CodeCharge Studio
search Register Login  

Visual Web Reporting

Visually create Web Reports in PHP, ASP, .NET, Java, Perl and ColdFusion.
CodeCharge.com

YesSoftware Forums -> CodeCharge Studio -> ASP

 Unable to encrypt password from code

Print topic Send  topic

Author Message
rbroder

Posts: 67
Posted: 02/04/2013, 5:42 PM

I am using CCS 5. My database is MS access. I have set the password encryption in the Project settings to Code Expression: MD5({password}). I will be using the Code Charge generated login form for authentication. However, within the program I am generating a password for the user, emailing it to him and then inserting it into the Access database after using ccEncryptString function on it. When I then try to access my protected form, I am taken to the login screen, but the credentials do not work. I have used the Encryption key in the Advanced Security Settings as the key in the ccEncryptString function.

Is the ccEncryptString using something other than what I have specified in the Advanced Security Settings?
View profile  Send private message
Livinus

Posts: 48
Posted: 02/04/2013, 6:42 PM

If you are generating the password programatically and sending to the user, I am suspecting you are sending the encrypted version to the user. The plain text password is what goes to the user. All your require is to save the encrypted version of it to the database either by code or through a password maintenance form.
View profile  Send private message
rbroder

Posts: 67
Posted: 02/04/2013, 6:49 PM

I sent the email to myself. I am getting the plain text generated password. The problem is that when I use that plain text password in the log in form, it always fails to authenticate.
View profile  Send private message
rbroder

Posts: 67
Posted: 02/04/2013, 6:52 PM

I guess I'm asking if I have to specify ccEncryptString() in the Advanced Security Settings?
View profile  Send private message
Livinus

Posts: 48
Posted: 02/04/2013, 7:10 PM

In the advanced setting in the Encrypt Password Using option you have to select the code expression and enter some thing like md5({password}) where password is the password field. After that attempt to create a new password and try to view the value of the password in the user table to ensure that it is encrypted. If it is then attempt to logon.

If you still have issues, I would recommend recreating the password form afresh using the wizard and specify all the parameters at once. I had to do that on one occasion before i could get it right
View profile  Send private message
rbroder

Posts: 67
Posted: 02/04/2013, 7:18 PM

That's what I'm doing. Please re-read the original post.
View profile  Send private message
rbroder

Posts: 67
Posted: 02/04/2013, 9:34 PM

Here's what I did. In the Advanced Security Settings, I used the code expression: ccEncryptString({password},"ENCRYPTION_KEY") where ENCRYPTION_KEY is shown in the same panel a few lines down.

So this means that I am not using MD5 encryption, but rather whatever the built-in function uses. If anyone knows how to use MD5 for everything, please respond.

Thanks
View profile  Send private message
Livinus

Posts: 48
Posted: 02/05/2013, 5:37 AM

I really don't know at what point you generate your password but i want to assume you are using a user maintenance form for that purpose.If you set your code expression in advanced security settings to MD5({password}) take the following steps:

1. open the user maintenance page and select the user maintenance form

2. Create a hidden control named "preserved" or any name of your choice on the user maintenance form to preserve the old values of the password in case you are to update

3. Attach a preserve password action to the before show event of the form. In the preserve password action:
a: set the password control name to the name of the password control in the form
b: set the shadow control name to the hidden control you created in step 2
c: Leave the value to the default blank.

4. Attach an encrypt password action to the before build insert and the before build update events of the user maintenance form. In the encrypt password action:
a: set the password control name to the name of the password control in the form
b: set the shadow control name to the hidden control you created in step 2
c: Leave the value to the default blank.

5. Attach your custom codes to send the passwords and all that and i feel that should be all.

6. Insert a new login and password or update an existing one and attempt to login with the new credentials


View profile  Send private message

Add new topic Subscribe to topic   


These are Community Forums for users to exchange information.
If you would like to obtain technical product help please visit http://support.yessoftware.com.

Web Database

Join thousands of Web developers who build Web applications with minimal coding.
CodeCharge.com

Home   |    Search   |    Members   |    Register   |    Login


Powered by UltraApps Forum created with CodeCharge Studio
Copyright 2003-2004 by UltraApps.com  and YesSoftware, Inc.