[OWASP_PHPSEC] Login Controller

Abbas Naderi abiusx at owasp.org
Tue Sep 10 13:22:27 UTC 2013


It seems alright with me.
Its a good idea to peek at what jframework's login controller does though.
-A
______________________________________________________________
Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

On Sep 10, 2013, at 7:24 AM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:

> Oh yes....the captcha part is just for show...a whole engine will be there to handle what we have discussed earlier. I am a little busy with controller, otherwise after controllers I will do that thing only.
> 
> 
> On Tue, Sep 10, 2013 at 7:18 AM, Shivam Dixit <shivamd001 at gmail.com> wrote:
> Hello Rahul,
> 
> Controllers seems to be good, however on brute force issue as we discussed earlier, we can also implement temporary account locking. As we discussed if 1 is returned (level 1) from brute force function show captcha , if level 2 brute force attempt is made then lock account. I think, for disabling accounts we will require one more column in USERS table to check if account is enabled or disabled and we will be required to add one more condition to check if user is enabled or disabled when we authenticate user. 
> 
> 
> On Tue, Sep 10, 2013 at 4:33 PM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:
> Hello All,
> 
> Here is the structure of the login controller that I made. Please comment and notify me if any mistakes are there.
> 
> -- 
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
> 
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
> 
> 
> 
> 
> -- 
> Cheers,
> Shivam
> 
> 
> 
> -- 
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130910/0feae98b/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list