Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be.
2
votes
1answer
28 views
Elixir / Phoenix login controller, allowing multiple attempts
I have a login method in my controller. I would like to get rid of the imperative "thinking" and write something more functional.
...
1
vote
0answers
52 views
Simple password verification before proceeding to a game [closed]
I wrote this code a little while ago and ran it a bunch of times trying all possible combinations just to make sure it all works and it worked fine and no errors came up but now when I bring it up in ...
3
votes
2answers
55 views
PHP Authentication Form
Drafted this up today out of the need for a very simple php based login form to protect an html page.
The app is simply included the top of index.html like this:
<...
4
votes
2answers
197 views
LDAP Login Script
This is my first time ever having code peer reviewed! This is just the main function I'm concerned about.
Edit
Apologies for the initial vagueness of my question, this is the "login" part of my ...
4
votes
1answer
66 views
Very basic PHP session handling
I’ve got my first real PHP web application up and running. It is working as expected, but being my first time, I’m sure there is plenty of room for improvement.
Right now, there is one particular ...
1
vote
0answers
32 views
Spring controller for login using Facebook or email
I've got a spring controller class which handles the user logins.
I've got two endpoints:
/user/facebook
/user/email
You ...
2
votes
1answer
66 views
Simple login page
Could anyone tell me if this code is well written and if it has bugs / vulnerabilities?
class.user.php:
...
2
votes
4answers
61 views
PHP mysqli code for login form
Can you check my code if I wrote like a professional?
connection page.
form sign page.
plan page.
log out page.
First I create the database and tables, then the connection file, then the form sign ...
3
votes
1answer
58 views
PHP Login/cookie authentication
I have an authetication api for an intranet site but I'm a little worried that my design of the authentication is bad and unsafe.
Below is the basic part of the authetication process and I hope I can ...
2
votes
1answer
70 views
Authentication in JSF
I've decided to implement my own custom authentication and authorisation in JSF. I am using Java's BCrypt to check the users' passwords.
The view side of things I can handle; I'm just implementing <...
1
vote
1answer
52 views
Am I doing cookie authentication right?
So I have to write a little social network for a case study at university. I have done some simple webapps before but nothing that required authentication, login and so on. So I wrote this little ...
1
vote
1answer
81 views
Logging in to Android application using Firebase
I currently have an app that uses Firebase for logging users in and I would like to know if I can make this code any better. I currently have 4 files:
auth/models/User.java
auth/BaseActivity....
6
votes
1answer
105 views
TCP authentication server and client
This is the first time I'm dealing with C# as I'm accustomed to Java sockets, so I do want your full review and anything you think I can accomplish better or optimize in the code will be very ...
2
votes
1answer
951 views
Login system using a persistent cookie
I want to be sure that my code below properly secures the website based on all of the information provided.
Login System Overview
When a user logs in, the following user info is saved to a ...
0
votes
0answers
7 views
Expressjs display specific error messages on signup
I'm using Node + Express + Mongo, my user Schema has three required fields:
username
email
password
I already took care of how the password is handled, but when it comes to username and email, ...
3
votes
0answers
84 views
WebAPI Authentication
Do you see any security issues with this authentication approach or have any suggestions?
WebAPI is REST-based. The user logs in by calling the Authentication Controller and expects a 401 if ...
2
votes
0answers
58 views
PHP login and session establishment
I would like to ask your advice on my simple code to login and registration sessions.
In the User class, login function:
...
3
votes
1answer
69 views
Android login system
I am completely unaware of all the Android features and available libraries.
I just designed a login system to practice it. I have referred to a few books and tutorials.
Layout
I am using relative ...
6
votes
1answer
496 views
Login UI for an Android app
This code starts a new thread for login and reacts according to the JSON result returned by the server.
I think this code has too many conditionals, exception handlers, and nested functions.
...
3
votes
1answer
85 views
Secure Token for use in API calls
My team has developed an API and I've been tasked with creating an authentication layer that allows partners' applications to consume it. To that end, I've created a data store which houses an ...
4
votes
1answer
153 views
PHP secure login script
I was just wondering how secure my code looked and if I'm overlooking any serious mistakes. Any suggestions/critiques are welcome.
This is my relevant login script.
login.php
...
1
vote
0answers
26 views
Simple login script
This is a simple login script using Bcrypt. Is there anything wrong with this code? It works and my page loads O.K, but could this be optimized for better speeds?
...
2
votes
1answer
143 views
Using PHP's password_hash and password_verify for a login function
This is my first time using password_hash and password_verify in PHP. Would this be the correct usage of ...
0
votes
0answers
37 views
Authentication terminology
Below comes a Value Object to represent UserId in ASP.NET application. It implements Value Identity, so equality is defined by matching of the state calculated at ...
2
votes
0answers
39 views
Function to prevent sign-in form from being spammed
I have written a function that I want to protect from spam bots. I have used two techniques the first being filter after submit. After reading around I obtained the ...
6
votes
2answers
155 views
User registration and login program
I've recently stared learning C++ so I'm new to all of it. I've got my fourth "software" under development. Could someone have a look through and give me some constructive criticism on what should I ...
2
votes
1answer
129 views
PHP Login script getting bypassed allowing access to my admin pages
I have a site where a friendly hacker says they have accessed my admin area. I am not able to see how this is possible so any help would be greatly appreciated. I am using PDO prepared statements to ...
4
votes
2answers
87 views
“Remember me” automatic login
I've implemented a "remember me" automatic login if no session has been set, but a remember me cookie is on their computer. I'm concerned about security and I'm not the best. I'm relatively new to OOP ...
2
votes
2answers
88 views
Validating user credentials and logging into a Symfony site
I have the following code in a Symfony site that validates a user's credentials and logs them in via the Session class:
...
1
vote
1answer
92 views
Create “refresh token” action filter
I am using idenity server 3 authentication.
I have to implement refresh token logic.
AccessTokenLifetime is 1 hour, and after that time I want to update access token with refresh token.
I want do ...
3
votes
0answers
42 views
Rbac Principal with Binding support
I've been maintaining a Rbac helper for some time now. My goal is to provide an easy way to tell the following:
When does an user have a role
What can a user do (...
2
votes
0answers
47 views
Ajax login response [closed]
I want to create an Ajax-Login, but I'm not sure if my solutions is generally correct. I want to do everything correct, so I need someone who checks this code and give me some improvement hints.
<...
2
votes
1answer
116 views
Creating a portable encrypted credential store
There have been a few questions over on SO recently about securely storing credentials in Powershell scripts. Because ConvertFrom-SecureString uses DPAPI it makes ...
3
votes
2answers
96 views
First user login function: Security and efficency opinions
I am writing an application for work. This application will sit on a closed network but I still have to be concerned about security. There will be a maximum of three types of user for this application:...
5
votes
2answers
1k views
Login system with session using CodeIgniter
I implemented a login system, with session, using CodeIgniter.
If the session doesn't exist, redirect to login page.
Please review, and let me know what can be done to make it better.
view (login.php)...
7
votes
2answers
182 views
Secure custom password hashing
My team and I have ended up creating this class, which is called directly from ASP.NET Identity as a custom password hasher. I'd like to know whether this would be "overkill"/use a lot of CPU, ...
5
votes
1answer
114 views
login_required decorator in Flask
I have 2 Flask apps (different projects) that work together . One implements some API which uses tokens for auth. The second one consumes the API and makes a web interface for it. Now I have a login ...
3
votes
1answer
60 views
Authentication program in Swing
It is a simple program which allows you to input a username an password. If the username/password is equal to the String it launches a JOptionPane that says "...
2
votes
0answers
119 views
Safe implementation for extending authentication cookie with user data
After searching around and reading through articles and answers I came up with this implementation for extending the cookie of Forms Authentication. But I am not 100% sure that I did not introduce any ...
1
vote
1answer
85 views
CakePHP login action returning json
I have some questions on how I can improve this "add action" (method) in "controller":
I'm using the add action only if post request. Is it correct?
This ...
0
votes
1answer
83 views
Password encrypt & check
When a user registers (creates a new account), I want to encrypt password before storing in a database, and when a user logs on (with username & password) I want to check password. I did it in the ...
6
votes
1answer
147 views
Ensuring non-expired token before every request
I'm developing an iOS application where data is fetched from a third-party REST API. Each request must contain an authorization token.
In order to implement this, I've written a ...
1
vote
0answers
1k views
JWT - Simple API example
I have created this fake API just because I want to learn how to use JWT. It is a simple unsigned token exchange with two methods call: login and adminPassword.
I've used https://github.com/lcobucci/...
2
votes
1answer
68 views
Security of login form using prepared statements
I've prepared a simple login form, using prepared statements to prevent SQL injections. How secure is this ?
...
1
vote
1answer
183 views
Simple login and authentication app
For school I had to do a real simple login and authentication system on an Android app, and I'm wondering how my code can be optimised to reduce code duplication and how it can be made more object ...
4
votes
1answer
4k views
Simple login system using Python Flask and MySQL
I've made a login page using Python Flask which works with MySQL. I started learning Flask 2 days ago and it was fun, so I came up with this:
...
1
vote
1answer
155 views
Another PHP login handler
I wrote this class to handle login sessions for a framework I'm writing for educational purposes.
My major areas of concern:
Style
I know my style is a little contrary to most coding conventions. ...
-2
votes
2answers
62 views
Authentication check in index.php file
I am aware that this code is vulnerable for SQL injections, but I don't know how to avoid it.
...
7
votes
2answers
411 views
PHP login based on a password parameter
I'm learning PHP now, and I'm trying to find out whether or not the following code structure has any faults:
...
-1
votes
1answer
32 views
Backbone view for logging a user in
I'm looking for a general peer review on already working code. Just the overall structure and of course any gotchas like DRYness or logic issues.
...
