Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Development CodeIgniter 3.x password hashing doesn't work for all special characters
password hashing doesn't work for all special characters
  • Offline BilltheCat
    Gravity is a harsh mistress.
  • ***
  • Posts: 75
    Threads: 13
    Joined: Feb 2018
    Reputation: 1
#18
08-05-2020, 01:33 PM
(This post was last modified: 08-05-2020, 02:04 PM by BilltheCat.)

(08-05-2020, 12:24 PM)jreklund Wrote: You should not use html_escape at all. As the user supplied password have been altered.

You should only escape on output not input.

Yeah, I've been thinking about that, and didn't like it.  It came that way from community_auth but I'm changing it as you suggest.
PHP Code:
$this->_change_password(
                    set_value('passwd'''FALSE), //wasn't FALSE by default
                    set_value('passwd_confirm'''FALSE), //wasn't FALSE by default
                    set_value('user_identification'),
                    set_value('recovery_code')
            ); 
It looks like I have an old version.... just checked out community_auth on bitbucket, and he's updated the section.

PHP Code:
$this->_change_password(
                $this->input->post('passwd'),
                $this->input->post('passwd_confirm'),
                set_value('user_identification'),
                set_value('recovery_code')
            ); 
Reply


Messages In This Thread
RE: password hashing doesn't work for all special characters - by BilltheCat - 08-05-2020, 01:33 PM



Theme © iAndrew 2016 - Forum software by © MyBB