Implement new session system

I replaced the old login system with a more secure one. Instead of storing cookies containing the username and plaintext password, the password is submitted once to obtain a session hash, which is valid for a given length of time. Registering and logging in is now done via an iframe, which prevents custom javascript from having access to the password field. Site admins need to run the following SQL before updating, or else all of your logins/registrations will fail: ALTER TABLE `registrations` ADD `session_hash` VARCHAR( 64 ) NOT NULL , ADD `expire` BIGINT NOT NULL
2013-04-25 22:50:12 -05:00 · 2013-04-25 22:50:12 -05:00 · 3a7acd0526
commit 3a7acd0526
parent db2e5e20b9
10 changed files with 312 additions and 61 deletions
--- a/www/index.html
+++ b/www/index.html
@ -29,10 +29,7 @@
              <li><a href="help.html">Help</a></li>
            </ul>
            <div class="navbar-form pull-right" id="loginform">
-                <input class="span2" id="username" type="text" placeholder="Username">
-                <input class="span2" id="password" type="password" placeholder="Password">
-                <button class="btn" id="login">Login</button>
-                <button class="btn" id="register">Register</button>
+                <button class="btn" id="login">Login/Register</button>
            </div>
            <div class="navbar-form pull-right" id="logoutform" style="display: none;">
                <button class="btn" id="logout">Logout</button>