Password confirmation field in registration doesn't actually check for identical passwords

PHSCDC / itocdc-2015-www

An insecure PHP web app for the Iowa State University 2015 IT Olympics Cyber Defense Competition (ITOCDC)

MIT License

0 stars 1 forks source link

Password confirmation field in registration doesn't actually check for identical passwords #12

Closed jummy0 closed 9 years ago

jummy0 commented 9 years ago

if(document.registration.confirm-password.value.length==0){
    alert("Passwords do not match!");
    return false;
}

This block doesn't actually check that the fields are identical; it checks that confirm-password contains ≥1 character.

BEASTLYMONKEY27 commented 9 years ago

This issue should now be fixed, I just set the files to try to equal each other, if they don't it returns false. Thus Echoing "Passwords do not match"