Login Extension and mySql

Issues related to the Login tools of WYSIWYG Web Builder.
Forum rules
PLEASE READ THE FORUM RULES BEFORE YOU POST:
viewtopic.php?f=12&t=1901

MUST READ:
http://www.wysiwygwebbuilder.com/login_basics.html
http://www.wysiwygwebbuilder.com/login_tools.html

TIP:
A lot of information about the login tools can be found in the help/manual.
Also checkout the demo template that is include with the software.
Post Reply
Rainbow1
 
 
Posts: 15
Joined: Sun Jan 28, 2018 9:50 pm

Login Extension and mySql

Post by Rainbow1 »

Hi,

I have been testing and playing with the Login extension as I want to add this functionality to my Website, I created a simple page (login) which I have added the 'Login' extension to, I have set the properties for Error Page to redirect to another i.e 'access_denied.php' and Destination Page to 'index.php'.
I have also set this up to use a mySql table (login) on my NAS Server.

I have added and configured the database to my Sql table which I have created from running the script (via the Help), which created:
Id, username, fullname, password, email, active, code, role and avatar.
I populated the table with one row of username, fullname, password, email, active and role. Code and Avatar are NULL?

Every time I enter the username and password (table username and password) in the Login box on the published page it jumps to the access_denied page?

I tested the db connection which if I change the db name in the Login extension "I get Failed to select database
Unknown database 'mySqldb'" If I change the table name I get to my access_denied.php
I changed the 'active' entry in the table from 0 to 1 as active has to be non-zero?
Not sure about $crypt_pass and md5 in the php code for the extension?

As an extra step, I added the Datviewer extension to the login page and added all the above details and it reads and displays the table ok?

So it seems the Login script is connecting to the db and table ok, but the authorisation of user/password is failing?

I wanted to add to the extension code to show the data and results of the Login query to the db, not being 'proficient' in php code has anyone any ideas? Also as soon as you hit the Login button on the Login page, it jumps to the access_denied page so any results won't have time to display anyway?

I am running version 15.0.4

Any help appreciated.

Thanks

Adrian (J)
User avatar
Pablo
 
Posts: 21572
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: Login Extension and mySql

Post by Pablo »

Maybe you have selected the wrong PHP version in Page Properties?
MGD4me
 
 
Posts: 287
Joined: Tue May 02, 2017 11:56 pm
Location: British Columbia, Canada

Re: Login Extension and mySql

Post by MGD4me »

Not sure about $crypt_pass and md5 in the php code for the extension?
The login script is encrypting the password you enter (md5), and comparing the result to the whatever has been stored in the database. You probably only have a 'clear text' password in the database, so the verification will fail. If this is the case, you have two choices:

1) Live with having clear text passwords in your database, by modifying a single line in the log-in code ...

From: $crypt_pass = md5($_POST['password']);
To: $crypt_pass = $_POST['password'];

This will allow whatever password you enter to match the clear text password in the database.

2) If you prefer encrypted passwords, then you need to Google something like "md5 + convert" (eg: https://www.md5hashgenerator.com/) to find an on-line service which will take your clear text word and encrypt it for you. Copy the converted result, and store in the database. Now the log-in script should work as expected.
Rainbow1
 
 
Posts: 15
Joined: Sun Jan 28, 2018 9:50 pm

Re: Login Extension and mySql

Post by Rainbow1 »

Thanks for the quick response.

The page properties were set in 'advanced' to the default of PHP5-7, (my version was 5.6) selecting PHP4 produces a blank page so I can understand the php code failed?
Switching back to PHP5-7, sends me back to access denied?

I am at a loss??
Rainbow1
 
 
Posts: 15
Joined: Sun Jan 28, 2018 9:50 pm

Re: Login Extension and mySql

Post by Rainbow1 »

Hi MGD4me,

Change the code and 'hey presto' it works!!

Spot on!! with your answer.

I changed the code to remove MD5 and it works as expected :P

As both my Web-server and Sql are on the same system on my local LAN, should I be to concerned over an MD5 hash?

I was in the right area of where it was failing but did not have any knowledge of MD5 encrypting your password!

Thanks again for your help and quick response. Enjoy your weekend.

Adrian (J)
Rainbow1
 
 
Posts: 15
Joined: Sun Jan 28, 2018 9:50 pm

Re: Login Extension and mySql

Post by Rainbow1 »

I am wondering if it's possible to add a change to the extension that gives the option of a property to enable (or disable) the MD5 option.

If you change the .css to modify the file, when you re-compile/publish the page the change is lost.

An option to do this would be better?
User avatar
Pablo
 
Posts: 21572
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: Login Extension and mySql

Post by Pablo »

I'm sorry, this functionality cannot be disabled.
Note that if you use the login admin tool then the data will be stored in the correct format.
Rainbow1
 
 
Posts: 15
Joined: Sun Jan 28, 2018 9:50 pm

Re: Login Extension and mySql

Post by Rainbow1 »

Hi Pablo,

Yes thanks, tried this and it works great using the unmodified .css code which uses $crypt MD5!

Thanks for your help.

Adrian (J)
HGF
 
 
Posts: 62
Joined: Sat Jul 31, 2021 7:54 am
Location: Cologne, Germany

Re: Login Extension and mySql

Post by HGF »

MGD4me wrote: Sat Feb 15, 2020 7:25 pm
Not sure about $crypt_pass and md5 in the php code for the extension?
The login script is encrypting the password you enter (md5), and comparing the result to the whatever has been stored in the database. You probably only have a 'clear text' password in the database, so the verification will fail. If this is the case, you have two choices:

1) Live with having clear text passwords in your database, by modifying a single line in the log-in code ...

From: $crypt_pass = md5($_POST['password']);
To: $crypt_pass = $_POST['password'];

This will allow whatever password you enter to match the clear text password in the database.

2) If you prefer encrypted passwords, then you need to Google something like "md5 + convert" (eg: https://www.md5hashgenerator.com/) to find an on-line service which will take your clear text word and encrypt it for you. Copy the converted result, and store in the database. Now the log-in script should work as expected.
Jesus, I'm doing troubleshooting for 3 days. This solved my issue. Many thanks !!! :D
Post Reply