Author |
Topic |
|
Gekkenhuis X
Starting Member
Netherlands
2 Posts |
Posted - 11 September 2003 : 13:20:21
|
Hi all!
I am new to Snitz as well as to ASP coding. I am trying to build a portal for my website. The general idea is to have one logon for all applications. But this won't work because of the password encoding on the Snitz forum. Validation should go through the Snitz database.
I have downloaded the sha256 code from the url I got here; http://forum.snitz.com/forum/topic.asp?TOPIC_ID=47311. But I haven't got a single clue of how I should implement it into my portal.
I am building the portal with Dreamweaver. Below is the logonpage - what should be added so I can logon with sha256 encoding? I have been googling for it, but couldn't find anything.
<%@LANGUAGE="VBSCRIPT"%> <!--#include file="../Connections/Forum_database.asp" --> <!--#include file="../forum/inc_sha256.asp" --> <% Dim Gebruikers Dim Gebruikers_numRows
Set Gebruikers = Server.CreateObject("ADODB.Recordset") Gebruikers.ActiveConnection = MM_Forum_database_STRING Gebruikers.Source = "SELECT M_NAME, M_PASSWORD FROM FORUM_MEMBERS ORDER BY M_NAME ASC" Gebruikers.CursorType = 0 Gebruikers.CursorLocation = 2 Gebruikers.LockType = 1 Gebruikers.Open()
Gebruikers_numRows = 0 %> <% ' *** Validate request to log in to this site. MM_LoginAction = Request.ServerVariables("URL") If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString MM_valUsername=CStr(Request.Form("username")) If MM_valUsername <> "" Then MM_fldUserAuthorization="" MM_redirectLoginSuccess="logoff.asp" MM_redirectLoginFailed="error.asp" MM_flag="ADODB.Recordset" set MM_rsUser = Server.CreateObject(MM_flag) MM_rsUser.ActiveConnection = MM_Forum_database_STRING MM_rsUser.Source = "SELECT M_NAME, M_PASSWORD" If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization MM_rsUser.Source = MM_rsUser.Source & " FROM FORUM_MEMBERS WHERE M_NAME='" & Replace(MM_valUsername,"'","''") &"' AND M_PASSWORD='" & Replace(Request.Form("password"),"'","''") & "'" MM_rsUser.CursorType = 0 MM_rsUser.CursorLocation = 2 MM_rsUser.LockType = 3 MM_rsUser.Open If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then ' username and password match - this is a valid user Session("MM_Username") = MM_valUsername If (MM_fldUserAuthorization <> "") Then Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value) Else Session("MM_UserAuthorization") = "" End If if CStr(Request.QueryString("accessdenied")) <> "" And false Then MM_redirectLoginSuccess = Request.QueryString("accessdenied") End If MM_rsUser.Close Response.Redirect(MM_redirectLoginSuccess) End If MM_rsUser.Close Response.Redirect(MM_redirectLoginFailed) End If %>
<html> <head> <title>logon</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <link href="../system/css/fonts.css" rel="stylesheet" type="text/css"> <link href="../system/css/interface.css" rel="stylesheet" type="text/css"> <link href="../system/css/colors.css" rel="stylesheet" type="text/css"> <script language="JavaScript" type="text/JavaScript"> <!--
function MM_displayStatusMsg(msgStr) { //v1.0 status=msgStr; document.MM_returnValue = true; } //--> </script> </head>
<body leftmargin="5" topmargin="15"> <form ACTION="<%=MM_LoginAction%>" name="logon" method="POST"> <table width="145" height="155" border="1" bordercolor="#000000"> <tr> <td><table width="100%" height="100%" border="0" bgcolor="30507F" class="text_tiny"> <tr> <td valign="bottom"><div align="center">inlognaam</div></td> </tr> <tr> <td><div align="center"> <input name="username" type="text" id="username" size="15" maxlength="15"> </div></td> </tr> <tr> <td valign="bottom"><div align="center">wachtwoord</div></td> </tr> <tr> <td><div align="center"> <input name="password" type="password" id="password" size="15" maxlength="15"> </div></td> </tr> <tr> <td class="button"><div align="center" class="button"> <p> <input type="submit" name="Submit" value="aanmelden"> </p> </div></td> </tr> <tr> <td><div align="center"><a href="../forum/register.asp" target="_top" onMouseOver="MM_displayStatusMsg('Registratieformulier');return document.MM_returnValue" onMouseOut="MM_displayStatusMsg('');return document.MM_returnValue">Registreren</a></div></td> </tr> </table></td> </tr> </table> </form> </body> </html> <% Gebruikers.Close() Set Gebruikers = Nothing %>
Thanx in advance! Chris |
Edited by - Gekkenhuis X on 12 September 2003 02:53:46 |
|
Gremlin
General Help Moderator
New Zealand
7528 Posts |
Posted - 12 September 2003 : 09:28:18
|
Just use the inc_sha256.asp file already included in the snitz forum download.
Basically all you need to do is run all passwords through the function to encrypt them before storing in the database, and then when a user logs on you take their password, encrypt it again and compare the encrypted value against that stored in the database.
All you need to do is include the inc_sha256.asp file on your login page, and call the SHA256 function like this
EncryptedPassowrd = SHA256("ClearTextPassWord") |
Kiwihosting.Net - The Forum Hosting Specialists
|
|
|
Gekkenhuis X
Starting Member
Netherlands
2 Posts |
Posted - 12 September 2003 : 14:01:19
|
Thanx Gremlin!
I added the inc_sha256.asp file (like shown above), added this piece of code - EncPassword = SHA256(Request.Form("password")) - and changed - Request.Form("password") - later on in the code into EncPassword and it worked. I can now logon, using my own code and the Snitz database and it's encryption. |
Edited by - Gekkenhuis X on 12 September 2003 14:01:55 |
|
|
Gremlin
General Help Moderator
New Zealand
7528 Posts |
Posted - 14 September 2003 : 02:09:56
|
Great ! :) |
Kiwihosting.Net - The Forum Hosting Specialists
|
|
|
|
Topic |
|