login procedure (usercode,salt code etc.)
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=14334
Printed Date: 12 April 2026 at 4:03pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: login procedure (usercode,salt code etc.)
Posted By: netsonic
Subject: login procedure (usercode,salt code etc.)
Date Posted: 20 March 2005 at 10:44am
Hi all
i want to learn how the forums login procedure functioning?
there is a usercode salt code and a encrypted password...
when we login with username and password what does the script do with usercode,salt code and encrypted password...
i am planning to make a site with jsp and want to do a similar login type with webwiz...
is there any document or something that i can understand the procedure???can anyone help mee
thanks
Burak
|
Replies:
Posted By: dj air
Date Posted: 20 March 2005 at 11:06am
the process for the login script is as follows.
the page is submitted.
- the username is queried against the database, to get the original password and salt code.
the inputted password by the user is encrypted using the form inoput value and the salt code.
then the database password is compared with the inputed value that has
been encrypted. if the match the user has entered the correct password.
so we update the last login time, update the user_code with a new one,
to prevent being logged in else where. and put the user_codew within a
cookie.
then within the common.asp file the user_code is read in, and queried
agaist the database to get the users details and the detals are then
used to display , username etc.
|
Posted By: netsonic
Date Posted: 20 March 2005 at 11:46am
thanks a lot for the answer...
but i didnt understand the salt code...
what is salt code for?why do we need this?and how its produced...its produced from the username??
|
Posted By: netsonic
Date Posted: 21 March 2005 at 5:11pm
Now i understand the salt code...
The last thing is how we generate the usercode?
The usercode is changed sometimes or its produced once and its the same forever???
if we change it sometimes when & why do we need?
i will be very appreciated if u answer my detailed question...
Thanks
Burak
|
Posted By: dj air
Date Posted: 21 March 2005 at 7:33pm
the user code is generated/ replaced quiute a few times.
so to answer a couple of your questions its created and then sometimes updated.
the user code consists of the username followed by a random value this makes the user_code unique.
this is gone often to prevent security holes.
on login it is changed to make sure you can only access the forum from
that one location as the new user_code will be no good that is stored
on other machines.
its also updated during an profile update. for a simular reason to the above.
also during activation of the account if email activation is enabled.
also when a username is changed by an administrator
also there maybe a few other places
|
Posted By: netsonic
Date Posted: 22 March 2005 at 12:37pm
|
thanks a lot that was exactly what i need
|
|