DownloadUser Ratings
Rate This Project
Login To Rate This Project
Featured Reviews
Highest Rated
Thanks for Uflex, it's wonderful!
Lowest Rated
Thanks for the script and the effort. I thought however of leaving a message with a couple of things I would do different, shall somebody plan to use this script to be aware of some possible weakness I found.
I would change the whole "remember me" login method. The script leaves a cookie which exposes both the id of the user and a sub string of the user's password hash. While the id is written with some type of encryption, this is very weak and mostly secured by obscurity.
Somebody who can grab one cookie set for x user, can generate more cookies that would grant access every time.
I would instead generate a token with expiration date and valid for one access only as one way to improve the script
User Reviews
-
Wonder full script bro, Good Work, Thanks for sharing it. I want one favor from you. Please contact me back : ktn.thkkr@gmail.com
-
Thanks for Uflex, it's wonderful!
-
Thanks for the script and the effort. I thought however of leaving a message with a couple of things I would do different, shall somebody plan to use this script to be aware of some possible weakness I found. I would change the whole "remember me" login method. The script leaves a cookie which exposes both the id of the user and a sub string of the user's password hash. While the id is written with some type of encryption, this is very weak and mostly secured by obscurity. Somebody who can grab one cookie set for x user, can generate more cookies that would grant access every time. I would instead generate a token with expiration date and valid for one access only as one way to improve the script
-
si bien está perfecto le faltarían algunas comprobaciones, y tambien por favor... cambiale lo de <?= por php5 porque en php5 se escribe <?php echo por lo demas está muy bien el script, te felicito, muy recomendable!!!
- Previous
- You're on page 1
- Next