| Author |
 Topic  |
|
|
mboehmche
Starting Member
5 Posts |
 Posted - 19 October 2006 : 10:35:44
|
I'm curious about how the forum code encrypts a password?
I have my forum setup, but I also have other pages (non-forum pages) that need to be password protected. I've decided to use the snitz forum db, but in order to verify the password I need to un-encrypt the password first.
Basically, I have a page that asks for the username and password. Those are then sent to the next page where I simply check the entered values versus what's in the snitz database. So, I must un-encrypt the snitz db password entry and compare it.
Second question, should I encrypt the password before sending it to the next page?
Am I making sense? |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 19 October 2006 : 10:37:33
|
| no, you can not un-encrypt the password in the db, what you must do is encrypt the password they enter and check that against what is stored in the database. The encryption functions are in inc_sha256.asp |
 |
|
|
mboehmche
Starting Member
5 Posts |
Posted - 19 October 2006 : 10:39:15
|
I see...so encrypt the password they enter, pass it to the next page and then compare the encrypted values.
Danke! |
|
|
|
Roger Fredriksson
Average Member
Sweden
556 Posts |
Posted - 19 October 2006 : 12:18:25
|
| Wouldn't it be easier to use the value of mlev ? |
rf/www.avgifter.com |
|
|
|
mboehmche
Starting Member
5 Posts |
Posted - 19 October 2006 : 16:05:34
|
Huh?
how exactly does the encrypt function work?
I know the sha256 file handles encrypting, but I don't seem to be calling it properly. |
|
|
|
muzishun
Senior Member
United States
1079 Posts |
Posted - 19 October 2006 : 21:03:21
|
As long as the inc_sha256.asp file is included somehow into the page you're trying to call it from, the following code will return the hashed result of the string and show you what it looks like. You can modify it as you see fit from there.
Dim hashedTxt
hashedTxt = Request.Form("fieldname")
Response.write "Unhashed: " & hashedTxt & "<br />" & vbNewline
hashedTxt = sha256(hashedTxt)
Response.write "Hashed: " & hashedTxt & "<br />" & vbNewline
|
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com) |
|
|
|
mboehmche
Starting Member
5 Posts |
Posted - 19 October 2006 : 22:01:17
|
I tried to just look at the value using the function mentioned one reply up, but I get this:
Response object error 'ASP 0251 : 80004005'
Response Buffer Limit Exceeded
/NSEC_database/NSEC_new/test.asp, line 0
Execution of the ASP page caused the Response Buffer to exceed its configured limit.
I've never seen this before. Any ideas? |
|
|
|
Roger Fredriksson
Average Member
Sweden
556 Posts |
Posted - 20 October 2006 : 08:19:37
|
quote:
Originally posted by mboehmche
Huh?
....
Have a look here |
rf/www.avgifter.com |
|
|
|
mboehmche
Starting Member
5 Posts |
Posted - 20 October 2006 : 15:49:15
|
I'm good now. It turns out I was using the wrong request so my username/password combo was never going to match up with the db.
I seem to have it working now, though.
Thanks to all for helping. |
|
|
| |
Topic |
|
Topic Locked
