Account security #86
Open
Account security #86
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When account is created, password is now hashed and stored in the db. Account login checks for the hash in the db to verify.
Recover username will now send the username of the email to that email. flash cards were updated with = instead of ==
New messages sent to client after searching for email in database and sending email to that address
last version still had an fwrite instead of sendMessage function
All new file with functions to set and retrieve security questions and answers from db
create account having some issues so I reverted it by removing the hard coded security questions to see if my changes were the issue
included error debug for create account insertion to find mistake
hardcoded questions were not being escape stringed. fixed that
forgot to include_once new security questions files and functions
needed to include $connection in escape string query
questions were not being queried properly. fixed that
added echo debug for security question queries
query was returning object instead of string. used correct function to return strings
was trying to access username via client, but can't access since user is not logged in
changed how security questions are called with username now
changed server code for username recovery email being sent. escape string for sec question answer hashes before writing to db
added new function to send email with recovery code and store that same code in the db. testing.php file is just to call it without UI
no longer using escape string after hashing the answers and before writing to the database
added lots of echos to see how variables act and also added mysql error report
i did a bad thing but i undid the thing
did the same fix that was done for questions on previous commit
First commit for reset password functions that should be working. send random security question, check security question answers, send out code and verify
took out some of the 4 character codes that communicate between server and client, also added a few error/success messages
was storing password as plain text with reset password. fixed and made it a hash instead
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.