-
Notifications
You must be signed in to change notification settings - Fork 790
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
#728 Encrypt user_id on account verification #774
base: develop
Are you sure you want to change the base?
Conversation
Thanks, looks very good! |
{ | ||
$user_id = Encryption::decrypt(Request::get("user_id")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Request::get("user_id") should be check for empty value otherwise exception is thrown
Check if user_id is empty before decryption, otherwise an exception will be thrown.
@slaveek It's fixed now, Thanks. |
You have changed the sendVerificationEmail() but what about sendPasswordResetMail() ? Do I need to change it too ? |
The password reset uses the user name instead of user id, that's why I changed sendVerificationEmail(). You can use the user id instead in sendPasswordResetMail(), encrypt it, and don't forget to pass it as a query argument. |
Hi @panique Will you be adding this to huge? |
Hi @di48l069, yes it's the plan but i had no time for review and merging yet :/ ... you know, working full time + summer is always tricky :) |
Hi @panique thank you for response haha I understand working full time is hectic no problem man i will just keep eye on pull request :P Thanks for this amazing secure framework it has helped my projects alot |
v |
Instead of passing user_id in the URL as action method argument, passing the encrypted version of user_id in query parameter will work just fine. The link looks long and ugly 馃槃 but in case you want a solution for #728