First implementation. Does not work with T3 7.6. Unknown if it works with 8.x

96eb34b9 · Carsten Rose · 58852778 · 96eb34b9 · 96eb34b9 · 96eb34b9
Commit 96eb34b9 authored 6 years ago by Carsten Rose
--- a/extension/Source/core/Constants.php
+++ b/extension/Source/core/Constants.php
@@ -712,6 +712,7 @@ const TOKEN_ESCAPE_COLON = 'C';
 const TOKEN_ESCAPE_LDAP_FILTER = 'l';
 const TOKEN_ESCAPE_LDAP_DN = 'L';
 const TOKEN_ESCAPE_MYSQL = 'm';
+const TOKEN_ESCAPE_PASSWORD_T3FE = 'p';
 const TOKEN_ESCAPE_NONE = '-';
 // Workaround for PHP < 5.6.0

--- a/extension/Source/core/Evaluate.php
+++ b/extension/Source/core/Evaluate.php
@@ -12,6 +12,7 @@ use qfq;
 require_once(__DIR__ . '/../core/store/Store.php');
 require_once(__DIR__ . '/../core/database/Database.php');
+require_once(__DIR__ . '/../core/typo3/FePassword.php');
 require_once(__DIR__ . '/helper/Support.php');
 require_once(__DIR__ . '/helper/OnString.php');
 require_once(__DIR__ . '/helper/KeyValueStringParser.php');
@@ -390,6 +391,10 @@ class Evaluate {
                        break;
                    case TOKEN_ESCAPE_NONE: // do nothing
                        break;
+                    case TOKEN_ESCAPE_PASSWORD_T3FE:
+                        $fePassword = new FePassword();
+                        $value = $fePassword->getHash($value);
+                        break;
                    default:
                        throw new UserFormException("Unknown escape qualifier: $escape", UNKNOWN_TYPE);
                        break;

--- a/extension/Source/core/exceptions/ErrorHandler.php
+++ b/extension/Source/core/exceptions/ErrorHandler.php
@@ -37,6 +37,10 @@ class ErrorHandler {
        $store = Store::getInstance();
        if($store->getVar(SYSTEM_THROW_GENERAL_ERROR, STORE_SYSTEM) == 'yes'){
+            // Check if the error happens inside TYPO3 - don't care.
+//            if(strpos($file,'/typo3_src')){
+//                return false;
+//            }
            // Do not show too much to the user. E.g. 'ldap_bind()' might have problems, but the user should not see the
            // file and line number. Often the filename is part of the message >> don't show the message to the user.
            throw new CodeException(json_encode(

--- a/extension/Source/core/typo3/FePassword.php
+++ b/extension/Source/core/typo3/FePassword.php
+<?php
+/**
+ * Created by PhpStorm.
+ * User: crose
+ * Date: 2/1/19
+ * Time: 10:31 PM
+ */
+namespace qfq;
+use TYPO3\CMS\Saltedpasswords\Salt\SaltFactory;
+use TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility;
+use qfq;
+/**
+ * Class FePassword
+ * @package qfq
+ */
+class FePassword {
+    /**
+     * Based on https://github.com/derhansen/fe_change_pwd/blob/master/Classes/Service/FrontendUserService.php
+     * @param string $newPassword
+     * @return string
+     */
+    public function getHash($newPassword) {
+        // Use md5 as fallback
+        $password = md5($newPassword);
+        // If salted passwords is enabled, salt the new password
+        if (SaltedPasswordsUtility::isUsageEnabled('FE')) {
+            $objSalt = SaltFactory::getSaltingInstance(null);
+            if (is_object($objSalt)) {
+                $password = $objSalt->getHashedPassword($newPassword);
+            }
+        }
+        $userTable = $GLOBALS['TSFE']->fe_user()->user_table;
+        $userUid = $GLOBALS['TSFE']->fe_user()->user['uid'];
+        return $password;
+//        $sql = "UPDATE $userTable SET password=? WHERE uid=?"  $password $uid
+    }
+}
\ No newline at end of file