Comments (5)
What exactly do you mean? It is possible to login from multiple locations at once, yes. For that you need to have a matching username / password combination or somehow get access to the other users session ID. This also applies to guest users.
At least on the installation you are referring to, passwords may be left empty by guests, which might or might not be what you are actually pointing out here.
from le-chat-php.
from le-chat-php.
I see, this is not a bug, but a feature. Suppose the session timeout is 20 minutes and your browser crashes, you will have to log back in to another user if logging back in to the same user was not allowed. This is why logging in to an already logged in user is a necessary feature. It will also allow you to work across devices, without having to logout. I agree, letting a guest have a weak/empty password is not really a good thing and thus it's an option that can be changed. However I'm tired of receiving several mails per week, asking for a password, when the login page already tells those users to choose one. Thus I have disabled the strong password requirement on the chat you named as example.
In your own chat setup, you can change the option "Minimal password length" as well as "Password regex" to define your own rules on how long passwords have to be and which complexity they need to have, like checking that they have upper-/lowcase characters, numbers and special characters.
from le-chat-php.
from le-chat-php.
Like I stated previously, it's an easy to change setting that can be changed by an admin, by requiring a password and not allow an empty one.
In context of Tor, we have little to no data to identify a user. Everyone looks the same, there are no IPs and (hopefully) the majority will use TorBrowser. The only thing that can be done is to not allow re-logging in to a user when there is already someone logged in on that name, which would however also mean, that if a user restarts the browser, they will be forced to change to a new user.
As for the regex, it's not used for sanitation. It is only used to enforce a specific pattern to be used in passwords, e.g. not to allow passwords that have only lowercase characters, but no numbers or uppercase characters. SQL sanitation is done using PDO prepared statements.
from le-chat-php.
Related Issues (20)
- is it possible loading videos like pictures? HOT 2
- Security Issue HOT 1
- Sending a message gives me "session expired" HOT 1
- Add a Report button for links
- User friendly nickname filter
- Markdown support HOT 1
- Vulnerable Moderator Approval and Captcha HOT 2
- SQL errors at guest login HOT 8
- Fail to deploy le-chat-php to Replit HOT 3
- .
- Kick all guests does not work HOT 1
- [Locale] Add locales for Hindi Language HOT 4
- php 8.1 or 8.2 HOT 13
- Like system
- Error when mbstring extension is not installed HOT 1
- Error when intl extension is not installed HOT 1
- i paid for member login privileges and I'm not able to log in. HOT 1
- Error when gettext extension is not installed
- Vercel Deployment
- Add end to end Encryption
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from le-chat-php.