Bug #62194: Login a FE User with PHP not possible any more in TYPO3 6.2.5 - Core - TYPO3 Forge

Core Indexed Search Linkvalidator Release Cycles Team Resources Workspaces & Versioning TYPO3 CMS Usability Team Community Extensions Distributions Feature-Requests TYPO3 6.2 Projects (+)(Archived Projects)

Bug #62194

Login a FE User with PHP not possible any more in TYPO3 6.2.5

Added by Alex Kellner 10 months ago. Updated 19 days ago.

Status:

Closed

Start date:

2014-10-13

Priority:

Should have

Due date:

Assigned To:

% Done:

Category:

Spent time:

Target version:

TYPO3 Version:

6.2

Is Regression:

PHP Version:

Sprint Focus:

Complexity:

Description

Related to Ticket #60264

In TYPO3 <= 6.2.4 it was possible to login a FE User via userFunc or in a controller with:

$GLOBALS['TSFE']->fe_user->checkPid = '';
$info = $GLOBALS['TSFE']->fe_user->getAuthInfoArray();
$user = $GLOBALS['TSFE']->fe_user->fetchUserRecord($info['db_user'], $username);
$GLOBALS['TSFE']->fe_user->createUserSession($user);
$GLOBALS['TSFE']->fe_user->user = $GLOBALS['TSFE']->fe_user->fetchUserSession();

Now it's not possible any more to login an user because the call of method $this->setSessionCookie(); in createUserSession() (typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php) is missing.

Is this a breaking change?
If your changes are correct, what is the correct way to login a FE User?

Related issues

History

#1 Updated by Thomas Obernberger 10 months ago

I have the same problem

Is there a workaround for this issue?

#2 Updated by Christian Wolfram 10 months ago

I have the same problem

#3 Updated by Benjamin Butschell 10 months ago

Same problem here.

#4 Updated by Thilo Schumann 9 months ago

I am having the same problem and it took me hours to figure it out.

It is also mentioned in the sysext frontend here: https://forge.typo3.org/projects/typo3cms-core/repository/revisions/master/entry/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php#L251

The problem is fixed by adding this call.

#5 Updated by Sebastian Haak 9 months ago

I have the same problem.

Any ideas how to handle it?

#6 Updated by Benedict Burckhart 9 months ago

Here is a really dirty fix for the extensions. But it should work until the bug is resolved.

$reflection = new \ReflectionClass($GLOBALS['TSFE']->fe_user);
$setSessionCookieMethod = $reflection->getMethod('setSessionCookie');
$setSessionCookieMethod->setAccessible(TRUE);
$setSessionCookieMethod->invoke($GLOBALS['TSFE']->fe_user);

Should be called after:

$GLOBALS['TSFE']->fe_user->createUserSession($user);

#7 Updated by Stefan Neufeind 7 months ago

In the comments in gerrit at https://review.typo3.org/31607 it was mentioned:
[...]
Markus mentioned on Slack that adding a dummy value to the session data forces to set a cookie:
$frontEndUser->setKey('ses', 'dummy', TRUE);

#8 Updated by Helmut Hummel 7 months ago

Status changed from New to Needs Feedback

The correct way (API) to authenticate a user is through a login service.
Anything else is working around the API or using internal API, which will cause unexpected behavior.

If someone comes up with a well described use case, I'm happy to help how to do this using the login service API

#9 Updated by Helmut Hummel 7 months ago

If you like to go on with dirty hacks (which might break in the future), this should do the trick:

$GLOBALS['TSFE']->fe_user->checkPid = '';
$info = $GLOBALS['TSFE']->fe_user->getAuthInfoArray();
$user = $GLOBALS['TSFE']->fe_user->fetchUserRecord($info['db_user'], $username);
$GLOBALS['TSFE']->fe_user->forceSetCookie = TRUE;
$GLOBALS['TSFE']->fe_user->createUserSession($user);
$GLOBALS['TSFE']->fe_user->user = $GLOBALS['TSFE']->fe_user->fetchUserSession();

#10 Updated by Alex Kellner 7 months ago

Thx for the information. At my point of view, this ticket can be closed now.

