ab5ni
Posts: 177
|
| Posted: 02/14/2007, 8:28 AM |
|
Hi folks,
We're trying to get our Login page to work with PHP's md5() encrytion function,
and thus far we've not had any luck  . Basically, we have an "Add/Edit" user
page (Grid/Record builder), and when we call "BEFORE INSERT" event code,
we encrypt the the control value, thus stashing it in the password field in the database.
This works well. No problems with either adding or editing users.
By default, CCLoginUser() in Common.php (which checks the password) only
supports clear-text passwords. We've tried modifying the published-server version
of Common.php's CCLoginUser(), making it encrypt the password and then proceed
with it's check, but this does not work.
Anywho, we were wondering if anyone else out there has run across this problem
and found a better solution? If so, then please speak up and fill in the masses  .
Best Regards and TIA!
Randall
_________________
Randall Jouett
Amateur Radio: AB5NI
I eat spaghetti code out of a bit-bucket while sitting at a hash table! And yes, I paid for the meal in cache!
|
 |
 |
swami
Posts: 54
|
| Posted: 02/14/2007, 8:48 AM |
|
I don't use the common file on your login page if you modifiy it in the login_events.php file you can do the following
note the following
$Container->password->SetValue(md5($Container->password->GetValue()));
//Login @4-8DE77B20
global $CCSLocales;
$Container->password->SetValue(md5($Container->password->GetValue()));
if ( !CCLoginUser( $Container->login->Value, $Container->password->Value)) {
$Container->Errors->addError($CCSLocales->GetText("CCS_LoginError"));
$Container->password->SetValue("");
$Login_Button_DoLogin_OnClick = 0;
} else {
global $Redirect;
$Redirect = CCGetParam("ret_link", $Redirect);
$Login_Button_DoLogin_OnClick = 1;
}
//End Login
|
|
|
|
ab5ni
Posts: 177
|
| Posted: 02/14/2007, 11:34 AM |
|
Hello, swami, and thanks for the reply.
Your suggestion worked perfectly. Thanks a bunch! We had one more problem
to solve, and after much hair-pulling, we finally figured it out
Our original password field length in the user table was only 25 characters long,
but md5() can generate encrypted text much longer than this amount. To keep
this short, the database was truncating the MD5 hash, chopping the string off
at 25 characters. When we'd encrypt the $Container->password->GetValue() variable,
it was the right length, but the table value was chopped, so no match .
Yes, it's one of those days!
Again, thanks, swami, and best reguards....
Randall
_________________
Randall Jouett
Amateur Radio: AB5NI
I eat spaghetti code out of a bit-bucket while sitting at a hash table! And yes, I paid for the meal in cache!
|
|
|
|
swami
Posts: 54
|
| Posted: 02/14/2007, 12:29 PM |
|
anytime
|
|
|
|
Benjamin Krajmalnik
|
| Posted: 02/14/2007, 7:33 PM |
|
By definition an MD5 hash is 32 characters.
|
|
|
|
ab5ni
Posts: 177
|
| Posted: 02/15/2007, 2:33 PM |
|
Hi Benjamin,
>md5 is 32 chars...
Ah didn't know that it was fixed. Nice to know.
Thanks for the info, dewd.
Best Regards,
Randy
_________________
Randall Jouett
Amateur Radio: AB5NI
I eat spaghetti code out of a bit-bucket while sitting at a hash table! And yes, I paid for the meal in cache!
|
|
|
|
whiterabbitwond
Posts: 28
|
| Posted: 04/03/2007, 11:31 AM |
|
THANKS!
It worked for me too. Just add that one line into the already generated Login event code attached to the Login button.
$Container->password->SetValue(md5($Container->password->GetValue()));
Just be aware, that there may be issues when upgrading since existing code was modified....
Have not confirmed that though.
|
|
|
|
|
