| UserBundle for CI 3.x |
|
Hi all, there is a new UserBundle for CodeIgniter 3.x available.
It contains : - Login - Signup - User - Users - Passwordforgot - Route Authentification - Database Entity Configuration If you like please test it and tell me whats wrong, whats good or what can i make better. Here is th Github link: https://github.com/chrobaks/CI-UserBundle/
0. It's over-engineered ... If "Bundle" comes from Symfony, it's aptly named.
 1. Passwordmanager::randomPassword() is not random. 2. That same method is used to generate "confirmation hashes" for forgotten passwords, which is not secure. 3. Again that method is used to create "salt" for passwords, which is simply appended to the original password ... bcrypt already has salting built-in; you're trying to be smart where you don't need to - looping back to the "over-engineered" point.
@chrobaks
Watch for rand(), avoid using it. I've opened an issue about the password generator, but I have no time to preview other code. Generally, seek for already done and tested solutions about security. See https://github.com/paragonie whether there might be something useful. (01-23-2017, 11:33 AM)ivantcholakov Wrote: @chrobaks Thanks ivan, you are right, i'll edit the passwordmanager with with your solution. I made that error, because i was to much in hurry, so i keep more calm!
That's just Narf being his natural self.
What did you Try? What did you Get? What did you Expect?
Joined CodeIgniter Community 2009. ( Skype: insitfx )
(01-23-2017, 10:57 AM)chrobaks Wrote:(01-23-2017, 10:42 AM)Narf Wrote: Also, WTF is this doing in the "Events" forum? Moving. I already did move it. And I'm not "so angry". (01-23-2017, 02:18 PM)InsiteFX Wrote: That's just Narf being his natural self. ... and people being over-sensitive to explicit language. |
| Welcome Guest, Not a member yet? Register Sign In |
