-
Posts
13 -
Joined
-
Last visited
Posts posted by JackN
-
-
Many thanks Jacques for your clear answer
I think I understand now, the point is that anyone could guess by brute force testing.
That's a privacy issue like you said, but I imagine that then when the attacker built a list of real username (even fancy one) by BF testing, he can then simulate a lot of login and try all of them with basic passwords like "123". At least one of them should work. This could be security issue in this case, no?
So the conclusion would be, never tell to the people that its username is not available but rather create a script like you provided in you example of prepared statements where the system adapt the username (by increment if necessary) so that it is unique without notifying the user.
-
Ginerjm, thank you very much for trying to help me whereas it seems like I bother you because I ask questions like if I was not willing to search by my own, which is I agree an horrible behavior for a community member. I really appreciate your patience.
The first message of this thread is:
When a new user signs up, they're assigned a user name (their first name and last name combined in a single string).
Because there may be two or more people with the same name, how do I create a loop that will check my database to see if that username already exists, and if it does add a number on the end to make it different, then run another query to see if that one exists too. And keep doing this until a free one is found.
And the firrst answer (that I answered to) is:
That is a very bad and insecure way to handle usernames. Don't do it.
If I am wright, no function nor any PHP code was mentioned in these two messages but the member who answered was already thinking that this was insecure the way it was though. I was therefore very curious to understand why he said that. I have a hard time seeing what could I search in Google or in the doc to find such an answer. If there something I am missing, please forgive me.
-
I think that my words are wrongly written (english is not my 1st language) because I agree with Jacques and had no problem with what he said. Concerning this thread, I read it in whole and could not find any clear explanation (on my point of view -> I am a beginner with PHP) about why it would be insecure. Moreover I read the doc almost every day but I'am not very smart, sorry.
-
Yes you are true. It is just more cool to have a picture to show to others when talking rather than a shade. But I will have an avatar soon anyway
-
You can use flashdevelop.org which is open source
-
What about WinSCP (which allow to use S-FTP) ?
-
I love Notepad++ and use it every day
The poll results make me want to try PHPStorm!
-
That is a very bad and insecure way to handle usernames. Don't do it.
Could you please briefly explain why it is insecure?
-
Try to enter "site:www.yourdomain.com" in google, does your website appears? If yes it is therefore indexed by the search engine. In this case you just need some backlinks so that it appears when someone type its name as keyword search. If it does not appears yes there is probably a problem in your code (in this case you should check your robot.txt file first).
Please report us what appears when you type "site:www.yourdomain.com" in google. (replace yourdomain by your domain of course ^^)
-
Hello everyone,
I was wondering if there were a software who could scan your PHP files and detect every part of your code which would not be compatible with the new version of PHP you would like to update to?
I searched but did not find anything free.Is there any opensource/freeware soft able to perform such a scan?
-
Yup, some features are limited for new users.
You seem to be a human so I've moved you out of the restricted group and into the regular user group. You should be able to set an avatar now.
Would it be possible to do the same for me?
-
Try to post your question on http://stackoverflow.com/questions
Also, I am sure that you can find your solution by looking other's question about htacess files on stackoverflow, it is a perfect source of information
-
Hello everyone!
My name is Nicolas and I am a Canadian PHP learner.
I am also web designer and a big fan of Linux as well as video games (geek!)
I hope I will learn more about the amazing language which is PHP and that I will meet nice people (I have no doubt about this) ^^
PS: I don't success in adding an avatar (error: profile_disabled)...
How to Check Username and Change If It Exists?
in PHP Coding Help
Posted
No problem, you are forgiven
I am glad to know that I did not make anything wrong because I was really lost :s