|
@@ -718,10 +718,9 @@ The database authentication middleware defines three new routes:
|
718
|
718
|
A user can be logged in by sending it's username and password to the login endpoint (in JSON format).
|
719
|
719
|
The authenticated user (with all it's properties) will be stored in the `$_SESSION['user']` variable.
|
720
|
720
|
The user can be logged out by sending a POST request with an empty body to the logout endpoint.
|
721
|
|
-The passwords are stored as hashes in the password column in the users table. To generate the hash value
|
722
|
|
-for the password 'pass2' you can run on the command line:
|
723
|
|
-
|
724
|
|
- php -r 'echo password_hash("pass2", PASSWORD_DEFAULT)."\n";'
|
|
721
|
+The passwords are stored as hashes in the password column in the users table. You can register a new user
|
|
722
|
+using the register endpoint, but this functionality must be turned on using the "dbAuth.regsiterUser"
|
|
723
|
+configuration parameter.
|
725
|
724
|
|
726
|
725
|
It is IMPORTANT to restrict access to the users table using the 'authorization' middleware, otherwise all
|
727
|
726
|
users can freely add, modify or delete any account! The minimal configuration is shown below:
|