The Forum has been Updated
The code has been upgraded to the latest .NET core version. Please check instructions in the Community Announcements about migrating your account.
Hi, I'm a newb here so thanks very much in advance. I don't actually have a site yet I'm just testing everything locally right now.
I would like to add a column called user_level to the table forum_members. Then I would like to have admin-restricted content on my site, which is not related to the forum. I want to have a login screen that gets the user name and password, and checks those against the record in forum_members, where user_level is greater than some number, and the usernames and passwords match.
I would know how to implement this, except the forum_members stores the password's hash, not the clean text for the password. I have been trying to figure out what to do. I think inc_sha256.asp is related somehow to being able to verify passwords, but I can't figure that out.
Am I on the right track? From what I understand, it is not possible to turn the password's hash into clean text, but how do I verify the user's password on my admin login screen? Is what I'm trying to do even possible?
EDIT: I thought about this some more. Is it possible to convert whatever the user enters in the password input box to hash, then compare that to the hash in m_password?
< Moved to MOD Add-On Forum (W/O Code) by Shaggy /><
I would like to add a column called user_level to the table forum_members. Then I would like to have admin-restricted content on my site, which is not related to the forum. I want to have a login screen that gets the user name and password, and checks those against the record in forum_members, where user_level is greater than some number, and the usernames and passwords match.
I would know how to implement this, except the forum_members stores the password's hash, not the clean text for the password. I have been trying to figure out what to do. I think inc_sha256.asp is related somehow to being able to verify passwords, but I can't figure that out.
Am I on the right track? From what I understand, it is not possible to turn the password's hash into clean text, but how do I verify the user's password on my admin login screen? Is what I'm trying to do even possible?
EDIT: I thought about this some more. Is it possible to convert whatever the user enters in the password input box to hash, then compare that to the hash in m_password?
< Moved to MOD Add-On Forum (W/O Code) by Shaggy /><
Posted
No, I do not think that you are on right track. I think you can do everything you want to do by settings in Admins Section for user groups and Universal login-mod. I am a newbie myself and I run a heavily modded version so it is better for you to get answers from pros - please step in and explain. Meanwhile, use search and readme etc.<
Posted
Originally posted by optimusThat's exactly what you need to do, pass the password to sha256 and then compare the hashes.
EDIT: I thought about this some more. Is it possible to convert whatever the user enters in the password input box to hash, then compare that to the hash in m_password?
cheers,
Nat<
Posted
Originally posted by Nertz That's exactly what you need to do, pass the password to sha256 and then compare the hashes.
Wow thanks for the quick response.
Alright, I included the file inc_sha256.asp on my admin login page, and i passed the password to sha256(), but I get an error which i paraphrased a bit:# Error Type:
Microsoft VBScript runtime (0x800A000D)
Type mismatch: 'sha256'
/siteroot/admin_login.asp, line 81
--------------------------------
the code for admin_login.asp around line 81 looks like this:
password=request("password")
password= sha256("" & password) 'line 81
--------------------------------
So it doesn't like the way i'm calling sha256() or something. Do I need to include any more files for the function to work? Or am I passing the password to the function incorrectly? Something else wrong maybe? Thanks!<
Posted
I use mlev=4 to restrict access to admin-only pages outside the forum. On the pages I have
<!--#INCLUDE FILE="config.asp"-->
<!--#INCLUDE FILE="inc_sha256.asp"-->
<!--#INCLUDE FILE="inc_header.asp" --> or <!--#INCLUDE FILE="inc_header_short.asp" -->
and then I use If mlev<4 then .. no access ..endif<
<!--#INCLUDE FILE="config.asp"-->
<!--#INCLUDE FILE="inc_sha256.asp"-->
<!--#INCLUDE FILE="inc_header.asp" --> or <!--#INCLUDE FILE="inc_header_short.asp" -->
and then I use If mlev<4 then .. no access ..endif<
Posted
Ooops, I was not including inc_sha256.asp correctly. It's working now, thanks for the quick replies!<