Aaron
Posts: 145
|
| Posted: 03/24/2004, 10:07 AM |
|
I am trying to use the login builder to make a secure entry to our database.
I'm using mySQL and php with CCS 2. In the data base, if I change the password Funtion field to plain text, then I can get access with the login page. If i change the password Function field in the DB to either MD5 or PASSWORD, I cannot get in. I get an error that there is an invalid username/password. I'm guessing it's a simple setting I haven't found yet.
Any help?
Thanks.
Aaron
|
 |
 |
peterr
Posts: 5971
|
| Posted: 03/24/2004, 6:23 PM |
|
I'm not aware of such setting.
You may need to modify the login code (the code assigned to the DoLogin button) on the login form.
Also see http://forums.codecharge.com/posts.php?post_id=25417
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
Aaron
Posts: 145
|
| Posted: 03/25/2004, 2:12 PM |
|
Thanks. Think that'll take care of it
|
|
|
|
Scott Senay
|
| Posted: 03/26/2004, 4:25 AM |
|
Please forgive me for being dense, but the above thread has been SIGNIFICANTLY less than helpful. Perhaps it is due to me being dense, or that the question wasn't framed correctly I don't know. However, here is what I have to work with:
In the MySQL database that holds my user information the user_password field is stored as an MD5 hash. In otherwords when a new record is created in another part of the system it is first turned intoi a hash before being saved.
When the login form goes to authenticate, it is taking what I type, pulling a record with a matching username, and comparing the two bits of date. OBVIOUSLY, the system must first do;
$user_password = MD5($user_password);
Or validation will fail...
My QUESTION IS... Where do I insert EXACTLY this code?
|
|
|
|
Aaron
Posts: 145
|
| Posted: 03/26/2004, 5:30 AM |
|
Ah, yes. That was exactly my question... thanks :)
That's exactly what I was trying to ask/say. Would be interested in the answer to that one as well...
|
|
|
|
Scott Senay
|
| Posted: 03/26/2004, 6:54 AM |
|
So it goes this way, being the impatient type, I fixed it myself...
Simply change this section of code in Login_events.phgp from this:
global $Login;
if(!CCLoginUser($Login->login->Value, $Login->password->Value))
{
$Login->Errors->addError("Login or Password is incorrect.");
$Login->password->SetValue("");
$Login_Button_DoLogin_OnClick = false;
}
To this:
global $Login;
$passwd = MD5($Login->password->Value);
if(!CCLoginUser($Login->login->Value, $passwd))
{
$Login->Errors->addError("Login or Password is incorrect.");
$Login->password->SetValue("");
$Login_Button_DoLogin_OnClick = false;
}
And everything will behave as it should... Now for the funky part, this change MUST be made AFTER uploading the files to your site... Everytime I try and do it in CCStudio, hitting generate blows away all the changes... I'd call this a HUGE bug in CCStudio, one that is left over from CC since it does the same thing...
Scott...
|
|
|
|
carolcastro
Posts: 24
|
| Posted: 03/26/2004, 7:03 AM |
|
I had a problem like this before. I corrected my problem adding one line to the common.php.
function CCLoginUser($login, $password)
{
$db = new clsDBIntranet();
// Added Line
$password = md5($password);
// Added by Carol Castro
$SQL = "SELECT iduser, nivel FROM users WHERE username=" . $db->ToSQL($login, ccsText) . " AND senha=" . $db->ToSQL($password, ccsText);
$db->query($SQL);
$Result = $db->next_record();
if($Result)
{
CCSetSession("UserID", $db->f("iduser"));
CCSetSession("UserLogin", $login);
CCSetSession("GroupID", $db->f("nivel"));
}
$db->close();
return $Result;
}
But when you are adding or updating a user you must add the code before the events of update and insert to change the field password to
md5(password).
Bye!
_________________
Carol Castro |
|
|
|
Aaron
Posts: 145
|
| Posted: 03/26/2004, 8:43 AM |
|
Cool. Thanks guys!
|
|
|
|
Scott Senay
|
| Posted: 03/26/2004, 10:11 AM |
|
About the only problem with making a change like that to the common file is that it effects EVERY project you work on from that point on... So if for example you have another project that is using a different hash or encryption routine, you'll be stuck again... Otherwise, smashing thought!
Scott...
|
|
|
|
|
