Author Topic: SMART LOGIN  (Read 108 times)

Offline Vasiliy

  • Posts: 35
  • Gender: Male
SMART LOGIN
« on: September 27, 2018, 09:43:42 PM »
Hello!

In file login_form.php
Can you explain why the field 'username' is added 'username_fieldname'?
Why need to change the name and add a string to the name?

Quote
$username_fieldname = 'username';
$password_fieldname = 'password';
if(defined('SMART_LOGIN') && SMART_LOGIN == 'true') {
    $sTmp = '_'.substr(md5(microtime()), -8);
    $username_fieldname .= $sTmp;
    $password_fieldname .= $sTmp;
}

Offline DarkViper

  • Forum administrator
  • *****
  • Posts: 2976
  • Gender: Female
Re: SMART LOGIN
« Reply #1 on: September 28, 2018, 02:18:51 AM »
It's only about the old method to obfuscate the names of the arguments. Another kind of protection against bots.
Der blaue Planet - er ist nicht unser Eigentum - wir haben ihn nur von unseren Nachkommen geliehen

"You have to take the men as they are… but you can not leave them like that !" :-P
Das tägliche Stoßgebet: Oh Herr, wirf ihnen Hirn vom Himmel !

Offline Vasiliy

  • Posts: 35
  • Gender: Male
Re: SMART LOGIN
« Reply #2 on: September 28, 2018, 09:06:05 AM »
Hello!

The field name 'username_fieldname' will not save you from the bots. You need to at least control this name.
For example, write it in session and then check it.
If the bot itself generates these names, then at least make sure that it is made by the website.