Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Re: How to compare passwords in TXP?
Gocom wrote:
Dev branch uses phpass as of today.
Sorry, I do not understand your answer = (
Can you read more?
I did not speak English at an appropriate level.
Offline
#14 2011-03-22 21:52:58
- net-carver
- Archived Plugin Author
- Registered: 2006-03-08
- Posts: 1,648
Re: How to compare passwords in TXP?
skrishi wrote:
Sorry, I do not understand your answer = (
Can you read more?
It means that TXP now has a robust hashing scheme that is actually well matched to the job of storing password hashes.
You can read more at http://www.openwall.com/phpass/
— Steve
Offline
Re: How to compare passwords in TXP?
net-carver wrote:
It means that TXP now has a robust hashing scheme that is actually well matched to the job of storing password hashes.
You can read more at http://www.openwall.com/phpass/
So now there is hashing the password does not depend on the version of mysql?
Offline
#16 2011-03-22 22:02:23
- net-carver
- Archived Plugin Author
- Registered: 2006-03-08
- Posts: 1,648
Re: How to compare passwords in TXP?
From the next released version of TXP, or from any version of TXP you now pull from SVN, yes.
Edited to add: That’s only one of the advantages of using PHPass, there are others that are more important (in my view), but removing dependencies on MySQL hashing functions is definitely a worthwhile plus.
Last edited by net-carver (2011-03-22 22:06:02)
— Steve
Offline
Re: How to compare passwords in TXP?
Thank you.
Offline
Re: How to compare passwords in TXP?
net-carver wrote:
That’s only one of the advantages of using PHPass, there are others that are more important (in my view), but removing dependencies on MySQL hashing functions is definitely a worthwhile plus.
What are the other, more important advantages?
Offline
Re: How to compare passwords in TXP?
I made a plugin, I would like to know your opinion.
I open a new thread, or here in its place? And in what section to open?
And as a code to show? Print this right here, or better yet a link to the page?
Thanks in advance.
Offline
Re: How to compare passwords in TXP?
skrishi wrote:
I made a plugin, I would like to know your opinion.
Cool. What three-letter prefix have you chosen for your plugin and all its functions / global variables / class names / etc? I’ll add it to the reserved list in the wiki.
I open a new thread, or here in its place? And in what section to open?
Normally you open a topic in the Plugin Author Support forum but you probably don’t have access yet. Some kind soul will grant you access (I’ve never done it and I’m just about to go to bed, sorry).
And as a code to show? Print this right here, or better yet a link to the page?
Did you make the plugin using the raw template or the plugin composer? Either way it’s usually best to host the resulting .txt file (and/or gzipped .txt file) on your own site and add an entry over at textpattern.org that contains the details and download link. You can register yourself an account I think. There’s an optional link for a Forum Thread URL which directs people here so they can discuss the plugin.
Hope that helps.
The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.
Txp Builders – finely-crafted code, design and Txp
Offline
Re: How to compare passwords in TXP?
I think it’s too early to talk about full-fledged plugin. He was to have only three tags that you can either insert or not insert.
Only the Russian language. And with my English, it is unlikely I’ll make a good English version.
I would like that to experienced users and plugin authors, have looked the code for vulnerabilities, security bugs.
If it really looks like a plugin, I can make a theme …
Offline
Re: How to compare passwords in TXP?
Security:
If this is a public interface, you’re now offering a way to try username/password combinations that is only limited by the amount of page requests your website can handle (brute force attack).
Use proper mime-encoding when sending email, since you’re using characters outside 7-bit us-ascii.
You’re not imposing any limits or restrictions on the passwords entered.
You’re doSlashing ‘$name’ twice. Once is enough.
Style:
Instead of multiple “if empty” constructs which all lead to the same result”, combine them into one (makes the code easier to read):
if (!empty($pass) and !empty($cpass) and !empty($oldpass))
{
return gvv_gTxt('password_all_back');
}
And then continue with other if constructs. You don’t need “else” here, because the “return” gets you out of the function anyway.
Replace ‘acaunt’ with ‘account’.
Make the forms more flexible instead of hardcoding them (if this is a plugin that will be released to the public).
Offline
Re: How to compare passwords in TXP?
Thank you for your opinion. I’ll work on it.
ruud wrote:
You’re doSlashing ‘$name’ twice. Once is enough.
Where better to use doSlashing()
: when accessing the database or reading the variables from the form?
Tell me again: how do I do? Next issue will not match the title. I open a new thread, or you can continue here?
Offline
Re: How to compare passwords in TXP?
I prefer to escape late instead of early, so just before accessing the database.
Offline