Found the problem. when I did this: echo strlen($hash) it printed 90, which is strange because there were definitely no spaces at the end when I printed out the success/failure message, and the field has a varchar length of 255 I added this line: $hash = substr( $hash, 0, 60 ); And now it works … Read more
You are binding click event every time you click a button. You don’t want multiple event handlers. Plus you are redefining var pwShown = 0 on every click so you can never revert input state (pwShown stays the same). Remove onclick attribute and bind click event with addEventListener: function show() { var p = document.getElementById(‘pwd’); … Read more
A new salt should be randomly generated for each user and each time they change their password as a minimum. Don’t just rely on a site wide salt for example, as that defeats the point of using a salt in the first place. Using a unique salt for each user is so that if two … Read more
Depending on the language, I usually use regular expressions to check if it has: At least one uppercase and one lowercase letter At least one number At least one special character A length of at least six characters You can require all of the above, or use a strength meter type of script. For my … Read more
Switching to SHA512 will hardly make your website more secure. You should not write your own password hashing function. Instead, use an existing implementation. SHA256 and SHA512 are message digests, they were never meant to be password-hashing (or key-derivation) functions. (Although a message digest could be used a building block for a KDF, such as … Read more
I am sure there is no technical problem but maybe gmail and hotmail are not supporting that on purpose. This kind of websites have a wide audience and should be accessible from everywhere. Let’s imagine the user have a password in Japanese but he is on travel and go to a cyber cafe and there … Read more
You can disable paste in your input as follows: html: <input type=”text” value=”” id=”myInput”> javascript: window.onload = () => { const myInput = document.getElementById(‘myInput’); myInput.onpaste = e => e.preventDefault(); } Talking about security, I wouldn’t say that this makes any impact. You would usually use client side and well as server-side validation of data submitted … Read more
It is year 2018, and Windows 10 has a “Credential Manager” that can be found in “Control Panel”
Try username = root and password is blank.
I can help with the first question. As of this writing, meteor doesn’t have a checkPassword method, but here’s how you can do it: On the client, I’m going to assume you have a form with an input called password and a button called check-password. The event code could look something like this: Template.userAccount.events({ ‘click … Read more