74 trigger_error(
'SaltedPasswordService will be removed in TYPO3 v10.0.', E_USER_DEPRECATED);
82 public function init()
97 public function compareUident(array $user, array $loginData, $passwordCompareStrategy =
'')
100 $password = $loginData[
'uident_text'];
105 if (is_object($this->objInstanceSaltedPW)) {
106 $validPasswd = $this->objInstanceSaltedPW->checkPassword($password, $user[
'password']);
110 $this->authenticationFailed =
true;
115 if ($validPasswd && get_class($this->objInstanceSaltedPW) !== $defaultHashingClassName && !is_subclass_of($this->objInstanceSaltedPW, $defaultHashingClassName)) {
119 $this->
updatePassword((
int)$user[
'uid'], [
'password' => $this->objInstanceSaltedPW->getHashedPassword($password)]);
121 if ($validPasswd && !$skip && $this->objInstanceSaltedPW->isHashUpdateNeeded($user[
'password'])) {
122 $this->
updatePassword((
int)$user[
'uid'], [
'password' => $this->objInstanceSaltedPW->getHashedPassword($password)]);
126 $hashingMethod = substr($user[
'password'], 0, 2);
127 if ($hashingMethod ===
'M$') {
134 $validPasswd = $this->objInstanceSaltedPW->checkPassword(md5($password), substr($user[
'password'], 1));
138 $this->authenticationFailed =
true;
146 $this->
updatePassword((
int)$user[
'uid'], [
'password' => $this->objInstanceSaltedPW->getHashedPassword($password)]);
168 if ((
string)$this->login[
'uident_text'] !==
'' && (
string)$this->login[
'uname'] !==
'') {
172 $errorMessage =
'Login-attempt from ###IP###, username \'%s\', password not accepted!';
174 if ($this->authenticationFailed) {
175 $this->
writeLogMessage(TYPO3_MODE .
' Authentication failed - wrong password for username \'%s\'', $this->login[
'uname']);
180 $this->
writelog(255, 3, 3, 1, $errorMessage, [
181 $this->login[
'uname']
183 $this->logger->info(sprintf($errorMessage, $this->login[
'uname']));
184 } elseif ($validPasswd && $user[
'lockToDomain'] && strcasecmp($user[
'lockToDomain'], $this->authInfo[
'HTTP_HOST'])) {
186 $errorMessage =
'Login-attempt from ###IP###, username \'%s\', locked domain \'%s\' did not match \'%s\'!';
187 $this->
writeLogMessage($errorMessage, $user[$this->db_user[
'username_column']], $user[
'lockToDomain'], $this->authInfo[
'HTTP_HOST']);
188 $this->
writelog(255, 3, 3, 1, $errorMessage, [
189 $user[$this->db_user[
'username_column']],
190 $user[
'lockToDomain'],
191 $this->authInfo[
'HTTP_HOST']
193 $this->logger->info(sprintf($errorMessage, $user[$this->db_user[
'username_column']], $user[
'lockToDomain'], $this->authInfo[
'HTTP_HOST']));
195 } elseif ($validPasswd) {
196 $this->
writeLogMessage(TYPO3_MODE .
' Authentication successful for username \'%s\'', $this->login[
'uname']);
211 $connection = GeneralUtility::makeInstance(ConnectionPool::class)
212 ->getConnectionForTable($this->pObj->user_table);
215 $this->pObj->user_table,
220 $this->logger->notice(
'Automatic password update for user record in ' . $this->pObj->user_table .
' with uid ' . $uid);
237 if (!empty($params)) {
238 $message = vsprintf($message, $params);
240 if (TYPO3_MODE ===
'FE') {
242 $timeTracker = GeneralUtility::makeInstance(TimeTracker::class);
243 $timeTracker->setTSlogMessage($message);
245 $this->logger->notice($message);