Login Extension and mySql

[Rainbow1]

Hi,

I have been testing and playing with the Login extension as I want to add this functionality to my Website, I created a simple page (login) which I have added the 'Login' extension to, I have set the properties for Error Page to redirect to another i.e 'access_denied.php' and Destination Page to 'index.php'.
I have also set this up to use a mySql table (login) on my NAS Server.

I have added and configured the database to my Sql table which I have created from running the script (via the Help), which created:
Id, username, fullname, password, email, active, code, role and avatar.
I populated the table with one row of username, fullname, password, email, active and role. Code and Avatar are NULL?

Every time I enter the username and password (table username and password) in the Login box on the published page it jumps to the access_denied page?

I tested the db connection which if I change the db name in the Login extension "I get Failed to select database
Unknown database 'mySqldb'" If I change the table name I get to my access_denied.php
I changed the 'active' entry in the table from 0 to 1 as active has to be non-zero?
Not sure about $crypt_pass and md5 in the php code for the extension?

As an extra step, I added the Datviewer extension to the login page and added all the above details and it reads and displays the table ok?

So it seems the Login script is connecting to the db and table ok, but the authorisation of user/password is failing?

I wanted to add to the extension code to show the data and results of the Login query to the db, not being 'proficient' in php code has anyone any ideas? Also as soon as you hit the Login button on the Login page, it jumps to the access_denied page so any results won't have time to display anyway?

I am running version 15.0.4

Any help appreciated.

Thanks

Adrian (J)

[Pablo]

Maybe you have selected the wrong PHP version in Page Properties?

[MGD4me]

Not sure about $crypt_pass and md5 in the php code for the extension?

The login script is encrypting the password you enter (md5), and comparing the result to the whatever has been stored in the database. You probably only have a 'clear text' password in the database, so the verification will fail. If this is the case, you have two choices:

1) Live with having clear text passwords in your database, by modifying a single line in the log-in code ...

From: $crypt_pass = md5($_POST['password']);
To: $crypt_pass = $_POST['password'];

This will allow whatever password you enter to match the clear text password in the database.

2) If you prefer encrypted passwords, then you need to Google something like "md5 + convert" (eg: https://www.md5hashgenerator.com/) to find an on-line service which will take your clear text word and encrypt it for you. Copy the converted result, and store in the database. Now the log-in script should work as expected.

[Rainbow1]

Thanks for the quick response.

The page properties were set in 'advanced' to the default of PHP5-7, (my version was 5.6) selecting PHP4 produces a blank page so I can understand the php code failed?
Switching back to PHP5-7, sends me back to access denied?

I am at a loss??

[Rainbow1]

Hi MGD4me,

Change the code and 'hey presto' it works!!

Spot on!! with your answer.

I changed the code to remove MD5 and it works as expected

As both my Web-server and Sql are on the same system on my local LAN, should I be to concerned over an MD5 hash?

I was in the right area of where it was failing but did not have any knowledge of MD5 encrypting your password!

Thanks again for your help and quick response. Enjoy your weekend.

Adrian (J)

[Rainbow1]

I am wondering if it's possible to add a change to the extension that gives the option of a property to enable (or disable) the MD5 option.

If you change the .css to modify the file, when you re-compile/publish the page the change is lost.

An option to do this would be better?

[Pablo]

I'm sorry, this functionality cannot be disabled.
Note that if you use the login admin tool then the data will be stored in the correct format.

[Rainbow1]

Hi Pablo,

Yes thanks, tried this and it works great using the unmodified .css code which uses $crypt MD5!

Thanks for your help.

Adrian (J)

[HGF]

Not sure about $crypt_pass and md5 in the php code for the extension?

The login script is encrypting the password you enter (md5), and comparing the result to the whatever has been stored in the database. You probably only have a 'clear text' password in the database, so the verification will fail. If this is the case, you have two choices:

1) Live with having clear text passwords in your database, by modifying a single line in the log-in code ...

From: $crypt_pass = md5($_POST['password']);
To: $crypt_pass = $_POST['password'];

This will allow whatever password you enter to match the clear text password in the database.

2) If you prefer encrypted passwords, then you need to Google something like "md5 + convert" (eg: https://www.md5hashgenerator.com/) to find an on-line service which will take your clear text word and encrypt it for you. Copy the converted result, and store in the database. Now the log-in script should work as expected.

Jesus, I'm doing troubleshooting for 3 days. This solved my issue. Many thanks !!!