07-16-2017, 08:34 PM
Ah, I see in your original post that you said registration, not login! Apologies for that, I lost you some time.
The reason the passwords don't match is because in the "matches" validation rule, the ingoing value ($_POST['confirm']) is sanitized while the value it matches ($_POST['password']) is not. Change this line in 'classes/Validation/php' (at or around line 54):
to:
Also, don't forget to bypass sanitizing of the password you send to the User->create() method on join.php line 182, using the modification we made to the Input class before:
to
Let me know if this works, I can't test it myself right now unfortunately.
The reason the passwords don't match is because in the "matches" validation rule, the ingoing value ($_POST['confirm']) is sanitized while the value it matches ($_POST['password']) is not. Change this line in 'classes/Validation/php' (at or around line 54):
Code:
case 'matches':Code:
if ($value != $source[$rule_value]) {Code:
case 'matches':Code:
if ($value != sanitize($source[$rule_value])) {Also, don't forget to bypass sanitizing of the password you send to the User->create() method on join.php line 182, using the modification we made to the Input class before:
Code:
password_hash(Input::get('password'), PASSWORD_BCRYPT, array('cost' => 12)),Code:
password_hash(Input::get('password', true), PASSWORD_BCRYPT, array('cost' => 12)),Let me know if this works, I can't test it myself right now unfortunately.