Announcement

Collapse
No announcement yet.

Login issues with md5 password

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Login issues with md5 password

    Hello, I got an issue with a user register form, I configured in onBeforeInsert event the password field as {staffpassword} = md5({staffpassword}); in order to when the admin registers a new person the password be saved as encode. In this process everything is ok.

    The issue comes in the login form, everytime that I try to login with the registered user that has password encode with md5, the form show me an error message User/Password invalid . The validation code for the login form is the next, I appreciate your help to know what is the error:

    $definedParameters = $_SESSION['ticketsettings']['definedparameters'];


    $str_sql = "SELECT count(*) FROM staff WHERE
    staffemail = '{email}' and
    staffpassword = '{password}'";

    sc_lookup(dataset,$str_sql);

    if({dataset}[0][0] <= 0){
    sc_error_message({lang_error_invalid_user});
    }
    else{
    $arr_staff = LoadStaff({email});
    $_SESSION['staff'] = $arr_staff;
    $_SESSION['v_staffname'] = $arr_staff['staffname'];
    $_SESSION['v_staffid'] = $arr_staff['staffid'];

    $locales = explode(';',$arr_staff['stafflanguage']);

    sc_set_language($locales[0]);
    sc_set_regional($locales[1]);

    sc_reset_apl_status();

    $str_redir = '';

    if(trim($arr_staff['adminflag']) == 'Y'){
    enable_admin_module();
    enable_staff_module();
    $str_redir = 'menu_admin';
    }
    elseif(trim($arr_staff['adminflag']) == 'N'){
    enable_staff_module();
    $str_redir = 'menu_staff';
    }

    sc_redir($str_redir);

  • #2
    If you have stored the password in MD5 in your database, then you need to convert your password to MD5 before executing the sql:

    $myemail=MD5({email});

    and


    staffemail = '$myemail' and ...
    Albert Drent
    aducom software netherlands
    scriptcase partner, reseller, support and (turn-key) development
    www.scriptcase.eu / www.scriptcase.nl

    Comment


    • #3
      I converted it in the register form in onBeforeInsert event the password field as {staffpassword} = md5({staffpassword});

      And in the validation code the SQL is taking the database field that is already encode

      $str_sql = "SELECT count(*) FROM staff WHERE
      staffemail = '{email}' and
      staffpassword = '{password}'";

      Comment


      • #4
        Onbeforeinsert is executed when you insert a new record, for this reason is stored as md5, but you have to convert the value on you query to validate
        /Giuseppe

        Professional Scriptcase Services
        Some Customers opinions

        Comment


        • #5
          Thank you so much, you was right it works.

          Comment

          Working...
          X