This login authorization is performed in PHP, it is activated after the login credentials have been validated in javascript.
It utiulizes the password_verify() function to determine if the hashed password matches the submitted password for the submitted username.
- If SUCCESFUL: The user will be logged in to the site, and their credntials will be stored as $_SESSION variables.
This is a validation form that utilizes a REGEX pattern to check the validity of a submitted email address during registration.
It checks the submitted passwords for various conditions, namely the length requirements, and communicates any invalid fields.
This screenshot showcases how we assign our valriables, as well as the event listener and prevention of form submission.
1) Checks the file size of the image, if it exceeds 125 kilobytes, it won't be accepted, and an error message will display above the submission field.
2) Determines the file extension of the photo against a pre-constructed array of accepted file extensions (.png, .jpg, .gif). If it is not an acceptable file type, an error message will be displayed above the submission field.
Below we have attached a collection of screenshots showing off some of the common errors that users may run into as they learn the flow of the website.
We have also tried to showcase how we have handled other requests: such as having sql queries return empty-handed, and critical interactions requiring browser confirmations.
Other Errors are hard to show as they are often redirects, such as not being logged in but accessing a restricted site, but we welcome any bug/penetration testing!