close ad
 
Important WebAssist Announcement
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

 
WebAssist ForumsData BridgeSecurityAssist › Sha1
Sign in to rate this thread
rating

Sha1

Thread began 9/24/2009 4:51 pm by brendan.rehman143550 | Last modified 9/25/2009 9:16 pm by anonymous | 1575 views | 2 replies |

9/24/2009 4:51 pm  |  #1 brendan.rehman143550

Sha1

Is this correct?

Login Page.

"columnValues" => explode($WA_Auth_Separator,"".((isset($_POST["username"]))?$_POST["username"]:"") ."'".$WA_Auth_Separator."".WA_SHA1Encryption(((isset($_POST["userpassword"]))?$_POST["userpassword"]:"")) .""),


Registration Page:

$insertSQL = sprintf("INSERT INTO users (username, password, email, first_name, last_name, city, `state`, country, zip, permissions, active) VALUES (%s, SHA1(%s), %s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['username'], "text"),
GetSQLValueString($_POST['password'], "text"),

Note SHA1 function usage on insert.

Values get inserted correctly... But it won't login no matter what I try, I've redone the entire wizard from start to end.

<pre><?php var_dump($_SESSION); ?></pre>

Produces.

array(0) {
}

safe_mode= Off etc.

Please help.

Sign in to reply to this post

9/25/2009 8:41 am  |  #2 Jason ByrnesWebAssist

The registration page should be storing the password in the database in encrypted format. To accomplish that, you need to remove the Dreamweaver insert record server behavior, and replace it with the DataAssist Insert Record Server Behavior. The DataAssist insert record server behavior will allow you to apply the SHA1 formatting to the password column.

See the Introduction to SecurityAssist -> Modifying Registration tutorial in the Solution Recipes Section of the Security Assist support page:
securityassist/

Sign in to reply to this post

9/25/2009 9:16 pm  |  #3 anonymous

It looks as if the the Sha1 is added to the insert...I think the issue lies with the login - which - you want to be sure that you are applying the Sha1 encryption to the password's POST value on the login page BEFORE comparing values to the password of the database. On the authenticate user behavior, you should be able to access Sha1 in the dialogue box to apply to the password value.

Cheers,

Brian

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Everything else!

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

go to page top
Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...