But nevertheless: I did not test it but I found an old blog entry which describes how to use an own auth service, if anyone needs a link:
http://jimsuperfly.de/blog/typo3-auth-service/

#11 Updated by Mirko grothe 7 months ago

My Logic for automatic Login with php.

$info = $GLOBALS['TSFE']->fe_user->getAuthInfoArray();
$user = $GLOBALS['TSFE']->fe_user->fetchUserRecord($info['db_user'],$loginData['uname']);
$login_success = $GLOBALS['TSFE']->fe_user->compareUident($user,$loginData);
if($login_success){
     $userSession = $GLOBALS['TSFE']->fe_user->createUserSession($user);
     $GLOBALS["TSFE"]->fe_user->loginSessionStarted = TRUE;
     $GLOBALS["TSFE"]->fe_user->user = $GLOBALS["TSFE"]->fe_user->fetchUserSession();
     return true;
} else {
    return false;
}

function compareUident ($login_success) return false.
I see the problem in line 1491 ...
../6.2.9/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
Field $logindata['uident_text'] does not exist
is expected the password
changes to the field name in uident everything is ok

#12 Updated by Markus Klein 7 months ago

Hi highly recommend to autologin a user by only creating the session and force a redirect afterwards.
This is the only way the Core will correctly initialize all parts of the system. (Show correct menus etc)

Sample code:

$tsfe = $this->getTypoScriptFrontendController();
$tsfe->fe_user->createUserSession($feUser);
// enforce session so we get a FE cookie, otherwise autologin does not work (TYPO3 6.2.5+)
$tsfe->fe_user->setAndSaveSessionData('dummy', TRUE);
$this->cObj->typolink(
    '',
    [
        'parameter' => 123
    ]
);
$url = $this->cObj->lastTypoLinkUrl;
HttpUtility::redirect($url, HttpUtility::HTTP_STATUS_303);

#13 Updated by Markus Kappe 6 months ago

Can anyone please provide an example to a login service using TYPO3 6.2 (i.e. that makes use of namespaces etc.)?

Thank you

#14 Updated by Markus Klein about 1 month ago

May I close this ticket?

#15 Updated by Alex Kellner about 1 month ago

Ticket is not assigned to anyone. In my opinion you can close it.

#16 Updated by Markus Klein about 1 month ago

Status changed from Needs Feedback to Closed

The login is possible again as described above, so all should be good.

#17 Updated by Dennis Laudenbach 19 days ago

Updated by Markus Kappe 6 months ago
Can anyone please provide an example to a login service using TYPO3 6.2 (i.e. that makes use of namespaces etc.)?

No answer

Updated by Markus Klein about 1 month ago
The login is possible again as described above, so all should be good.

There are serveral ways described above...which one do you mean?

My sample Code:

protected function loginUser($username, $password) {

    $GLOBALS['TSFE']->fe_user->checkPid = '';
    $info = $GLOBALS['TSFE']->fe_user->getAuthInfoArray();
    $user = $GLOBALS['TSFE']->fe_user->fetchUserRecord($info['db_user'], $username);
    $loginData = array('uname' => $username, 'uident' => $password, 'status' => 'login');

    $GLOBALS['TSFE']->fe_user->forceSetCookie = TRUE;
    $GLOBALS['TSFE']->fe_user->createUserSession($user);
    $GLOBALS['TSFE']->fe_user->user = $GLOBALS['TSFE']->fe_user->fetchUserSession();

    $loginSuccess = $GLOBALS['TSFE']->fe_user->compareUident($user, $loginData);

    \TYPO3\CMS\Extbase\Utility\DebuggerUtility::var_dump($loginSuccess);
    die('login');
}

Dumps "False" in TYPO3 6.2.12

So could you please post a tested example before you close the ticket?

Thank you!

#18 Updated by Markus Klein 19 days ago

See my example https://forge.typo3.org/issues/62194#note-12

Also available in: Atom PDF

Core

Issues

Custom queries

Watchers (10)