Xavier and Peter,
Thanks for your answers. I use the loginbox from the default felogin in TYPO3
4.2.11, combined with kb_md5fepw which adds the superchallenge javascript, and
sr_feuserregister for the registration.
Finding out how to store usernames only in lowercase isn't obvious at all, but,
my luck, we use email addresses as usernames and they happen to be transformed
to lowercase already. To my knowledge, there aren't any Typoscript settings for
this purpose in sr_feuserregister.
To make the login case-insensitive on the email field (which is used as
loginname) was easy after your hints. Just adding .toLowerCase() in
class.tx_kbmd5fepw_newloginbox.php, line 67:
function superchallenge_pass(form) {
var pass = form.pass.value;
if (pass) {
var enc_pass = MD5(pass);
var str =
form.user.value.toLowerCase()+":"+enc_pass+":"+form.challenge.value;
form.pass.value = MD5(str);
return true;
} else {
return false;
}
}
I need to do a few more tests, but it seems to work so far. Thanks again!
Loek
Peter Russ wrote:
--- Original Nachricht ---
Absender: Xavier Perseguers
Datum: 11.02.2010 09:58:
Hi,
I think it would be a great usability improvement to add
case-insensitive usernames as an option. It looks like the actual
username check doesn't happen in the extension felogin (or did I miss
something?). Some pointers for where to look in the code are welcome.
First of all it may depend on client code. I don't know how you
configured your FE login but show source of your BE login form. If you
have superchallenge activated, you'll see this:
function doChallengeResponse(superchallenged) { //
password = document.loginform.p_field.value;
if (password) {
if (superchallenged) {
password = MD5(password); // this makes it
superchallenged!!
}
str =
document.loginform.username.value+":"+password+":"+document.loginform.challenge.value;
document.loginform.userident.value = MD5(str);
document.loginform.p_field.value = "";
return true;
}
}
Meaning the username the user typed will be used to compute a MD5 hash
with the password. If you ever want to have a case-insensitive
username, you'll certainly want to change this code and force
lowercase in the hash computation.
Same thing happens in auth service (search for it in Core) or have a
look at existing extensions that provide authentication services. This
will direct you to where the authentication process is actually taking
place.
it shouldn't be that complicated:
1) When the user register transfer the username to lowercases. Depending
on the extension you are using there should be Typoscript to do that.
2) For existing users just transfer the username using sql statement
3) On the login form add an onchange action for the username field to
change all characters to lower case.
Peter.
_______________________________________________
TYPO3-english mailing list
TYPO3-english@lists.typo3.org
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-english
