Commit 4cc6bd5c authored by Marc Egger's avatar Marc Egger
Browse files

Password.php: fix password hashing and add password checking

parent cec9014c
Pipeline #1493 passed with stage
in 2 minutes and 5 seconds
...@@ -26,25 +26,47 @@ class Password { ...@@ -26,25 +26,47 @@ class Password {
* @return string * @return string
*/ */
public function getHash($newPassword) { public function getHash($newPassword) {
// Use md5 as fallback
$password = md5($newPassword);
// $dataHandler = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Core\DataHandling\DataHandler::class);
//$dataHandler->start([], $cmd);
//$dataHandler->process_cmdmap();
if (!isset($GLOBALS['TSFE'])) {
//TODO: Get absolute 'path' via QFQ config
require __DIR__ . '/../../../../../../typo3_src/vendor/autoload.php';
}
$saltedPassword = md5($newPassword); // Use md5 as fallback
$this->t3AutoloadIfNotRunning();
if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) { if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) {
$objSalt = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL); $objSalt = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL);
if (is_object($objSalt)) { if (is_object($objSalt)) {
$password = $objSalt->getHashedPassword($password); $saltedPassword = $objSalt->getHashedPassword($newPassword);
}
}
return $saltedPassword;
}
/**
* Based on https://docs.typo3.org/typo3cms/extensions/saltedpasswords/8.7/DevelopersGuide/Index.html
* Check if the salted password corresponds to the password.
*
* @param string $saltedPassword
* @param string $password
* @return bool
*/
public function checkPassword($saltedPassword, $password) {
$this->t3AutoloadIfNotRunning();
$success = FALSE;
if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) {
$objSalt2 = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($saltedPassword);
if (is_object($objSalt2)) {
$success = $objSalt2->checkPassword($password, $saltedPassword);
} }
} }
return $success;
}
/**
* Load Typo3 autoloader if Typo3 is not instantiated
*/
public function t3AutoloadIfNotRunning() {
return $password; if (!isset($GLOBALS['TSFE'])) {
//TODO: Get absolute 'path' via QFQ config
require __DIR__ . '/../../../../../../typo3_src/vendor/autoload.php';
}
} }
} }
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment