan Froemken about 9 years ago.
Updated about 7 years ago.
Sprint Focus:
Stabilization Sprint
Description
Hello Core-Team,
When I edit some of my be_user properties in list-module, there are some ** in the password field. I think they are a problem, because after saving my be_user record I have a new unworking Hash value in my record.
Stefan Frömken
Muhahaha. After saving my record I can login with 8 * as password
:-)
- Is Regression changed from No to Yes
- Assignee set to Nicole Cordes
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/43572
- Status changed from Under Review to Needs Feedback
Hi Stefan,
can you please give some more information about your set up? I can't verify that wrong data gets submitted. It seems your JavaScript is broken and not executed before the form gets submitted. Can you see any output in your browser console? And which browser are you using?
Thanks for your feedback.
Hello Nicole,
I have two TYPO3 instances. One with many activated extensions and one without any foreign extension.
I have the problem in Google Chrome and in FireFox.
I don't have OpenId Extension activated.
I don't have any JavaScript Errors either in FF and Chrome.
Xdebug told me that 8 stars are in request POST.
BUT: Following seems to happen in slooooow motion:
- I click on save icon
- after ~0.5 seconds the stars in password field hides. So I see an empty password field
- The other form fields are still filled
- Some milliseconds further the page reloads
- I see the edit form again
Maybe the JavaScript to clear the field was called to late. But that is only an idea.
Tell me where I can find the script to clear this field and I will try to debug it.
Stefan
I'm working with current master 7.5-dev
Stefans-MBP:typo3_src stefan$ git log -3
commit e325d476176c2f3f0307faccb35efec361bcb494
- Status changed from Needs Feedback to Accepted
verified, the problem exists and can be reproduced by editing any be_users record, while not touching the password field. Changing any other field and saving the data leads to a changed PW containing only asteriks.
Jepp. I can confirm this issue. List view -> show Table -> show password column -> click on the pencil -> change on password -> save
All other passwords are now ** (eight asterisks)
the same is by the way true for Frontend User Records, and so it will be for every password field around, that has renderType 'rsaInput' defined.
- Status changed from Accepted to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/43581
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/43581
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
- Status changed from Resolved to Closed
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by