Web Development Blog » access_user http://www.web-development-blog.com Web development tutorials, SEO articles and PHP script resources Wed, 25 Aug 2010 19:46:22 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Important Update for the PHP class Access User http://www.web-development-blog.com/archives/important-update-for-the-php-class-access-user/ http://www.web-development-blog.com/archives/important-update-for-the-php-class-access-user/#comments Tue, 20 Nov 2007 22:06:44 +0000 Olaf http://www.web-development-blog.com/archives/important-update-for-the-php-class-access-user/ Today our partner site finalwebsites.com has announced an important update for the Access_user class. The update is a security update to make the script more safe against computer hacker. While there is not really a problem for existing, working applications, it’s advised to update applications very soon.

The release information:

This is an important (security related) update, in previous versions hackers can guess common and repeating passwords from user. While the “forgotten password” function was based on the password and the user id, it could be possible to change the password for some user (if the hacker knows the users id and the right password). The risk is not very high for most installations but could be work out some trouble. The new version doesn’t use the password for validation anymore. The login name (encrypted) is used together with some “secret” secret string. AU class user can replace the class file but need to update the method calls in the activate password script. You need to add the constant variable SECRET_STRING to the db_config.php file.

Download the updated version from the PHP class here.

For further questions about the class post them to the official support forum.Similar Posts:

]]> http://www.web-development-blog.com/archives/important-update-for-the-php-class-access-user/feed/ 2