Correct password saving issues, descriptive login error messages

kendarorg / PhpNuget

Php nuget manager supporting complex queries on txt files or MySQL

http://www.kendar.org/?p=/dotnet/phpnuget

Other

23 stars 15 forks source link

Correct password saving issues, descriptive login error messages #69

Closed bkraul closed 5 years ago

bkraul commented 5 years ago

Introduces better login error messages, such as:

User does not exist.
Incorrect password.
User is currently disabled.

Corrects an issue with saving users, where the password gets overwritten by a hash even when there was no new password entered.

Might need to apply PR #64 first in order to correct session_start() issues.

Examples:

There remains an issue with saving users where some of the data is not being properly saved. This is outlined on issue #68.

kendarorg commented 5 years ago

Hi :) thanks for everything, i am doing all the reviews! The only thing is that i'll take a more "hidden" approach showing only something like "Invalid credentials" without supplying too much hints on weather the password was wrong.