[TASK] Use a 401 header if login is not successful

If login is not correct, a 401 should be used instead of a 200.

Change-Id: Ia2fa139e89fe19df77bb0530b4fbce502506f524
Resolves: #51803
Releases: 6.2,6.1,6.0,4.5
Reviewed-on: https://review.typo3.org/23649
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
Reviewed-by: Markus Klein
Tested-by: Markus Klein

typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php

@@ -28,6 +28,7 @@ namespace TYPO3\CMS\Core\Authentication;
  ***************************************************************/
 
 use TYPO3\CMS\Core\Utility\GeneralUtility;
+use TYPO3\CMS\Core\Utility\HttpUtility;
 
 /**
  * Authentication of users in TYPO3
@@ -803,10 +804,11 @@ abstract class AbstractUserAuthentication {
 						// strip port from server
 						$server = str_replace($sslPortSuffix, '', $server);
 					}
-					\TYPO3\CMS\Core\Utility\HttpUtility::redirect('http://' . $server . '/' . $address . TYPO3_mainDir . $backendScript);
+					HttpUtility::redirect('http://' . $server . '/' . $address . TYPO3_mainDir . $backendScript);
 				}
 			}
 		} elseif ($activeLogin || count($tempuserArr)) {
+			HttpUtility::setResponseCode(HttpUtility::HTTP_STATUS_401);
 			$this->loginFailure = TRUE;
 			if ($this->writeDevLog && !count($tempuserArr) && $activeLogin) {
 				GeneralUtility::devLog('Login failed: ' . GeneralUtility::arrayToLogString($loginData), 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication', 2);