Set Cookie Fails to Set RandomPassword As Value

Hello,

I am trying to set a Cookie value to use RandomPassword but the Wizard always sets the Value to an empty field.

I am doing this as part of implementing hashed passwords for SecurityAssist. I am following the series of seven videos @ securityassist/ that describe how to modify SecurityAssist generated pages to use a hashed password. In particular, the 7th video (Updating Send Password (Interactive Tutorial)) describes how to add a new Session Variable (Cookie) that will be set to a Random Password by performing Server Behaviors | Add | WA Cookies Toolkit | Set Session Variable. In the resulting Wizard window I set the Session value source to the SecurityAssist Random Password but upon selection the Session Variable value field is always blank!

I have attached a snapshot of the Session Value Wizard window that shows the result of selecting RandomPassword as the value. After selecting RandomPassword and specifying the number of characters, upon return to this main Wizard window the value field is always empty! If, as a test, I select other values sources, the source field is filled with PHP code, but it is always empty when I select RandomPassword.

Can someone please help me understand what is going wrong. Or, worse case, can someone tell me what the line of PHP code for RandomPassword should be so I can manually patch it?

Thank you.

this seams to be a bug with cookies toolkit in DWCS5, it works correctly in DWCS4.

It will also work correctly if you install eCart after Cookies toolkit.


I have logged this in our bugbase so we can release a fix for it in a future update.


in the mean time, the code that should go in the value would look like this:

<?php echo WA_RandomPassword(6, false, true, true, "")?>

the arguments to the WA_RandomPassword are:
Length: Number of characters for the random password
Upper Case: true or false
Lower Case: true or false
Numbers: true or false
Special Characters: string of any special characters you would like to include.


the finished code block for the set session value behavior will look like this:

<?php

if (!session_id()) session_start();

if($_SERVER["REQUEST_METHOD"] == "POST")     {

  $_SESSION["NewPW"] = "".WA_RandomPassword(6, false, true, true, "")  ."";

}

?>

Hi Jason.

Thanks for the info on this bug. I'll go manually patch the code.

I realize that I failed to say that I am using CS4. Your comments say that this works in CS4 but fails in CS5, however I'm failing even in CS4 so I guess you guys need to look at that version also.

I have a question about your code. The code that was actually generated by the Wizard when I ran it was:

if (isset($_POST["Send"])) {
$_SESSION["NewPP"] = "".((isset($_SERVER["COMPUTERNAME"]))?$_SERVER["COMPUTERNAME"]:"") ."";

(To get something generated I just set the Session Variable to the COMPUTERNAME as a placeholder!)

Your code loads $_SESSION when
if($_SERVER["REQUEST_METHOD"] == "POST")
but the generated code sets it when
if (isset($_POST["Send"])).

These are two different conditions that are being tested. Please explain why these are different and which condition I should use.

Thank you for the help!

Interesting, I did test CS4 as well as CS5, and did not have an issue. I will note in the bug though that you encountered the problem in CS4.

my code is testing for any form post.

your code is testing for the button named "Send" being pressed.

I was sending generic code just to give an idea, your code is more specific to your form.

Really, either will work, though yours would probably be the better choice since it would keep the session from being reset in the instance where there are more than one form on the page.

Thanks Jason. It's a 5 Star Reply!

You're welcome.