rbroder
Posts: 67
|
| Posted: 02/04/2013, 5:42 PM |
|
I am using CCS 5. My database is MS access. I have set the password encryption in the Project settings to Code Expression: MD5({password}). I will be using the Code Charge generated login form for authentication. However, within the program I am generating a password for the user, emailing it to him and then inserting it into the Access database after using ccEncryptString function on it. When I then try to access my protected form, I am taken to the login screen, but the credentials do not work. I have used the Encryption key in the Advanced Security Settings as the key in the ccEncryptString function.
Is the ccEncryptString using something other than what I have specified in the Advanced Security Settings?
|
 |
 |
Livinus
Posts: 48
|
| Posted: 02/04/2013, 6:42 PM |
|
If you are generating the password programatically and sending to the user, I am suspecting you are sending the encrypted version to the user. The plain text password is what goes to the user. All your require is to save the encrypted version of it to the database either by code or through a password maintenance form.
|
|
|
|
rbroder
Posts: 67
|
| Posted: 02/04/2013, 6:49 PM |
|
I sent the email to myself. I am getting the plain text generated password. The problem is that when I use that plain text password in the log in form, it always fails to authenticate.
|
|
|
|
rbroder
Posts: 67
|
| Posted: 02/04/2013, 6:52 PM |
|
I guess I'm asking if I have to specify ccEncryptString() in the Advanced Security Settings?
|
|
|
|
Livinus
Posts: 48
|
| Posted: 02/04/2013, 7:10 PM |
|
In the advanced setting in the Encrypt Password Using option you have to select the code expression and enter some thing like md5({password}) where password is the password field. After that attempt to create a new password and try to view the value of the password in the user table to ensure that it is encrypted. If it is then attempt to logon.
If you still have issues, I would recommend recreating the password form afresh using the wizard and specify all the parameters at once. I had to do that on one occasion before i could get it right
|
|
|
|
rbroder
Posts: 67
|
| Posted: 02/04/2013, 7:18 PM |
|
That's what I'm doing. Please re-read the original post.
|
|
|
|
rbroder
Posts: 67
|
| Posted: 02/04/2013, 9:34 PM |
|
Here's what I did. In the Advanced Security Settings, I used the code expression: ccEncryptString({password},"ENCRYPTION_KEY") where ENCRYPTION_KEY is shown in the same panel a few lines down.
So this means that I am not using MD5 encryption, but rather whatever the built-in function uses. If anyone knows how to use MD5 for everything, please respond.
Thanks
|
|
|
|
Livinus
Posts: 48
|
| Posted: 02/05/2013, 5:37 AM |
|
I really don't know at what point you generate your password but i want to assume you are using a user maintenance form for that purpose.If you set your code expression in advanced security settings to MD5({password}) take the following steps:
1. open the user maintenance page and select the user maintenance form
2. Create a hidden control named "preserved" or any name of your choice on the user maintenance form to preserve the old values of the password in case you are to update
3. Attach a preserve password action to the before show event of the form. In the preserve password action:
a: set the password control name to the name of the password control in the form
b: set the shadow control name to the hidden control you created in step 2
c: Leave the value to the default blank.
4. Attach an encrypt password action to the before build insert and the before build update events of the user maintenance form. In the encrypt password action:
a: set the password control name to the name of the password control in the form
b: set the shadow control name to the hidden control you created in step 2
c: Leave the value to the default blank.
5. Attach your custom codes to send the passwords and all that and i feel that should be all.
6. Insert a new login and password or update an existing one and attempt to login with the new credentials
|
|
|
|
