[pmwiki-users] A robust user registration module
V.Krishn
vkrishn at insteps.net
Mon May 24 16:17:45 CDT 2010
On Tuesday 25 May 2010 12:00:46 am Wordit Ltd wrote:
> On Mon, May 24, 2010 at 2:24 PM, V.Krishn <vkrishn at insteps.net> wrote:
> > I am guessing you mean sha1($email.$username.$password)
>
> The secret string is the important thing to include. Build a hash
> containing whatever strings you want to verify, plus the secret, e.g.:
>
> sha1($email.$username.$password.$secret);
I am guessing $secret is set by admin in some php file.
Then secret would become permanent till those users exists,
and admin would not be able to change the secret when compromised.
But then this would not be an issue as $password /s cannot easily be known.
>
>
> Marcus
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
--
Regards,
V.Krishn
More information about the pmwiki-users
mailing list