2. ASPRunnerPro General questions
  3. login encryption
This topic is locked

login encryption

 		12/16/2004 15:59:10
ASPRunnerPro General questions
K
 kevinl author

Hi,
I need help with create a login page with a existing table, when ASPrunner ask me the table, I gave it the name of the table and user/password column. When I login with the password/username in the existing table, I got an error
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Invalid column name 'admin'.
/aspfinal/login.asp, line 88
The guy that design the SQL table for login have the password column encrypt as binary. Will ASPrunner work with this or I have to find some other way?
Sergey Kornilov admin 12/17/2004

Hi,
could you post exact SQL query here?

response.write strSQL

response.flush

rs.open strSQL, dbConnection


Insert code in bold before line 88 in login.asp.
D
 		dheydt 12/20/2004

Sergey,
I had the same problem as kevinl. The problem is that when you encrypt a password and store it in SQL you must store it in a binary format. ASPRunner sees that the field is binary (type=204) and does not apply quotes or use the encrypt function.
Since I do not use binary fields anywhere else I was able to get around this problem by doing the following. But be advised this will mess-up any binary fields that are not encrypted data.
Step #1 - I modified the IfNeedQuotes routine in ASPFunctions.asp. I basically just added type = 204 to the list of types that require quotes.

Function IfNeedQuotes(nType)

   If nType = 203 _

   Or nType = 8 _

   Or nType = 129 _

   Or nType = 130 _

   Or nType = 7 _

   Or nType = 133 _

   Or nType = 134 _

   Or nType = 135 _

   Or nType = 204 _

   Or nType = 201 _

   Or nType = 205 _

   Or nType = 200 _

   Or nType = 202 _

   Or nType=72 Then

       IfNeedQuotes="True"

   Else

       IfNeedQuotes="False"

   End If

End Function


Then I modified the following code in login.asp to add the "encrypt()" function.

 strSQL = "select * from " & cLoginTable & " where " & AddWrappers(cUserNameField) & _

   "=" & strUsername & " and " &  AddWrappers(cPasswordField)

 If rsTemp(cPasswordField).Type=204 _

   Then strSQL = strSQL & "=encrypt(" & strPassword & ")" _

   Else strSQL = strSQL & "=" & strPassword
   rs.open strSQL, dbConnection


This is kind of a sloppy patch but I didn't have the time to figure out how to single out binary fields that are specifically encrypted passwords.
Also, I have not yet created any kind of patch to allow the changing or adding of a password. This would require changes to edit.asp.
K
 		kevinl author 12/22/2004

Hi,
Thanks dheydt. Please let me know when you figure out how to do it, I will post the code tomorrow. Too much work today. Thanks again.