The Login Process??
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums Modifications
Forum Description: Mod's and Add-on's for Web Wiz Forums.
URL: https://forums.webwiz.net/forum_posts.asp?TID=22534
Printed Date: 28 March 2026 at 1:39pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: The Login Process??
Posted By: __n3o__
Subject: The Login Process??
Date Posted: 27 January 2007 at 9:50am
|
Hi.. I am currently building an ASP.NET portal for a website I run, we currently have WWF and have alot of members registered... I am trying to create a login page for my portal, which is no problem normally but I have to use the WWF username & password fields as I have alot of members who will not want to have to sign up again... I have looked at the login function that WWF uses and still cannot get the password to match even though I am using the same function (I think)... I am doing the following... Checking the username against the DataBase... Then taking the password entered into the password text box and.. 1.) Append the 'Salt' DB value to the password entered -- strPassword = strPassword & Salt 2.) Then I run strPassword through the HashEnCode -- strPassword = HashEncode(strPassword) Thats it? Then I'm checking the result against the DB? ... Am I missing something? |
Replies:
Posted By: __n3o__
Date Posted: 27 January 2007 at 9:56am
| To be honest I would prefer to be able to unencode the passwords - I then use my own encoding for the portal db... Anyone have a script to re-encode the passwords in the DB?? - But if not any help very much appreciated... Thanks |
Posted By: __n3o__
Date Posted: 28 January 2007 at 7:36pm
*BUMP* 
|
Posted By: dfrancis
Date Posted: 28 January 2007 at 9:38pm
|
I've done a good amount of work with the salt/password for a classic asp system. Have you looked at the API in the latest version of WWF?
Maybe we can work together because I'm making the transition to dot net myself. ------------- “If you want things to be different, you must be willing to do different things!” http://www.DavidFrancis.org/?wwf=signature" rel="nofollow - David Francis |
Posted By: dfrancis
Date Posted: 28 January 2007 at 9:43pm
It's supposed to be a one way hash... though conceptually, since you know the salt, you would think that getting the unencoded string would be no trouble. The thing is, you need both parts to read the string.
Well let's see...
str+salt = encoded password.
salt/encoded "should" = str
Not sure if it's possible though.
------------- “If you want things to be different, you must be willing to do different things!” http://www.DavidFrancis.org/?wwf=signature" rel="nofollow - David Francis |
__n3o__ wrote:Posted By: __n3o__
Date Posted: 29 January 2007 at 6:54am
|
Hi David - Thanks for answering.. I have had a look at the API, but I have my own sessions and cookies to use - And I thought it would be more work re-writing that, than just getting the Hashway1 page to work considering 99% of it I can just take and use in .NET.. I did have one thought though, in one of the functions on the hashway1 page (Function IntToBinary) it uses the 'Round' VBScript function... This has now been killed in .NET 2.0 and I have to use a different function that either rounds up or down?? So I replaced the following as shown... Do you think this might be causing the problem? I have rounded up using the System.Math.Ceiling Original Bit of Function IntToBinary
.NET version
Any help appreciated, and more than happy to work together - Thanks |
Posted By: dj air
Date Posted: 29 January 2007 at 1:31pm
|
strPassword = request.form.("Password")
strSalt = (db value)
strDBPassword = (DB Value)
blnPasswordCorrect = False
StrWholePassword = strPassword & strSalt
strEncryptedPassword = HashEncode(strWholePassword)
if strDBPassword = strEncryptedPassword then blnPasswordCorrect = True
if blnPasswordCorrect is correct then password cleared
if blnPasswordCorrect is False then password Error
in theory that idea should work
|
Posted By: __n3o__
Date Posted: 29 January 2007 at 1:49pm
I'll double check tonight aaron but I'm pretty sure thats more or less what I'm doing  .... Thanks for posting that up fella 
|
Posted By: WebWiz-Bruce
Date Posted: 29 January 2007 at 7:48pm
What about trying:-intNew = System.Math.Ceiling(CDbl(dblNew) - 0.1)This is in the original version and may make the difference. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: __n3o__
Date Posted: 29 January 2007 at 8:09pm
Many thanks Bruce, Aaron and David... But after drinking a can of Fosters export and opening the page I realised how much of a nobber I was being... I was trying to be too clever.. All it needed was
And sorted!! At least I know I had coded the rest of my page correctly... LOL... Thats a start! |