Comments on: A Challenge-Response Ajax PHP Login System http://unitstep.net/blog/2008/03/29/a-challenge-response-ajax-php-login-system/ the home of peter chng Fri, 12 Mar 2010 05:13:45 +0000 http://wordpress.org/?v=2.9 hourly 1 By: Peter Chng http://unitstep.net/blog/2008/03/29/a-challenge-response-ajax-php-login-system/comment-page-1/#comment-139776 Peter Chng Thu, 05 Feb 2009 03:34:24 +0000 http://unitstep.net/blog/2008/03/29/a-challenge-response-ajax-php-login-system/#comment-139776 @Jens Thanks for the tip! I will incorporate your changes into the next version... @Jens
Thanks for the tip! I will incorporate your changes into the next version…

]]> By: Jens http://unitstep.net/blog/2008/03/29/a-challenge-response-ajax-php-login-system/comment-page-1/#comment-139569 Jens Mon, 02 Feb 2009 20:12:00 +0000 http://unitstep.net/blog/2008/03/29/a-challenge-response-ajax-php-login-system/#comment-139569 Peter, thanks for your thoughts and this script. It's worth to have a deeper look inside. One improvement I have found by now: you can check if the password is equal to the username on the server-side too. For this you could insert the following lines of code into ChapAuthenticationImpl.php below the block for checking if the pwd is empty (line 205): <code> // Check if the plaintext password is the same as the username. else if ($this->passwordPlainTextTransform($username, $challenge1) == $password) { throw new ChapAuthenticationException('Password cannot be equal to the username'); } </code> Peter,

thanks for your thoughts and this script. It’s worth to have a deeper look inside.

One improvement I have found by now: you can check if the password is equal to the username on the server-side too.

For this you could insert the following lines of code into ChapAuthenticationImpl.php below the block for checking if the pwd is empty (line 205):
// Check if the plaintext password is the same as the username.
else if ($this->passwordPlainTextTransform($username, $challenge1) == $password)
{
throw new ChapAuthenticationException('Password cannot be equal to the username');
}

]]> By: PJ http://unitstep.net/blog/2008/03/29/a-challenge-response-ajax-php-login-system/comment-page-1/#comment-100844 PJ Sun, 30 Mar 2008 21:42:34 +0000 http://unitstep.net/blog/2008/03/29/a-challenge-response-ajax-php-login-system/#comment-100844 Thanks, I'll try it out and try to comment on it later on this week! Thanks, I’ll try it out and try to comment on it later on this week!

]]>