Web applications often need user accounts to be able to authorize users. TYPO3 for example needs backend users which are stored in the be_users database table. Each application usually has its own user accounts and authorization schemes. But maintaining multiple accounts of the same user for each web application is a pain and should be avoided. Apache can deal with that situation by shipping plenty of authentication modules. Have a look at a little demonstration of mod_auth_mysql.
Password recovery for frontend users before TYPO3 4.3 was poor and insecure. Passwords were sent by e-mail in plain text, the recovery form could be abused and revealed private information to public. While implementing the felogin sysext for a community website, I surprisingly found some fundamental changes in the recovery method in TYPO3 4.3.
A frequently used feature of TypoScript is stdWrap. It provides many functions and wrappers to parse your data. It serves as a multipurpose parsing suite with helpers of any kind. dataWrap is one of the most powerful among them, but it's also one of the most tricky ones. Read on for a little demonstration on how to add security to your TypoScript by applying the stdWrap function "htmlSpecialChars" to data in dataWrap...
The average number of requests on www.t3node.com is growing more and more. Since the website is hosted on a tiny virtual machine shared with others, the overall server performance is bad. Today I decided to serve pages from file cache to reduce the load. This little case study describes the problem by example and gives some key data for illustration.
Whenever you are using GET/POST parameters in SQL queries, you have to face the risk of running into SQL injection. The golden rule here is not to trust user parameters, but always properly check and escape values. This article introduces a TYPO3 extension, which helps to sanitize parameters by extending TypoScript stdWrap. PLEASE ALSO READ THE COMMENTS ON THIS ARTICLE FOR UPDATES IN THE TYPO3 CORE TO TACKLE THIS ISSUE!
The comment form of this blog was broken the last two days. The reason was that I disabled the no_cache parameter in the install tool. It seems the ve_guestbook extension somehow relies on this parameter. The comments are now working properly again. Sorry for the inconvenience.
There's a new type of wizard in the TYPO3 core called "suggest", which has been added to TCA with 4.3beta-1. This wizard adds a magic input field for autocompletion to fields of type "group" or "select", also called find-as-you-type. It helps to quickly find a record by typing its name/title in the suggest field, getting an AJAX dropdown list with all possible results. This article demonstrates how to implement this wizard in your TYPO3 extension.
When editing a page in the TYPO3 backend, there's a whole bunch of save buttons available. The "save document and view page" button allows to save the content and open a preview popup with one click. Unfortunately this does only work for regular pages and content elements, but not for database records of extensions which are stored inside sysfolders. The following tutorial describes a way to get that button also running for those records.
The most accessible way to configure a plugin in TYPO3 is using a custom content element build with FlexForms. It provides forms of all kinds for any BE user. FlexForms adapt most of the features of the TCA, but unfortunately the documentation on FlexForms is rather poor. The following article tries to demonstrate the configuration of a TYPO3 FlexForm in order to get some forms which dynamically change their fields on user interaction.