I have actually set up and implemented a couple dynamic webpages for my website that involve adding news feeds and other media sources everyday with certain filters.
For right now, only I know the exact address of my admin menu for the CMS, but really anybody could access it right now since it isn't password protected.
I've looked into how to set up a User Authentication Restriction in Adobe's DreamWeaver CS6, but I keep hitting the same bump in the road in trying to do so.
I have my login.php page in front of me, and with the "password" field selected, I click on Server Behaviors > Add a Server Behavior > User Authentication > Login User. But this is where it gets hairy
I have the ability to pull up the database I have been using locally which involves about 4 separate columns (none of which have anything to do with a username/password), but when I go to select from the table which columns are used to verify the "username" and "password" field on my login.php page, there quite simply isn't a corresponding column to select.
I know there must be another way to set up in the database or in a separate database the values for my Logon, but I am not sure where. Anyone have any clue how to set this up so I can create a User Logon for my webpages? I tried granting my username all privileges and giving it a password in phpMyAdmin for this certain database I have been talking about but it did not help in creating the User Login (unless I missed something again in creating this password/granting all privileges).
You have to set your database username up with an index value in your table. It's an option other wise a key icon.
Unique I'd auto increment + username indexed + password varchar+ timestamp timestamp + reference1
Related
I have a website for university timetable connected to microsoft sql server, there I have django table auth_user. Users can't register by themselves, university provides them with username and password. So in the table auth_user I have to fill data manually, but how can I fill the field which is responsible for password since it has to be hashed? I found only way to set password is to log in as admin, and change passwords in admin site, but that is not quite correct in terms of working with database as if I had to fill more than 100 students, it would be tiresome to do so. Maybe there is another approach to fill passwords directly in the database?
You can set the password for a user in Django by using the set_password method
from django.contrib.auth.models import User
u = User.objects.get(username='john')
u.set_password('new password')
u.save()
I have application where administrators have to create accounts for the new users. Basically there is no option for random user to create account and access this app. The admin would have to enter some basic info like First, Last name, Email address, User name and then comes to the password. I have algorithm that generates unique passwords. I'm looking for the better option to handle this situation.
The old application worked this way: admin enters info, generates password and there is an option either to automatically notify users via email or admin will contact directly that user and provide login info. This method seems very inefficient and insecure at the same time. Sending info like user name and password in the email is definitely not recommended nowadays. I was wondering what would be a good approach?
Should I generate unique link with expiration date where user can enter the password? Or there is better way to handle this situation? I use JavaScript, JQuery and ColdFusion 2016 for this project.
I would simply like to ask if I'm doing the things right or if it is better if I stop before going in this direction. I have an administrative area in my website and I though to manage login using a table on my database.
When the user correctly login, I then write on a sql table the username, the session id and the IP obtained from REMOTE_ADDR server variable.
When the user ask for a private page that require to be logged in, I lookup the username on my table filtering by IP and Session ID, this return the user of the current user asking for example for "prices.aspx" page on my admin area.
I have then made my so saved records be deleted after 30 minutes. Is this safe enough? Is this a good way to expose my website to hacks? How could I improve the security?
If your site can be hacked, it doesn't matter how your login system works. What keeps a hacker from getting at your data?
Encrypted Transmissions
Never show database names, file names, passwords in front end code.
2 Step verification login to your website and database
The basic principles of logging a member in, or logging someone in to an authorized page are no different.
Whether you delete a record 30 minutes after it's been saved or not is totally immaterial. If a hacker can access that data, saving it in an unsecured manner for 1 second is to long. If you want the user session to time out after 30 minutes, just deleting the database record won't achieve that. So, to your question, "Is it safe enough?". No, it's not.
If your regular member login is safe, then all you need to do is have a field in your user information database, that indicates whether the user is authorized to see certain pages or not.
When your website is first loaded, don't ever load the admin pages unless it's requested, and then have the user give their password a second time. If the user who logged in is not authorized to see an admin page, then don't even load the HTML that allows a user to request an admin page.
I am developing an iOS app that is password protected and all the users are stored in a wordpress account that, of course, is password protected as well. Does anybody know the format that wordpress uses to store login information for these accounts, I would assume that it is a MySQL that sends a json? I have only been able to find the database code for the initial admin page but nothing that shows the way these accounts (815 to be exact) would be stored within the site.
The raw data is in the wp_users MySQL table.
The (default) code WordPress to authenticate users in the wp_check_password function. It's possible (though unlikely) that the password is a straight MD5 hash (I assume that check's just for backwards compatibility). Usually, it'll be encrypted using the PHPass library (see here for the WordPress code).
As far as I know, there's no API for checking a password that returns JSON. You'd probably have to write something yourself. This question suggests the wp_authenticate_username_password would be the best way to check the username / password combination on the server.
I'm using Joomla 1.5.22.
I tried to manually insert a new user to the 'site_users' table in the database.
But when i tried to log in with the new user, the page just refresh but doesn't log in.
May i know why is that so?
Sorry as i'm a beginner in programming and Joomla.
To create a new user the best solution is to :
login to the administrator page : http://www.yourwebsiteurl/administrator
then go to user management and create a new user
Don't try to insert a new user with a MySQL request, use the web interface.
Kevin is right.
If you want to add new user, then best way for you to add it from backend.
Actually, Joomla use do not depend only on one table #__user, with each entry of user, there access level are also maintained in some other tables. like core_acl_pro, acl_group etc
Password of user are md5 hashed of password and a random salt.
So its better to create user from backend.
+1 Kevin
Password are hashed when stored in the database. So you cannot store this information without knowning what you do!