Permalink
Browse files

added length checks

  • Loading branch information...
1 parent a9c5ba0 commit 0ea86223fa4d1b4602d8c931ea599ccbeccc800e Sunny Singh committed Oct 3, 2011
Showing with 12 additions and 1 deletion.
  1. +12 −1 signup.php
View
@@ -17,9 +17,20 @@
// In a typical situation, you will have a form with the "method" attribute set to "post" with an input of name "password"
$password = $_POST["password"];
+// Passwords should never be longer than 72 characters to prevent DoS attacks
+if (strlen($password) > 72) { die("Password must be 72 characters or less"); }
+
// The $hash variable will contain the hash of the password
$hash = $hasher->HashPassword($password);
-// store the value of $hash in a database or something
+if (strlen($hash) >= 20) {
+
+ // store the value of $hash in a database or something
+
+} else {
+
+ // something went wrong
+
+}
?>

0 comments on commit 0ea8622

Please sign in to comment.