All page names need to be in English.
en da  de  fr  it  ja  km  nl  ru  zh


From TYPO3Wiki
Jump to: navigation, search

<< Back to the Newloginbox page

notice - This information is outdated

This extension is obsolete. See Newloginbox.

On this page you can add wishes for new features in Newloginbox. You can also see what is happening to them and if they have been finished!


For already fulfilled wishes see ChangeLog. For the "stay logged in" feature you will also need core_permalogin (until Typo3 4.1 is released).

  • Use modern XML language files instead of old locallang.php
  • Possibility to force password change after a certain (configurable) time
  • Allow translation of "Password", "Username", "Forgot your password", etc. directly from the plug-in GUI as for the WELCOME, LOGOUT, etc. messages
  • Allow Templavoilà templating
  • Add config'able FE user storage page also via flexform (Bugtracker)
  • Configure display fields and pidList of user list via typoscript (Bugtracker)
  • Security enhancement (Bugtracker)
  • Add form fields or something else via TS (Bugtracker)
  • Separate user listing and login into two different extensions (if the Party Information Framework will contain a user listing, it is removed out of newloginbox) {What is the reason for this wish?}
  • Select FE user group(s) to display in user list (Bugtracker)
  • Add a template for login failures
  • add free Marker via Typoscript (so i could add an typolink to an edit page of that user)
  • add option "renderWithoutBaseClass"

Multiple PIDs

There is a need to access multiple pids for login verification. We plan to integrate support for multiple-pids in the future, but currently you have to use this work-around:

  • Open (typo3conf)/ext/newloginbox/res/newloginbox_00.html
  • Replace ###STORAGE_PID### on the lines 117 and 163 with a comma-separated list of the pids of the user-storage-folders. These lines will then read i.e. "<input type="hidden" name="pid" value="2,3" />".
  • Save these changes and it should work. The different places to set the pid (typoscript and others) now don't have any effect.
  • These changes don't have any effect on the userlisting-plugin.

Redirect features

We would like to have more redirect features like:

  • Integrating functionality of extension bzb_newloginbox_redirect (Bugtracker)
  • Add the ability to set a pid for logout (Bugtracker)

Right now we are working on some of these. Stefan is thinking of a concept, something like this:

if     (an page id is sent with the URL)    {goto that page after login}
elseif (FEuser has his own startpage set)   {goto that page}
elseif (user's FEgroup has a startpage set) {goto that page}
elseif (web site has a startpage set)       {goto that page}
else    {stay on the login page}

In october he wrote:

> I'm thinking about a flexible way of redirecting which makes it 
> easy to add more components and makes it possible to switch on 
> or off each if-statement and re-arrange the order of checking them. 

There should also be a feature to redirect after logout...

More redirect issues

There are also a problem with this redirect behaviour to solve:

  • If a page is not accessible because of frontend-user-rights, the rootline is searched upwards for the first accessible page.
  • The original requested page-id is stored but not communicated to the new page so there is no base for a redirect. The only hint is the http_referrer. If you define in the allowed domains for redirecting, after login the user is redirected to http_referrer.

In detail:

  • A visitor is requesting an access-restricted page.
  • index.php calls typo3/sysext/cms/tslib/index_ts.php
  • On the lines 319 331 of index_ts.php determineId() is called
  • determineId() calls fetch_the_id() (750,770,784 in class.tslib_fe.php)
  • fetch_the_id() now stores on line 872 (same class) the original requested id in a local variable $requestedId which is not used anymore further.
  • on line 873 an accessible page is searched: getPageAndRootLineWithDomain() > getPageAndRootLine() on lines 912ff.
    If the requested page-id is not accessible with the current user-rights the rootline is being searched upwards until an accessible page is found and the requested page-id is overwritten with that page.
  • As far as I see the page that is effectively called does not "know" about the original requested page - which does not make sense in every case, i.e. the requested page is a shortcut. The only hint is the http_referrer. If you define in the allowed domains for redirecting, after login the user is redirected to http_referrer.