It is

My got this is fucking awesome @johnolithicsoftware

https://www.fashbook.biz/ @everyone you are required to have a fashbook account

@johnolithicsoftware dm

Why did it send me my password in an email after I signed up

Websites shouldn’t store passwords in plain text

This website is not close to being done.

But it’s something, I like it

It looks good so far, just triggered my autism lol

the low popularity of it will keep us low enough for now

it can be fixed as we go

but it must be fixed at some point

Well 42 Membera as we stand now

basically nonexistant in web map

I am doing some testing on it.

Sending an email with the text that was entered into a form field doesn’t necessarily mean that it’s storing the passwords unencrypted, but it isn’t that comforting lol. The important thing is that if I forget my password, the website should not have the capability of telling me what it is, because it should only know my hashed, encrypted password

@johnolithicsoftware get on I found a big problem that allows me to login in under anyones account thanks

It's not unencrypted. The website has SSL

So it's not unencrypted

it gets encrypted when it goes through the website

It allows you to log in under anyone's name?

How?

John hop on vc

TKCC

Welcome to BetaTesting

Basic
<#463848221731717142>
#default

wot

I made that

oh

that is fucking worrying

It for us to post any problems we find.

Okay I'm on VC

Also, as a word of advice, verify someone’s email before reminding them what their username and password are. You don’t have to remind them anyways, but at least make sure they didn’t mistype their email first lol

Yeah I wanted to make it convenient.

The best security procedures are really inconvenient

I’m not trying to be an asshole or anything, I’m not exactly a security expert, this one thing is about all I know. That, and sanitize your PHP inputs lol

sanitize the PHP inputs?

Got a Fashbook.
gm_haifisch

I don’t know very much about sanitizing PHP inputs, except that it’s a pain and it’s important. Basically, if there is input that goes to a PHP page, you need to make sure it doesn’t contain anything that could be used to subvert the intention of the input. People can trick PHP into accepting phony code really easily if it isn’t done. It’s especially common in password fields and such. Generally, everyone hates PHP and tries to avoid it, and yet end up getting wrapped up in it anyways. I’ll post a video related to PHP sanitizing, hopefully it will help.

I added you to the group.

Well, I did do such a thing for some of the PHP, like on the entrance page. Where fake PHP inputs are used and through script replaced by real ones which are not visible to the eye.

https://youtu.be/_jKylhJtPmI
Ah, it’s SQL injection, but yeah it’s related to PHP