11-27-2017, 07:28 PM
First of all, thank you for the fantastic work! I was able to include the header improvements. I put them in usersc/includes so that people can edit them as needed.
Regarding the password strength, there are a few things we'll need to do to get it fully backed.
I think the strength required should be a variable set in the db (it appears to be 0-5). That shouldn't be too hard but it will take some time.
I also think the includes should only be included on files that need them. I'd rather not include a bunch of stuff in the header or footer, so I put a users/includes/password_meter.php to store all this code at once.
The other issue we have is that if we're relying on JS to prevent weak passwords, users could be running noscript or something similar and that would cause issues.
Finally, whatever we do, should be across the board. Otherwise a user will have a strong pw at signup and then just change it in user_settings where we can't block the update button because people might not be updating their pw.
Still have to work through some details. Thanks for everything!
Regarding the password strength, there are a few things we'll need to do to get it fully backed.
I think the strength required should be a variable set in the db (it appears to be 0-5). That shouldn't be too hard but it will take some time.
I also think the includes should only be included on files that need them. I'd rather not include a bunch of stuff in the header or footer, so I put a users/includes/password_meter.php to store all this code at once.
The other issue we have is that if we're relying on JS to prevent weak passwords, users could be running noscript or something similar and that would cause issues.
Finally, whatever we do, should be across the board. Otherwise a user will have a strong pw at signup and then just change it in user_settings where we can't block the update button because people might not be updating their pw.
Still have to work through some details. Thanks for everything!