![]() |
UserBundle for CI 3.x - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: External Resources (https://forum.codeigniter.com/forumdisplay.php?fid=7) +--- Forum: Addins (https://forum.codeigniter.com/forumdisplay.php?fid=13) +--- Thread: UserBundle for CI 3.x (/showthread.php?tid=67160) |
UserBundle for CI 3.x - chrobaks - 01-23-2017 Hi all, there is a new UserBundle for CodeIgniter 3.x available. It contains : - Login - Signup - User - Users - Passwordforgot - Route Authentification - Database Entity Configuration If you like please test it and tell me whats wrong, whats good or what can i make better. Here is th Github link: https://github.com/chrobaks/CI-UserBundle/ RE: UserBundle for CI 3.x - Narf - 01-23-2017 0. It's over-engineered ... If "Bundle" comes from Symfony, it's aptly named. ![]() 1. Passwordmanager::randomPassword() is not random. 2. That same method is used to generate "confirmation hashes" for forgotten passwords, which is not secure. 3. Again that method is used to create "salt" for passwords, which is simply appended to the original password ... bcrypt already has salting built-in; you're trying to be smart where you don't need to - looping back to the "over-engineered" point. ![]() RE: UserBundle for CI 3.x - Narf - 01-23-2017 Also, WTF is this doing in the "Events" forum? Moving. RE: UserBundle for CI 3.x - chrobaks - 01-23-2017 (01-23-2017, 10:42 AM)Narf Wrote: Also, WTF is this doing in the "Events" forum? Moving. Sorry, I'm new here. How to move the Posting? Why are you so angry ("wtf")? Thanks for your answer. RE: UserBundle for CI 3.x - ivantcholakov - 01-23-2017 @chrobaks Watch for rand(), avoid using it. I've opened an issue about the password generator, but I have no time to preview other code. Generally, seek for already done and tested solutions about security. See https://github.com/paragonie whether there might be something useful. RE: UserBundle for CI 3.x - chrobaks - 01-23-2017 (01-23-2017, 11:33 AM)ivantcholakov Wrote: @chrobaks Thanks ivan, you are right, i'll edit the passwordmanager with with your solution. I made that error, because i was to much in hurry, so i keep more calm! RE: UserBundle for CI 3.x - InsiteFX - 01-23-2017 That's just Narf being his natural self. RE: UserBundle for CI 3.x - Narf - 01-24-2017 (01-23-2017, 10:57 AM)chrobaks Wrote:(01-23-2017, 10:42 AM)Narf Wrote: Also, WTF is this doing in the "Events" forum? Moving. I already did move it. And I'm not "so angry". (01-23-2017, 02:18 PM)InsiteFX Wrote: That's just Narf being his natural self. ... and people being over-sensitive to explicit language. |