Skip to content
This repository was archived by the owner on Sep 13, 2022. It is now read-only.

Login & automatic membership system#108

Closed
mfaalk wants to merge 40 commits into
Glennmen:developfrom
mfaalk:loginBranch
Closed

Login & automatic membership system#108
mfaalk wants to merge 40 commits into
Glennmen:developfrom
mfaalk:loginBranch

Conversation

@mfaalk

@mfaalk mfaalk commented Mar 26, 2018

Copy link
Copy Markdown
Contributor

MOVED TO PR #109

Comment thread login.php
$passwordErr = '';
$password = $_POST["password"];

if (strlen($_POST["password"]) <= '5') {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesnt make sense. Says Less than or equal to 5 and the error says 8?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Solved. Forgot to update the error message. Min character set to 6.

Comment thread pre-index.php Outdated
<center>
<button class="settings"
onclick="document.location.href='logout.php'">
<i class="fa" aria-hidden="true"></i> Logout

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs to be translatable

Comment thread pre-index.php Outdated

echo $_SESSION['user']->email . "<br>";
if ($_SESSION['user']->expire_timestamp > time()) {
echo "<span style='color: green;'>Account expires on {$time}</span>";

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs to be translatable

Comment thread pre-index.php Outdated
if ($_SESSION['user']->expire_timestamp > time()) {
echo "<span style='color: green;'>Account expires on {$time}</span>";
} else {
echo "<span style='color: green;'>Account expired on {$time}</span>";

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs to be translatable

@hammydown4325 hammydown4325 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Initial Review. More to come

Comment thread login.php Outdated
} elseif (!preg_match("#[A-Z]#", $password)) {
$passwordErr = "<b>Your password must contain at least 1 capital letter!</b><br>";
} elseif (!preg_match("#[a-z]#", $password)) {
$passwordErr = "<b>Your password must contain at least 1 lowercase letter!</b><br>";

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs to be translatable

Comment thread login.php Outdated
} elseif (!preg_match("#[0-9]#", $password)) {
$passwordErr = "<b>Your password must contain at least 1 number!</b><br>";
} elseif (!preg_match("#[A-Z]#", $password)) {
$passwordErr = "<b>Your password must contain at least 1 capital letter!</b><br>";

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs to be translatable

Comment thread login.php Outdated
$password = $_POST["password"];

if (strlen($_POST["password"]) <= '5') {
$passwordErr = "<b>Your password must contain at least 8 characters!</b><br>";

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs to be translatable

Comment thread login.php Outdated
if (strlen($_POST["password"]) <= '5') {
$passwordErr = "<b>Your password must contain at least 8 characters!</b><br>";
} elseif (!preg_match("#[0-9]#", $password)) {
$passwordErr = "<b>Your password must contain at least 1 number!</b><br>";

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs to be translatable

Comment thread login.php Outdated
$passwordErr = "<b>Your password must contain at least 1 lowercase letter!</b><br>";
}
} else {
$passwordErr = "<b>Your passwords didn't match!</b><br>";

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs to be translatable

Comment thread login.php Outdated
die();
}
} else {
echo "Incorrect username or password.";

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs to be translatable

Comment thread login.php Outdated
<form action='' method='POST'>
<table>
<tr>
<th>New password</th><td><input type="password" name="password" required></td>

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs to be translatable

Comment thread login.php Outdated
<th>New password</th><td><input type="password" name="password" required></td>
</tr>
<tr>
<th>Confirm password</th><td><input type="password" name="repassword" required></td>

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs to be translatable

Comment thread login.php Outdated
<form action='' method='POST'>
<table>
<tr>
<th>E-mail</th><td><input type="text" name="email" required></td>

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs to be translatable

Comment thread login.php Outdated
<th>E-mail</th><td><input type="text" name="email" required></td>
</tr>
<tr>
<th>Password</th><td><input type="password" name="password" required></td>

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs to be translatable

@Glennmen

Copy link
Copy Markdown
Owner

I see you are using SHA1, wouldn't it be better to use something more secure?

@mfaalk

mfaalk commented Mar 27, 2018

Copy link
Copy Markdown
Contributor Author

Sure. I haven't done much web development in a couple of years so I just did a quick google search and found sha1.
password_hash may be more interesting?

Also, I haven't added anything for sql injections, I figured the framework would take care of that?

@Glennmen

Copy link
Copy Markdown
Owner

@mfaalk PHP docs have lots of info: http://php.net/manual/en/function.password-hash.php

You mean the Medoo framework? If you use the prepared statements then it should.

@mfaalk

mfaalk commented Apr 4, 2018

Copy link
Copy Markdown
Contributor Author

I messed up.
Opening a second PR.

@mfaalk mfaalk closed this Apr 4, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants