Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be.
3
votes
4answers
147 views
User registration and authentication in PHP and PDO
Please criticize as thoroughly as possible, even the smallest thing will be very useful for me.
I'm trying to create a safe and easy system to change for future projects. I am aware that it should ...
6
votes
2answers
79 views
Authenticating web request to get the xml data from it
I wrote a method early of our development last year about getting the content of a webrequest where it contains an xml data that we need to process and insert to ...
6
votes
2answers
93 views
Powershell cmdlet authenticating to Aerohive API
After dipping my toes in PowerShell for over a year i think it is time for creating a real cmdlet. My first mission was creating a regular PS script to take in a .csv and create a wifi account using ...
2
votes
0answers
66 views
Checking authentication status by looking for a cookie
I'm an Android newbie. I have this function in my code:
...
2
votes
1answer
36 views
Elixir / Phoenix login controller, allowing multiple attempts
I have a login method in my controller. I would like to get rid of the imperative "thinking" and write something more functional.
...
3
votes
2answers
65 views
PHP Authentication Form
Drafted this up today out of the need for a very simple php based login form to protect an html page.
The app is simply included the top of index.html like this:
<...
4
votes
2answers
269 views
LDAP Login Script
This is my first time ever having code peer reviewed! This is just the main function I'm concerned about.
Edit
Apologies for the initial vagueness of my question, this is the "login" part of my ...
4
votes
1answer
78 views
Very basic PHP session handling
I’ve got my first real PHP web application up and running. It is working as expected, but being my first time, I’m sure there is plenty of room for improvement.
Right now, there is one particular ...
1
vote
0answers
61 views
Spring controller for login using Facebook or email
I've got a spring controller class which handles the user logins.
I've got two endpoints:
/user/facebook
/user/email
You ...
2
votes
1answer
79 views
Simple login page
Could anyone tell me if this code is well written and if it has bugs / vulnerabilities?
class.user.php:
...
2
votes
4answers
97 views
PHP mysqli code for login form
Can you check my code if I wrote like a professional?
connection page.
form sign page.
plan page.
log out page.
First I create the database and tables, then the connection file, then the form sign ...
3
votes
1answer
68 views
PHP Login/cookie authentication
I have an authetication api for an intranet site but I'm a little worried that my design of the authentication is bad and unsafe.
Below is the basic part of the authetication process and I hope I can ...
2
votes
1answer
87 views
Authentication in JSF
I've decided to implement my own custom authentication and authorisation in JSF. I am using Java's BCrypt to check the users' passwords.
The view side of things I can handle; I'm just implementing <...
1
vote
1answer
63 views
Am I doing cookie authentication right?
So I have to write a little social network for a case study at university. I have done some simple webapps before but nothing that required authentication, login and so on. So I wrote this little ...
3
votes
1answer
180 views
Logging in to Android application using Firebase
I currently have an app that uses Firebase for logging users in and I would like to know if I can make this code any better. I currently have 4 files:
auth/models/User.java
auth/BaseActivity....
6
votes
1answer
201 views
TCP authentication server and client
This is the first time I'm dealing with C# as I'm accustomed to Java sockets, so I do want your full review and anything you think I can accomplish better or optimize in the code will be very ...
2
votes
1answer
973 views
Login system using a persistent cookie
I want to be sure that my code below properly secures the website based on all of the information provided.
Login System Overview
When a user logs in, the following user info is saved to a ...
0
votes
0answers
14 views
Expressjs display specific error messages on signup
I'm using Node + Express + Mongo, my user Schema has three required fields:
username
email
password
I already took care of how the password is handled, but when it comes to username and email, ...
3
votes
1answer
119 views
WebAPI Authentication
Do you see any security issues with this authentication approach or have any suggestions?
WebAPI is REST-based. The user logs in by calling the Authentication Controller and expects a 401 if ...
2
votes
0answers
76 views
PHP login and session establishment
I would like to ask your advice on my simple code to login and registration sessions.
In the User class, login function:
...
2
votes
2answers
124 views
Login page code enhancement
I am starting to learn ASP.NET, and I am designing a page for an admin to login and do some stuff. I have the username and password for the admin stored in Web.config (Is that a good practice?).
...
3
votes
1answer
70 views
Android login system
I am completely unaware of all the Android features and available libraries.
I just designed a login system to practice it. I have referred to a few books and tutorials.
Layout
I am using relative ...
6
votes
1answer
500 views
Login UI for an Android app
This code starts a new thread for login and reacts according to the JSON result returned by the server.
I think this code has too many conditionals, exception handlers, and nested functions.
...
3
votes
1answer
106 views
Secure Token for use in API calls
My team has developed an API and I've been tasked with creating an authentication layer that allows partners' applications to consume it. To that end, I've created a data store which houses an ...
4
votes
1answer
329 views
PHP secure login script
I was just wondering how secure my code looked and if I'm overlooking any serious mistakes. Any suggestions/critiques are welcome.
This is my relevant login script.
login.php
...
1
vote
0answers
26 views
Simple login script
This is a simple login script using Bcrypt. Is there anything wrong with this code? It works and my page loads O.K, but could this be optimized for better speeds?
...
2
votes
1answer
202 views
Using PHP's password_hash and password_verify for a login function
This is my first time using password_hash and password_verify in PHP. Would this be the correct usage of ...
0
votes
0answers
40 views
Authentication terminology
Below comes a Value Object to represent UserId in ASP.NET application. It implements Value Identity, so equality is defined by matching of the state calculated at ...
2
votes
0answers
41 views
Function to prevent sign-in form from being spammed
I have written a function that I want to protect from spam bots. I have used two techniques the first being filter after submit. After reading around I obtained the ...
6
votes
2answers
417 views
User registration and login program
I've recently stared learning C++ so I'm new to all of it. I've got my fourth "software" under development. Could someone have a look through and give me some constructive criticism on what should I ...
2
votes
1answer
175 views
PHP Login script getting bypassed allowing access to my admin pages
I have a site where a friendly hacker says they have accessed my admin area. I am not able to see how this is possible so any help would be greatly appreciated. I am using PDO prepared statements to ...
4
votes
2answers
96 views
“Remember me” automatic login
I've implemented a "remember me" automatic login if no session has been set, but a remember me cookie is on their computer. I'm concerned about security and I'm not the best. I'm relatively new to OOP ...
2
votes
2answers
121 views
Validating user credentials and logging into a Symfony site
I have the following code in a Symfony site that validates a user's credentials and logs them in via the Session class:
...
1
vote
1answer
119 views
Create “refresh token” action filter
I am using idenity server 3 authentication.
I have to implement refresh token logic.
AccessTokenLifetime is 1 hour, and after that time I want to update access token with refresh token.
I want do ...
3
votes
0answers
46 views
Rbac Principal with Binding support
I've been maintaining a Rbac helper for some time now. My goal is to provide an easy way to tell the following:
When does an user have a role
What can a user do (...
2
votes
0answers
49 views
Ajax login response [closed]
I want to create an Ajax-Login, but I'm not sure if my solutions is generally correct. I want to do everything correct, so I need someone who checks this code and give me some improvement hints.
<...
2
votes
1answer
150 views
Creating a portable encrypted credential store
There have been a few questions over on SO recently about securely storing credentials in Powershell scripts. Because ConvertFrom-SecureString uses DPAPI it makes ...
3
votes
2answers
103 views
First user login function: Security and efficency opinions
I am writing an application for work. This application will sit on a closed network but I still have to be concerned about security. There will be a maximum of three types of user for this application:...
5
votes
2answers
3k views
Login system with session using CodeIgniter
I implemented a login system, with session, using CodeIgniter.
If the session doesn't exist, redirect to login page.
Please review, and let me know what can be done to make it better.
view (login.php)...
7
votes
2answers
198 views
Secure custom password hashing
My team and I have ended up creating this class, which is called directly from ASP.NET Identity as a custom password hasher. I'd like to know whether this would be "overkill"/use a lot of CPU, ...
5
votes
1answer
142 views
login_required decorator in Flask
I have 2 Flask apps (different projects) that work together . One implements some API which uses tokens for auth. The second one consumes the API and makes a web interface for it. Now I have a login ...
3
votes
1answer
66 views
Authentication program in Swing
It is a simple program which allows you to input a username an password. If the username/password is equal to the String it launches a JOptionPane that says "...
2
votes
0answers
157 views
Safe implementation for extending authentication cookie with user data
After searching around and reading through articles and answers I came up with this implementation for extending the cookie of Forms Authentication. But I am not 100% sure that I did not introduce any ...
1
vote
1answer
118 views
CakePHP login action returning json
I have some questions on how I can improve this "add action" (method) in "controller":
I'm using the add action only if post request. Is it correct?
This ...
0
votes
1answer
86 views
Password encrypt & check
When a user registers (creates a new account), I want to encrypt password before storing in a database, and when a user logs on (with username & password) I want to check password. I did it in the ...
6
votes
1answer
151 views
Ensuring non-expired token before every request
I'm developing an iOS application where data is fetched from a third-party REST API. Each request must contain an authorization token.
In order to implement this, I've written a ...
1
vote
0answers
2k views
JWT - Simple API example
I have created this fake API just because I want to learn how to use JWT. It is a simple unsigned token exchange with two methods call: login and adminPassword.
I've used https://github.com/lcobucci/...
2
votes
1answer
68 views
Security of login form using prepared statements
I've prepared a simple login form, using prepared statements to prevent SQL injections. How secure is this ?
...
1
vote
1answer
225 views
Simple login and authentication app
For school I had to do a real simple login and authentication system on an Android app, and I'm wondering how my code can be optimised to reduce code duplication and how it can be made more object ...
4
votes
1answer
6k views
Simple login system using Python Flask and MySQL
I've made a login page using Python Flask which works with MySQL. I started learning Flask 2 days ago and it was fun, so I came up with this:
...
