websiteMembership question
4 posts by 2 authors in: Forums > CMS Builder: Plugins & Add-ons
Last Post: September 28, 2015 (RSS)
Hi,
in the add-on there is:
// disallow logins with plaintext password hash
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : '';
if ($action == 'loginSubmit' && !empty($_REQUEST['password']) && $passwordHash && $_REQUEST['password'] == $passwordHash) {
$passwordHash = ''; // blank out password
loginCookie_remove();
}
the loginSubmit in the $action == 'loginSubmit' is from where? We are using simple 'login' value in the login.php.
Regards,
Karls
By Dave - September 22, 2015
Hi Karlz,
The 'loginSubmit' value is used by the CMSB login screen.
What if we updated it to this?
// disallow logins with plaintext password hash
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : '';
if (in_array($action, ['login','loginSubmit']) && !empty($_REQUEST['password']) && $passwordHash && $_REQUEST['password'] == $passwordHash) {
$passwordHash = ''; // blank out password
loginCookie_remove();
}
Would that work for you?
interactivetools.com
Hi Dave,
I just lost the above script in the add-on and now i cannot find it..
Thanks anyway,
Karls.
By Dave - September 28, 2015
Hi Karz, Try searching for "loginSubmit" in /lib/login_functions.php.
interactivetools.com