| Author |
 Topic  |
|
|
optimus
Starting Member
USA
5 Posts |
 Posted - 27 November 2005 : 09:36:53
|
Hi, I'm a newb here so thanks very much in advance. I don't actually have a site yet I'm just testing everything locally right now.
I would like to add a column called user_level to the table forum_members. Then I would like to have admin-restricted content on my site, which is not related to the forum. I want to have a login screen that gets the user name and password, and checks those against the record in forum_members, where user_level is greater than some number, and the usernames and passwords match.
I would know how to implement this, except the forum_members stores the password's hash, not the clean text for the password. I have been trying to figure out what to do. I think inc_sha256.asp is related somehow to being able to verify passwords, but I can't figure that out.
Am I on the right track? From what I understand, it is not possible to turn the password's hash into clean text, but how do I verify the user's password on my admin login screen? Is what I'm trying to do even possible?
EDIT: I thought about this some more. Is it possible to convert whatever the user enters in the password input box to hash, then compare that to the hash in m_password?
< Moved to MOD Add-On Forum (W/O Code) by Shaggy />< |
Edited by - Shaggy on 28 November 2005 06:59:02 |
|
|
Roger Fredriksson
Average Member
Sweden
556 Posts |
Posted - 27 November 2005 : 12:27:38
|
| No, I do not think that you are on right track. I think you can do everything you want to do by settings in Admins Section for user groups and Universal login-mod. I am a newbie myself and I run a heavily modded version so it is better for you to get answers from pros - please step in and explain. Meanwhile, use search and readme etc.< |
rf/www.avgifter.com |
 |
|
|
Nertz
Junior Member
Canada
341 Posts |
Posted - 27 November 2005 : 12:27:49
|
quote:
Originally posted by optimus
EDIT: I thought about this some more. Is it possible to convert whatever the user enters in the password input box to hash, then compare that to the hash in m_password?
That's exactly what you need to do, pass the password to sha256 and then compare the hashes.
cheers,
Nat< |
Sadly, most Family Court Judges wrongfully reward opportunistic gold diggers
that use our children unjustly as "instruments" of power.
www.fathers-4-justice-canada.ca |
|
|
|
optimus
Starting Member
USA
5 Posts |
Posted - 27 November 2005 : 17:09:30
|
quote:
Originally posted by Nertz
That's exactly what you need to do, pass the password to sha256 and then compare the hashes.
Wow thanks for the quick response. Alright, I included the file inc_sha256.asp on my admin login page, and i passed the password to sha256(), but I get an error which i paraphrased a bit:
# Error Type:
Microsoft VBScript runtime (0x800A000D)
Type mismatch: 'sha256'
/siteroot/admin_login.asp, line 81
--------------------------------
the code for admin_login.asp around line 81 looks like this:
password=request("password")
password= sha256("" & password) 'line 81
--------------------------------
So it doesn't like the way i'm calling sha256() or something. Do I need to include any more files for the function to work? Or am I passing the password to the function incorrectly? Something else wrong maybe? Thanks!< |
|
|
|
Roger Fredriksson
Average Member
Sweden
556 Posts |
Posted - 27 November 2005 : 17:39:00
|
I use mlev=4 to restrict access to admin-only pages outside the forum. On the pages I have
<!--#INCLUDE FILE="config.asp"-->
<!--#INCLUDE FILE="inc_sha256.asp"-->
<!--#INCLUDE FILE="inc_header.asp" --> or <!--#INCLUDE FILE="inc_header_short.asp" -->
and then I use If mlev<4 then .. no access ..endif< |
rf/www.avgifter.com |
Edited by - Roger Fredriksson on 27 November 2005 17:40:14 |
|
|
|
optimus
Starting Member
USA
5 Posts |
Posted - 27 November 2005 : 18:19:25
|
 Ooops, I was not including inc_sha256.asp correctly. It's working now, thanks for the quick replies!< |
|
|
| |
Topic |
|
password help
