Differences

This shows you the differences between two versions of the page.

--- plugin:securelogin [2018-02-17 11:28] – mattfiddles
+++ plugin:securelogin [2018-02-17 11:37] – how it works mattfiddles
@@ Line 61: / Line 61: @@
 </code>
-The javascript on the page takes the form's password variable `p=MySecretPa$$word` and encrypts as the variable `securelogin`, using the provided salt. It also replaces `p`'s value with stars so it can't submit the password in the clear.
+The javascript on the page takes the form's password variable `p=MySecretPa$$word`, encrypts it with the provided salt (changed on every page load), and sets the result as `securelogin`. It also replaces `p`'s value with stars so it can't submit the password in the clear.
 When the server receives the data, it sees that `use_securelogin` is set to `1` (true), so it knows the password was encrypted. It will decrypt the `securelogin` variable and separate it from the salt value. From this it gets the `p=MySecretPa$$word` value, which it sets so the Dokuwiki authentication routines have it. Dokuwiki can then compare the passwords like it normally does.
-This same process happens during the add user, modify user, and edit profile options. This is what will be seen if someone views a user changing their password:
+This same process happens during the add user, modify user, and edit profile options. This is what will be seen if someone views a user changing their password (with this plugin active):
 <code>