(05-26-2020, 02:27 AM)captain-sensible Wrote: is it a large project with lots of users or a fairly simple one concerning auth.
Sometimes the way writers of libraries document code , i find it hard to understand.
I've got a simple web with really only one admin needed so as an alternative to using someones library i just wrote my own code using a simple captcha , session to limit attempts to 5 goes, url to login hidden (i.e not quoted anywhere)
authentification based is on captcha being correct , user name being correct and the password in a sqlite db is hashed so i use for that :
$logic = password_verify($this->password,$this->hashPassword);
where $this->password is whats recevied by :
$this->request->getVar('userPassword')
protected $regex= '/[^A-Za-z0-9!?\s]+/';
//$regex this is a php class member
$password= $this->request->getVar('userPassword'); // pasword typed in to form textbox
$password2= htmlentities($password,ENT_QUOTES);
$this->password= preg_replace($this->regex,"",$password2);
$this->password= trim($this->password);
A bit convoluted but if password is correct it works !
i've thought my knowledge may be limiting but then i've seen W.P web sites where login is easily found, a user can easily be found and there is no captcha.
So i'm not sure whether to stick with own system or replace it if there is a simple library.
So also would be interested to more replies.
It's a complex project. It makes no sense to write a new auth library for this.
