Login & automatic membership system#108
Conversation
[WIP] Roadmap 1
Merge latest develop changes into master
| $passwordErr = ''; | ||
| $password = $_POST["password"]; | ||
|
|
||
| if (strlen($_POST["password"]) <= '5') { |
There was a problem hiding this comment.
Doesnt make sense. Says Less than or equal to 5 and the error says 8?
There was a problem hiding this comment.
Solved. Forgot to update the error message. Min character set to 6.
| <center> | ||
| <button class="settings" | ||
| onclick="document.location.href='logout.php'"> | ||
| <i class="fa" aria-hidden="true"></i> Logout |
There was a problem hiding this comment.
Needs to be translatable
|
|
||
| echo $_SESSION['user']->email . "<br>"; | ||
| if ($_SESSION['user']->expire_timestamp > time()) { | ||
| echo "<span style='color: green;'>Account expires on {$time}</span>"; |
There was a problem hiding this comment.
Needs to be translatable
| if ($_SESSION['user']->expire_timestamp > time()) { | ||
| echo "<span style='color: green;'>Account expires on {$time}</span>"; | ||
| } else { | ||
| echo "<span style='color: green;'>Account expired on {$time}</span>"; |
There was a problem hiding this comment.
Needs to be translatable
hammydown4325
left a comment
There was a problem hiding this comment.
Initial Review. More to come
| } elseif (!preg_match("#[A-Z]#", $password)) { | ||
| $passwordErr = "<b>Your password must contain at least 1 capital letter!</b><br>"; | ||
| } elseif (!preg_match("#[a-z]#", $password)) { | ||
| $passwordErr = "<b>Your password must contain at least 1 lowercase letter!</b><br>"; |
There was a problem hiding this comment.
Needs to be translatable
| } elseif (!preg_match("#[0-9]#", $password)) { | ||
| $passwordErr = "<b>Your password must contain at least 1 number!</b><br>"; | ||
| } elseif (!preg_match("#[A-Z]#", $password)) { | ||
| $passwordErr = "<b>Your password must contain at least 1 capital letter!</b><br>"; |
There was a problem hiding this comment.
Needs to be translatable
| $password = $_POST["password"]; | ||
|
|
||
| if (strlen($_POST["password"]) <= '5') { | ||
| $passwordErr = "<b>Your password must contain at least 8 characters!</b><br>"; |
There was a problem hiding this comment.
Needs to be translatable
| if (strlen($_POST["password"]) <= '5') { | ||
| $passwordErr = "<b>Your password must contain at least 8 characters!</b><br>"; | ||
| } elseif (!preg_match("#[0-9]#", $password)) { | ||
| $passwordErr = "<b>Your password must contain at least 1 number!</b><br>"; |
There was a problem hiding this comment.
Needs to be translatable
| $passwordErr = "<b>Your password must contain at least 1 lowercase letter!</b><br>"; | ||
| } | ||
| } else { | ||
| $passwordErr = "<b>Your passwords didn't match!</b><br>"; |
There was a problem hiding this comment.
Needs to be translatable
| die(); | ||
| } | ||
| } else { | ||
| echo "Incorrect username or password."; |
There was a problem hiding this comment.
Needs to be translatable
| <form action='' method='POST'> | ||
| <table> | ||
| <tr> | ||
| <th>New password</th><td><input type="password" name="password" required></td> |
There was a problem hiding this comment.
Needs to be translatable
| <th>New password</th><td><input type="password" name="password" required></td> | ||
| </tr> | ||
| <tr> | ||
| <th>Confirm password</th><td><input type="password" name="repassword" required></td> |
There was a problem hiding this comment.
Needs to be translatable
| <form action='' method='POST'> | ||
| <table> | ||
| <tr> | ||
| <th>E-mail</th><td><input type="text" name="email" required></td> |
There was a problem hiding this comment.
Needs to be translatable
| <th>E-mail</th><td><input type="text" name="email" required></td> | ||
| </tr> | ||
| <tr> | ||
| <th>Password</th><td><input type="password" name="password" required></td> |
There was a problem hiding this comment.
Needs to be translatable
|
I see you are using SHA1, wouldn't it be better to use something more secure? |
|
Sure. I haven't done much web development in a couple of years so I just did a quick google search and found sha1. Also, I haven't added anything for sql injections, I figured the framework would take care of that? |
|
@mfaalk PHP docs have lots of info: http://php.net/manual/en/function.password-hash.php You mean the Medoo framework? If you use the prepared statements then it should. |
|
I messed up. |
MOVED TO PR #109