townim-faisal
commented
8 years ago but why bro?..here i used user name as login , not email.
Open saaiful opened 8 years ago
townim-faisal
commented
8 years ago but why bro?..here i used user name as login , not email.
saaiful
commented
8 years ago Because changing mail address without verification is bad practice.
townim-faisal
commented
8 years ago how can I verify email without sending mail to that email?
saaiful
commented
8 years ago using any social verification.
townim-faisal
commented
8 years ago thanks...ok If you want you can commit in there...I will also try that..can you give your fb id plz?..
saaiful
commented
8 years ago Btw, any skilled programmer/hacker can reset other users password for this bad practice. fb.com/infosaifulislam
townim-faisal
commented
8 years ago thanks for your suggetion.. I made this web app in 4 days..so for learners i made this as simple as I can..and also I don't count this vulnerability for developing purpose...but yes you are right..in production that is really a bad practise
Please remove email update in UserController.php