close ad
 
Important WebAssist Announcement
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Security Assist log-in

Thread began 1/15/2010 12:17 am by ginafink374399 | Last modified 9/20/2010 8:05 am by ginafink374399 | 4839 views | 24 replies |

ginafink374399

Security Assist log-in

I ran through the wizard and the interactive tutorials that follow, but I am unable to log-in, I just keep being redirected when I test.

I can see that the registration information is uploading to my database, and the password is encrypted, but when I try to log-in it just sends me to the Forgot Password page every time.

In addition, when I enter my email on the Forgot Password page, it doesn't send me a new email either.

Please help!

Sign in to reply to this post

Eric Mittman

In regards to logging in you mentioned that you are storing the password encrypted in the db. Since you are encrypting the password in the db you must also encrypt the value that you enter on the login page when comparing it to the value in the db. Have you done this part? If not on your login page in the authenticate user server behavior you will need to select the password value that is coming from the form and use the format option to apply the sha1 encryption to the value. This will ensure that the value is encrypted before it is compared and if the values match you should be allowed in.

If you have done this already and still have this problem it may be because of the column in your db. You must ensure that your password column is a varchar type with at least 40 length.

As for the email password have you checked the serer behavior on this page to confirm the details for your mail server? If not please give this a try and ensure you have the proper values entered for your mail server.

Sign in to reply to this post

ginafink374399

Still not working

I've checked everything you listed, and it still doesn't work. I did make one edit: the password field in my database was only 20 characters instead of 40, so I changed it, but that hasn't made any difference.

I'm attaching my Dreamweaver files so you can access them.

Attached Files
Archive.zip
Sign in to reply to this post

Eric Mittman

After you updated the db for the password column did you clear those records and register new users for them? If you stored the information as only 20 characters it will not pass the comparison on the login. You must ensure that the full hash of the password is stored when the user registers, and that you are comparing the has of the entered password for that user.

If you have any further problems with this post back with an export of your db structure in an sql file and I can test out your pages to see if there is a problem anywhere.

Sign in to reply to this post

ginafink374399

No dice

Here's the sql of the table I'm using.

Attached Files
customers_wholesale.sql.zip
Sign in to reply to this post

ginafink374399

Also, I'm working on my testing server, but what happens when I'm ready to go live? I already have an existing database of customers with the password in the 20-character format.

Sign in to reply to this post

ginafink374399

The log-in is working, but the Forgot Password page still isn't. A new, random password is generated and saved to the database, but no email is sent. I know the server details are accurate; is there anything else I should be checking?

Sign in to reply to this post

Eric Mittman

Ok, so just to recap all is ok now except for the new password email being sent correct? Do you have emails working elsewhere on your site? If so then there might just be a settings problem on your forgot password page.

Do you get emails when the new user registers? You could use the info from this for your forgot password settings if need be. Do you know the values to use for your mail server settings? Unless you have an SMTP server on your local testing server you will not send emails locally. You will need to have the pages served from a live server that has access to the SMTP server that you are entering values for.

Please post back with this info so we can determine how to proceed.

Sign in to reply to this post

ginafink374399

Correct.

I do have emails working elsewhere on my site with Universal Email. I think the issue may be what you describe in the second paragraph, so I'll try testing on a live server.

Before I do that, I have a question. You stated "After you updated the db for the password column did you clear those records and register new users for them? If you stored the information as only 20 characters it will not pass the comparison on the login. You must ensure that the full hash of the password is stored when the user registers, and that you are comparing the has of the entered password for that user.". Does this mean the new Security Assist pages won't work with my existing database? My original database was set up with only 20 characters for the password. I can easily change it as you describe, but clearing the records would be a problem. I don't want existing users not to be able to access my site.

Please let me know how to proceed.

Sign in to reply to this post

Eric Mittman

The password columns will need to hold 40 characters. If you have updated the table for this then any new users will be able to register and login without issue. However the users who had already registered and had only the first 20 characters of their password stored in the db will not be able to access the site.

This is because when they login and enter their password the entire password will be hashed and compared against what is in the db for them. Since the existing stored password for these users will only have 20 characters the password they enter will not match. To remedy this problem you will need to set the password again for these users. You could get the password from the user and get a hash for it to update the db with but this is more involved. The best thing to do would be to send those users an email and let them know that they need to return to the site and register again. You will not be able to have them just update their profile because they will not be able to login.

Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...