websiteMembership question

Hi,

in the add-on there is:

  // disallow logins with plaintext password hash
  $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : ''; 
  if ($action == 'loginSubmit' && !empty($_REQUEST['password']) && $passwordHash && $_REQUEST['password'] == $passwordHash) {
    $passwordHash = '';   // blank out password
    loginCookie_remove();
  }

the loginSubmit in the $action == 'loginSubmit' is from where? We are using simple 'login' value in the login.php.

Regards,
Karls

By Dave - September 22, 2015

Hi Karlz, 

The 'loginSubmit' value is used by the CMSB login screen.

What if we updated it to this? 

// disallow logins with plaintext password hash
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : ''; 
if (in_array($action, ['login','loginSubmit']) && !empty($_REQUEST['password']) && $passwordHash && $_REQUEST['password'] == $passwordHash) {
  $passwordHash = '';   // blank out password
  loginCookie_remove();
}

Would that work for you? 

Dave Edis - Senior Developer
interactivetools.com

Hi Dave,

I just lost the above script in the add-on and now i cannot find it..

Thanks anyway,
Karls.