[TYPO3-english] felogin on every page?

Discussion:

Martin Bless

13 years ago

Hello friends,

I have an installation which used to have a frontend login form on
every page. Now with TYPO3 4.5.x the sysext 'felogin' comes into play.
And it uses 'rsaauth'.

That probably means that I can't use a static html form element any
more?

How would you proceed?

Do you have a frontend login form on every pages using 'rsaauth'?

... dream a little dream ...

Martin

--
Certified TYPO3 Integrator | TYPO3 Documentation Team Member

http://mbless.de

patrick

13 years ago

Permalink

Hi Martin.

rsaauth will bind on the login hook and on the register hook. So don't worry
about "linking" it to felogin (if you do).

Yes, replace the static form with the felogin pi. (pi=plugin, a site content
item)

You can place a in your site template like ###FELOGIN### and use typoscript to
replace that with the output of the pi from the felogin.

But is that page that small it needs a login on each page? I know of people
using an iframe or an ajax call and cool jquery stuff like fadeIn.

What ever you try: Have fun!

Patrick

...

Martin Bless

13 years ago

Permalink

Hi Patrick,

Post by patrick
Yes, replace the static form with the felogin pi. (pi=plugin, a site content
item)
You can place a in your site template like ###FELOGIN### and use typoscript to
replace that with the output of the pi from the felogin.

probably I wasn't precise enough. The old site indeed DID USE a static
version of the login form. Same static HTML code on every page. Could
have theoretically been in the HTML template.

I guess this is not possible with 'felogin' and 'rsaauth' as the
public key seems to be different each time!?

Martin

--
Certified TYPO3 Integrator | TYPO3 Documentation Team Member

http://mbless.de

Stanislas Rolland

13 years ago

Permalink

Hi Martin,

Post by Martin Bless
Do you have a frontend login form on every pages using 'rsaauth'?

You may review and test this change: https://review.typo3.org/#/c/10485/

Regards,
Stanislas

Martin Bless

13 years ago

Permalink

Hi Stanislas,

Post by Stanislas Rolland

Post by Martin Bless
Do you have a frontend login form on every pages using 'rsaauth'?

You may review and test this change: https://review.typo3.org/#/c/10485/

I wished I could. But that's complicated stuff.

I think if the task ist to have a second login form on the page I
would generate that by Typoscript and have the public key copied from
the original form to my "handmade" form by Javascript.

Cheers ...

Martin

--
Certified TYPO3 Integrator | TYPO3 Documentation Team Member

http://mbless.de

Christian Hennecke

13 years ago

Permalink

Post by Martin Bless
Hello friends,
I have an installation which used to have a frontend login form on
every page. Now with TYPO3 4.5.x the sysext 'felogin' comes into play.
And it uses 'rsaauth'.
That probably means that I can't use a static html form element any
more?
How would you proceed?
Do you have a frontend login form on every pages using 'rsaauth'?

The normal felogin plugin must not be cached. This is not much of a
problem in case of a dedicated login page, but if you really need it on
all pages, you may want to look at the extensions that offer an AJAX
based login. typo3.org uses one that looks quite nice. AFAIK it's not in
the TER yet but available on forge.

Martin Bless

13 years ago

Permalink

Hi Christian,

Post by Christian Hennecke
The normal felogin plugin must not be cached.

Yes indeed, if that's true, that's what I'm concerned about. And
there's quite a bit of code needed:

src="http://...typo3/sysext/rsaauth/resources/jsbn/jsbn.js"
src="http://...typo3/sysext/rsaauth/resources/jsbn/prng4.js"
src="http://...typo3/sysext/rsaauth/resources/jsbn/rng.js"
src="http://...sysext/rsaauth/resources/jsbn/rsa.js"
src="http://...sysext/rsaauth/resources/jsbn/base64.js"
src="http://...typo3/sysext/rsaauth/resources/rsaauth_min.js"
<input type="hidden" id="rsa_n" name="n" value="BECE...98E87" />
<input type="hidden" id="rsa_e" name="e" value="10001" />"

Q: And does that public key change each time the 'felogin' plugin is
run?

Q: Do we have a description somewhere about rsaauth, saltedpasswords
and felogin work together? I'm interested in the principles.

When the login form is submitted it sends 'user=...', 'pass=rsa%3A...'
and 'logintype=login' as post data to TYPO3.

Q: Where in the TYPO3 code (in which class) gets this login decoded
again?

Post by Christian Hennecke
This is not much of a
problem in case of a dedicated login page, but if you really need it on
all pages, you may want to look at the extensions that offer an AJAX
based login. typo3.org uses one that looks quite nice. AFAIK it's not in
the TER yet but available on forge.

That sounds good! Let me see ... Is it this one? Probably. This is
what it claims to do:

"""
Use a separate call to determine if a user is logged in and show the
status on pages throughout your website. Lets you serve a cached
version of a page without USER_INT object to show information of the
current fe_user.

Provides some basic functionality to subscribe users, forgot password,
close account etc.
"""

Wow, cool. Thank you, I think, I'll give that a try.

Martin

--
Certified TYPO3 Integrator | TYPO3 Documentation Team Member

http://mbless.de