Jump to content

Possible to register and login simultaneously


onjegolders

Recommended Posts

Oh I could've edited my first post instead of a new one :/

Thanks for mentioning this Macrura. I know it can be more secure because more people can improve the code, but I really like to go my own way where possible.

Link to comment
Share on other sites

  • 1 year later...
On 2/15/2013 at 9:01 AM, ryan said:

Just wanted to reiterate what Wanze said about this:


<input type='text' name='first_name' value='{$input->post->first_name}'>

This is a major security hole. For example, try submitting this in the first_name field:


'><script>alert('Gotcha!');</script>

...and if you can do that, you can do some pretty bad stuff.

Definitely entity encode user submitted input that gets output again. Wanze's example:


$v = $sanitizer->entities($input->post->first_name);
echo "<input type='text' name='first_name' value='$v'>";

If you are running an older version of PW that doesn't have the $sanitizer->entities() method (a fairly recent addition) then do this:


$v = htmlentities($input->post->first_name, ENT_QUOTES, 'UTF-8'); 

 

I'm don't know how to implement this. Does every input field in the form need to be replace with a $variable . So the username field:

                    <label class='label' for='username'>Username</label>
                     <p class='control'>
                     <span class='help is-info'>Please ensure your username contains <b>no spaces</b>. </span>
                     <input type='text' class='input' name='username' value='{$v}'>
                     </p>
 

Does the entities string go before or after the form entry above?  Do I batch all the sanitizer entries first?                   

      $v = $sanitizer->entities($input->post->first_name);


Further down I am creating a user. Does this:

      $u->name = $sanitizer->username($input->post->username);

Need to be changed to:

      $u->name = $sanitizer->username($v);

If I can figure out the order for one field, I can apply it to all of them.
 

 

 

 

Edited by hollyvalero
trying to be more clear?
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...