Gossamer Forum
(Advanced Search)
for
Home : Products : DBMan : Installation :

Userid and passwords

Mar 22, 1999, 11:15 AM
Warmfire
Novice (6 posts)
Mar 22, 1999, 11:15 AM
Post #1 of 3
Views: 1900
Shortcut
Quote Reply
Userid and passwords
Will the system work (or choke) if it receives a userid similar to this:

"Cathi E. Allen",1736897844

We already have a log on subroutine which generates encrypted passwords for full name entries. If I can, I'd like to just pass this on to dbman (not have dbman generate it in the first place, tho that would not be a bad idea).

So, will it work if I do this:

http://reikifire.org/db.cgi?db=student&uid="Cathi E. Allen".1736897844&add_form=1

if I have in student.pass a matching entry?

Umm, I just noticed the password in student.pass isn't the same as that passed in the url. Is there double encryption? -- or something else?

Sheesh. I may have to learn perl if this keeps up. No offense, but Ugh! I have lots on my plate already. :-)

Thanks.
Mar 23, 1999, 5:08 AM
Jaime Ortega
User (119 posts)
Mar 23, 1999, 5:08 AM
Post #2 of 3
Views: 1822
Shortcut
Quote Reply
Re: Userid and passwords In reply to
Hi Warmfire,

The big number you see behind the userid is a random number generated by dbman every time a new user is logged in.

After a new login, a file with the userid and the random number is created in your auth directory (and removed every so often).

So,
Quote:
So, will it work if I do this:

http://reikifire.org/db.cgi?db=student&uid="Cathi E. Allen".1736897844&add_form=1

Yes, it would if you somehow rewrite the authority scripts to create a file in your auth directory named "Cathi E. Allen".1736897844 and your userid could have spaces in between (which it canīt with the current authority procedure).

But maybe there is another way...

Cheers
-JO
Mar 23, 1999, 7:12 AM
Warmfire
Novice (6 posts)
Mar 23, 1999, 7:12 AM
Post #3 of 3
Views: 1834
Shortcut
Quote Reply
Re: Userid and passwords In reply to
Thanks. I may have a work around. Since the Journal link is already behind a security fence, I think I can use the no authorization option safely and just pass the student directly to the add record form when they want to make a journal entry.

All the links, including the journal link, are in a virtual footer which is only written to the html page if a legal login occurs. So folks can get to the web page IF they know the url, but they can't follow any links once they get there because there aren't any. No login, no links. :-)

I would eventually like to do it all via DBman instead of having separate security systems, but this can go on the back burner for now while I work on setting up the basic journal entry page. First things first, eh? :-)

Thanks again.