Login form with Extbase and rsa_auth / salted_passwords

Implementing a login form in TYPO3 is somehow rather easy. You just put up a form, send username and password to any page with certain names for the input fields and basically you are done.

Things become more complicated when you start using rsa_auth and salted passwords. For my project, this was a requirement so I started investigating how rsa_auth hooks into fe_login and reimplemented the mechanism using Extbase.

I assume you have salted passwords and rsa_auth up and running. These slides give you a nice introduction on how to install and configure those extensions: http://www.slideshare.net/StephenKing/secure-password-storing-with-saltedpasswords-in-typo3

As rsa_auth provides some additional information whenever a user tries to log in, first of all, we have to get those values and some lines of JavaScript into our login form. I therefore implemented my own LoginController and added an Action "showLoginForm":

/**
 * Renders login form for SV
 */
public function showLoginFormAction() {
	if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'])) {
		$_params = array();
		foreach($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'] as $funcRef) {
			list($onSub, $hid) = t3lib_div::callUserFunction($funcRef, $_params, $this);
			$onSubmitAr[] = $onSub;
			$extraHiddenAr[] = $hid;
		}
	}

	if (count($onSubmitAr)) {
		$onSubmit = implode('; ', $onSubmitAr).'; return true;';
	}

	if (count($extraHiddenAr)) {
		$extraHidden = implode(LF, $extraHiddenAr);
	}

	$this->view->assign('onSubmit', $onSubmit);
	$this->view->assign('extraHidden', $extraHidden);
	$this->view->assign('currentPid', t3lib_div::_GP('id'));
}

So what's happening here? We can register some hooks that provide additional hidden fields and onSubmit actions for our login forms. rsa_auth offers one of these hooks which we collect in our for-loop. After that those values are passed to our login form template:

<form class="form-horizontal"
	  action="{f:uri.action(controller:settings.loginRedirectController, action:settings.loginRedirectAction)}"
	  method="post" onsubmit="{onSubmit}">
	<fieldset>
		<legend>Zur Schulungsverwaltung anmelden</legend>
		<ptextbase:flashMessages renderMode="div"
								 messageCssClasses="{0: 'alert alert-success', 1: 'alert alert-warning', 2: 'alert alert-error'}"/>
		<div class="control-group">
			<label class="control-label" for="user">Benutzername:</label>

			<div class="controls">
				<input type="text" id="user" name="user" value=""/>
			</div>
		</div>
		<div class="control-group">
			<label class="control-label" for="pass">Passwort:</label>

			<div class="controls">
				<input type="password" id="pass" name="pass" value=""/>
			</div>
		</div>
		<div class="form-actions">
			<input class="btn btn-primary" type="submit" name="submit" value="Anmelden"/>
		</div>

		<div class="felogin-hidden">
			<input type="hidden" name="logintype" value="login"/>
			<input type="hidden" name="id" value="{currentPid}"/>
			<input type="hidden" name="redirect_url" value=""/>
			<input type="hidden" name="pid" value="{settings.feUsersPid}"/>
			<f:format.html parseFuncTSPath="">{extraHidden}</f:format.html>
		</div>
	</fieldset>
</form>

Adding some styling, your form can look like this:


 
Inhalt © Michael Knoll 2009-2017  •  Powered by TYPO3  •  TypoScript Blogging by Fabrizio Branca  •  TYPO3 Photo Gallery Management by yag  •  Impressum