| T O P I C R E V I E W |
| optimus |
Posted - 27 November 2005 : 09:36:53
Hi, I'm a newb here so thanks very much in advance. I don't actually have a site yet I'm just testing everything locally right now.
I would like to add a column called user_level to the table forum_members. Then I would like to have admin-restricted content on my site, which is not related to the forum. I want to have a login screen that gets the user name and password, and checks those against the record in forum_members, where user_level is greater than some number, and the usernames and passwords match.
I would know how to implement this, except the forum_members stores the password's hash, not the clean text for the password. I have been trying to figure out what to do. I think inc_sha256.asp is related somehow to being able to verify passwords, but I can't figure that out.
Am I on the right track? From what I understand, it is not possible to turn the password's hash into clean text, but how do I verify the user's password on my admin login screen? Is what I'm trying to do even possible?
EDIT: I thought about this some more. Is it possible to convert whatever the user enters in the password input box to hash, then compare that to the hash in m_password?
< Moved to MOD Add-On Forum (W/O Code) by Shaggy />< |
| 5 L A T E S T R E P L I E S (Newest First) |
| optimus |
Posted - 27 November 2005 : 18:19:25
 Ooops, I was not including inc_sha256.asp correctly. It's working now, thanks for the quick replies!< |
| Roger Fredriksson |
Posted - 27 November 2005 : 17:39:00
I use mlev=4 to restrict access to admin-only pages outside the forum. On the pages I have
<!--#INCLUDE FILE="config.asp"-->
<!--#INCLUDE FILE="inc_sha256.asp"-->
<!--#INCLUDE FILE="inc_header.asp" --> or <!--#INCLUDE FILE="inc_header_short.asp" -->
and then I use If mlev<4 then .. no access ..endif< |
| optimus |
Posted - 27 November 2005 : 17:09:30
quote:
Originally posted by Nertz
That's exactly what you need to do, pass the password to sha256 and then compare the hashes.
Wow thanks for the quick response. Alright, I included the file inc_sha256.asp on my admin login page, and i passed the password to sha256(), but I get an error which i paraphrased a bit:
# Error Type:
Microsoft VBScript runtime (0x800A000D)
Type mismatch: 'sha256'
/siteroot/admin_login.asp, line 81
--------------------------------
the code for admin_login.asp around line 81 looks like this:
password=request("password")
password= sha256("" & password) 'line 81
--------------------------------
So it doesn't like the way i'm calling sha256() or something. Do I need to include any more files for the function to work? Or am I passing the password to the function incorrectly? Something else wrong maybe? Thanks!< |
| Nertz |
Posted - 27 November 2005 : 12:27:49
quote:
Originally posted by optimus
EDIT: I thought about this some more. Is it possible to convert whatever the user enters in the password input box to hash, then compare that to the hash in m_password?
That's exactly what you need to do, pass the password to sha256 and then compare the hashes.
cheers,
Nat< |
| Roger Fredriksson |
Posted - 27 November 2005 : 12:27:38
No, I do not think that you are on right track. I think you can do everything you want to do by settings in Admins Section for user groups and Universal login-mod. I am a newbie myself and I run a heavily modded version so it is better for you to get answers from pros - please step in and explain. Meanwhile, use search and readme etc.< |
|
|
