Scenario : I am trying to create custom log in functionality for liferay 6.1
In this, first I am asking email to user and I am checking, is this user is existing or new one. If it is existing then I will ask to fill password otherwise will ask him to create account.
My problem is, How to compare user given password and password exist in DB. User given password is plain text and DB saved password is in encoded form.
Any pointers on this will be helpful..Thanks in Advance.
There's a utility class for password comparison.
PasswordTrackerLocalServiceUtil#isSameAsCurrentPassword(userId, newClearTextPwd)
Related
I want to have a subpage on my website that is password protected. There should be a list of 6-digit passwords that allow access to the site. However, I don't want the user to type in a username. He should only type in one of the 6-digit passwords.
Any ideas, how I can accomplish this?
The default login for TYPO3 uses username and password. If you only needed 1 password you could create 1 user and use a custom template with the username in a hidden field. However, since you want multiple passwords, there is no default way to do it without creating your own authentication service.
It's a bit much to explain how to create an authentication service here, but you can read the documentation here https://docs.typo3.org/m/typo3/reference-coreapi/9.5/en-us/ApiOverview/Authentication/Index.html.
You can also look at an example like https://github.com/tschikarski/shibboleth, which is a but complicated, but you'll mainly need to look at \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addService in ext_localconf.php and the getUser and authUser functions in Classes/ShibbolethAuthentificationService.php.
With Typo3 mechanism, a password is always associated with a user name, I think you should do it by yourself :
if the content is from one of your extension, you can easily do it
if it's not the case, I think you could use a hook before page is displayed and manage password access in that hook
or you can make a specific template with which you can conditionally manage rendering
Why don't reverse the usage?
Create FE-users with the selected passwords as username, then assign all users the same password.
For the login you change the login form:
The password field gets a default value (the password you had set to
all accounts) and is hidden
The input field for the username is changed into a browser passowrdfield so the input is hidden by asteriks.
Then you might change the errormessages as they would confuse the user about his username so he only enters a "password".
There now exists an extension for that, too:
https://extensions.typo3.org/extension/sessionpassword
With that, you just have to create a specific usergroup for your purpose,
set a password an d include the plugin on the desired page.
Works for me in that case.
I would like to know where the password field is shown in dashboard. I cant see in password field in user profile object. How can I get it.
You can't see the password for a user (only a secure password hash is stored, so Auth has no way of getting the actual value). As a dashboard administrator, you can however change the password using the red Actions drop down list, and then selecting Change Password.
I have SugarCRM running and able to log in and out using the super admin account. I created a new user with type Regular User and defined it password because I unchecked the auto generation of password.
Even if I change the password through the database I cannot log in. But, if I changed the the type to Administrator that user can now login. Why is that? I want it to be a Regular User only.
Regards,
Ronel
In version 6.5.x I have found that there is a problem with password rules. Perhaps this is the case. Go to config.php and look at passwordsetting array. There is a minpwdlenght and a oneupper. Change 'oneuppper' to 'false' and match minpwdlenght to the lenght you want.
This solved my issue.
I have been looking for the past few hours on how to user the phpBB login script on a custom site. I think I'm just not searching for the right things.
A while ago, I created a phpBB site and have over 900 members registered through phpBB. I am currently face-lifting this site and redoing the user registration along with all of the other custom code I have.
My problem is, I want the users to be able to log in as usual, though I want to input them into my new database so everything can run smoothly. I mainly need their username, password and old ID#, but I don't know how to use phpBB's password authentication or where to find it
The statement needs to look something like this:
On Login, grab username and password variables:
if the username is not in MY database, check phpBB database.
If the username is in phpBB database, check to see if the password is correct **(This is the part I don't know how to do)**
If the password is correct, input the username, user ID and the password (encrypted my way) into MY database
Login
If the password is incorrect - error
if the username is NOT in phpBB database - continue
if the username is not in MY database - input username and encrypted pass into my DB
login
Where can I find a script to authenticate the phpBB user's passwords? I don't care how the script is done, I know that's a secret, I just need to be able to authenticate passwords so that I can make sure it's the same user
I do have access to the phpBB database, I just need a way to authenticate their password
I would rather delete the quesion, but here's the answer:
Check here: http://sunnyis.me/blog/secure-passwords/
and when you download the PasswordHash.php, change all of the $P$ to $H$. It will work. Strange how it creates a password, every time it creates, it's different. But the CHECK part of it makes sure it checks it correctly, no matter what hashed pass it creates.
I am using jquery.couch.js to do signup/login/logout to a CouchDB _users database in my Sproutcore application. Is anyone aware of a method for changing user _id and password?
As far as I know the user id cannot be changed but the password can.
The CouchDB documentation describes the process of changing a user password in detail, short:
Get the org.couchdb.user:<myuser> document
Add a password field with the plaintext password
Store the document back to the _users database
As soon as the document is in the database, the CouchDB rehashes the plaintext password using PBKDF2 (at least since CouchDB 1.3).
Unfortunately, there is no built-in API to do this. The best thing for now is to read the jquery.couch.js code for account creation and use the same code or algorithms to do account modification.
Specifically, you need to update the password_sha and salt values to change a password. To change a user name, you must make a new document, then delete the old document. Just keep the _id and name values in sync and you'll be okay.