Gossamer Forum
(Advanced Search)
for
Home : Products : DBMan : Customization :

Password Lookup Questions

Jul 4, 2000, 12:30 AM
anr
User (278 posts)
Jul 4, 2000, 12:30 AM
Post #1 of 6
Views: 1372
Shortcut
Quote Reply
Password Lookup Questions
I need some assistance with 2 things relating to the Password Lookup Mods.

1) I have installed the change email option but would like it if my users did not have to lose their original password when they change. I understand that the way it is set up is for verification of email but I think that the first time is good. Beyond that, if they decide to change the email address then I would like it if they did not have a hassle of getting a new password.

2) Since the email is now part of the .pass, I would like my users to be able to login using either their username or email address (Both there, their choice).

Thanks for the help!!
Adam

Jul 4, 2000, 12:52 AM
anr
User (278 posts)
Jul 4, 2000, 12:52 AM
Post #2 of 6
Views: 1341
Shortcut
Quote Reply
Re: Password Lookup Questions In reply to
OK. I figured out the first one.

In: sub change_email
Change: print PASS "$userid:$encrypted:$view:$add:$del:$mod:$admin:$in{'email'}\n";

To: print PASS "$userid:$pw:$view:$add:$del:$mod:$admin:$in{'email'}\n";

And eliminate: $password = &generate_password;
srand( time() ^ ($$ + ($$ << 15)) ); # Seed Random Number
my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
my $encrypted = crypt($password, $salt);

Along with any reference to $password in the email that is sent.

Smile

Jul 4, 2000, 12:57 AM
Andrew Mitcham
User (144 posts)
Jul 4, 2000, 12:57 AM
Post #3 of 6
Views: 1336
Shortcut
Quote Reply
Re: Password Lookup Questions In reply to
In Reply To:
Since the email is now part of the .pass, I would like my users to be able to login using either their username or email address (Both there, their choice).
The 'username' is actually the 'user id' which cannot have a '@' character contained within it. You cannot have an email address for the User ID.

Jul 4, 2000, 1:00 AM
anr
User (278 posts)
Jul 4, 2000, 1:00 AM
Post #4 of 6
Views: 1339
Shortcut
Quote Reply
Re: Password Lookup Questions In reply to
Right. My users will have their regular userid. I would just like to give them two input boxes to login.

Either Userid OR a second box for Email.

The form would take whichever one was inputed and then look through the .pass for either the userid or the email address and then check the password.

Does this make sense or am I not understanding what you said?

Jul 4, 2000, 1:05 AM
JPDeni
Veteran / Moderator (8669 posts)
Jul 4, 2000, 1:05 AM
Post #5 of 6
Views: 1334
Shortcut
Quote Reply
Re: Password Lookup Questions In reply to
So you don't care if your users change their email address to one that doesn't exist? That's fine, but I figured I would give as much security as possible.

In order for your users to be able to enter their email address or userid, you'll have to make some changes to the auth.pl file.

In sub auth_check_password, make the following changes:

my ($view, $add, $mod, $del, $admin, $email);

($userid, $pw, $view, $add, $del, $mod, $admin, $email) = split (/:/, $pass);

if ((($in{'userid'} eq $userid) or ($in{'userid'} eq $email)) && (crypt($in{'pw'}, $pw) eq $pw)) {

That should do it.

JPD
http://www.jpdeni.com/dbman/
Jul 4, 2000, 1:14 AM
anr
User (278 posts)
Jul 4, 2000, 1:14 AM
Post #6 of 6
Views: 1334
Shortcut
Quote Reply
Re: Password Lookup Questions In reply to
PERFECT! One input box, your choice of login....Thanks a lot....once again! Smile

Well, I do care if they change to a fake email, and I think you were right to include that feature. What I ended up changing it to is keeping the same password, and sending two emails upon change. One to the new one for verification and one to the old one for verification. If the new bounces then I know it's fake, but for my usage...it's not a great concern.

Adam