firesphere

Anyway, good night and imagine pleasant nonsense people!

firesphere

If you want a custom login form, you're better off posting your login/register data to the Security Controller, and hook in to the various extension points it provides, instead of trying to do it completely yourself 🙂

firesphere

Admitted, that is a very low usecase, but it could happen

firesphere

You're also attempting to save a member with a null password, that's quite dangerous, because it is not a direct relation to the new member it's password. There is, depending on your PHP setting, a change your new member's password is accepted and send back as an empty string instead of null

firesphere

Authentication and Authorisation is a complex beast and you're trying to solve something in a simple way. I would say, have a look at ways to extend the login properly. Right now, you're just assuming instead of accepting. If you don't investigate and get it right, I foresee a lot of painful moments in your future

firesphere

Secondary, the login method should give you something to go with, e.g. true or false, so that's something to keep in mind. Like I said, you're "just" adding new members, when someone registers with an existing address, you're entirely ignoring the error thrown

firesphere

Your login has quite a few issues actually.... but ignoring validation is indeed your primary issue

firesphere

You're also not properly validating the password, you're assuming it's a new member....

alt

I found the issue; I wasn't redirecting back when there were form errors, and password validation has improved 😛

👍 (1)