Antwerp
Posts: 24
|
| Posted: 03/01/2005, 7:33 AM |
|
I want to execute a query such as the following upon the click of my login button:
select userid, password from UserTable where userid=loginvalueprovidedbyuser and dbfunction(password)=passwordvalueprovidedbyuser
dbfunction(password) is a function residing in my database that encrypts the given password and matches it against the encrypted one in the database.
I changed the query (within buildSql()) in CCSTableAuthenticator.java. It gave me a null point exception. Am I not doing it right?? If there is a piece of code that I can add to my project to execute decryption for login, I would appreciate the help.
|
 |
 |
Anton Hinxman
|
| Posted: 03/29/2005, 12:46 PM |
|
I'm giving up Java - too diverse and not enough business in it (now doing much simpler and more profitable business) but here goes:
I basically hash code the password into a number.
Sorry that it is so badly documented but did not want to give this lot away to any old hacker.
// For main application login....
//Button_DoLogin OnClick Method Head @.......
public void onClick(Event e) {
//End Button_DoLogin OnClick Method Head
Control x = e.getPage().getRecord("Login").getControl("password");
if(x instanceof Control) {
x.setFormattedValue( config(x.getFormattedValue()) );
}
//Event OnClick Action Login @....
{
com.codecharge.util.Authenticator auth = com.codecharge.util.AuthenticatorFactory.getAuthenticator( e.getPage().getRequest() );
auth.setRequest( e.getPage().getRequest() );
auth.setResponse( e.getPage().getResponse() );
auth.invalidate();
if ( auth.authenticate( e.getComponent().getControl("login").getFormattedValue(), e.getComponent().getControl("password").getFormattedValue() ) ) {
String retLink = e.getPage().getHttpGetParams().getParameter("ret_link");
if (retLink != null) e.getPage().setRedirectString( retLink );
} else {
e.getParent().addError("Login or Password is incorrect.");
e.getPage().setRedirectString( null );
e.getComponent().getControl("password").setFormattedValue("");
}
}
//End Event OnClick Action Login
// for your user maintenance form ..........................................................
// User maintenance form
// ---------------------
//Event BeforeExecuteInsert Action Custom Code @59-44795B7A
/* -------------------------- *
* write your own code here *
* -------------------------- */
new PChange(e);
//End Event BeforeExecuteInsert Action Custom Code
//Event BeforeExecuteUpdate Action Custom Code @57-44795B7A
/* -------------------------- *
* write your own code here *
* -------------------------- */
new PChange(e);
//End Event BeforeExecuteUpdate Action Custom Code
public class PChange {
private PChange() {};
public PChange(DataObjectEvent e) {
String p = (new StringBuffer("dwpresu").reverse()).toString();
com.codecharge.db.SqlParameters sqlParams = (SqlParameters) e.getDataSource();
com.codecharge.db.SqlParameter z = (sqlParams != null ? ((SqlParameters)sqlParams).getSqlParameter(p) : null);
if(z == null) {
CCLogger.getInstance().debug("Error I");
} else {
try { Integer.parseInt( z.getValue().toString() ); }
catch (NumberFormatException nfe) {
try {
z.setValue( config( z.getValue().toString() ) );
} catch (java.text.ParseException ignore) {
CCLogger.getInstance().debug("Error II");
}
}
}
}
public String config(String p) {
int h = 0;
if(p instanceof String) {
byte x[] = p.toUpperCase().trim().getBytes();
for(int i=0; i < x.length; i++) { h += (x * (i+1)); }
}
return (h > 0 ? new Integer(h*11).toString() : "");
}
}
Basically, you need to crypt the entered password before it gets handled by the CCS code.
Regards
Anton
|
|
|
|
eserver220
Posts: 41
|
| Posted: 04/07/2005, 7:05 PM |
|
Quote Anton Hinxman:
I'm giving up Java - too diverse and not enough business in it (now doing much simpler and more profitable business)
It seems that you know java development a lot. Why you say that you are giving up Java?
I'd like to do more profitable business just like you, but I don't know what should be my next move. if you tell me more specifically, I'd appreciate very much.
|
|
|
|
Anton Hinxman
|
| Posted: 05/12/2005, 4:17 AM |
|
Gone sideways into "Portable Appliance Testing".
I have a background of electronics, I am qualified to do this, and now run a PAT testing company.
It's a UK thing where we have safety laws relating to electrical appliances at work.
The computers can not walk off to Bangalore!
Regards
Anton
|
|
|
|
|
