search

e107inc / e107

e107 Bootstrap CMS (Content Management System) v2 with PHP, MySQL, HTML5, jQuery and Twitter Bootstrap. Issue Discussion Room: https://gitter.im/e107inc/e107
https://e107.org
GNU General Public License v3.0
318 stars 212 forks source link

[Question]: Different actions for signin and login menu login forms - what is correct one? #5151

Open Jimmi08 opened 6 months ago

Jimmi08 commented 6 months ago

Question

Login menu and signin shortcode do the same thing - display login form for site users.

Signin shortcode: '<form method="post" onsubmit="hashLoginPassword(this);return true" action="'.e_REQUEST_HTTP.'" accept-charset="UTF-8">'

Login menu:

$text = '<form method="post" action="'.e_SELF.(e_QUERY ? '?'.e_QUERY : '');
    if (vartrue($pref['password_CHAP'],0))
    {
      $text .= '" onsubmit="hashLoginPassword(this)';
    }
    $text .= '">'.$tp->parseTemplate($LOGIN_MENU_FORM, true, $login_menu_shortcodes);
    $text .= '</form>';

As you see, there are differences:

What is correct? What does preference 'password_CHAP' mean? Will be hardcoded charset be somehow related to incoming changes in the database charset?

I checked login page form too: "<form id='login-page' class='form-signin' method='post' action='".e_SELF."' onsubmit='hashLoginPassword(this)' >".$LOGIN_TEMPLATE['page']['body']."</form>"; The charset is missing, hash is hardcoded...
What is correct?

Thanks

Expected Source

In source code

Additional Context

No response

tgtje commented 6 months ago

Challenge Handshake Authentication Protocol ... eg better format for security for password transmitting and verifying.