dynamic verification of user password

Discussion in 'General Discussion' started by StickyKiwi, Jan 7, 2005.

  1. StickyKiwi

    StickyKiwi Guest

    HSP Build ID 2.1.15-07

    I am trying to find a way to dynamically verify a user's HSP password. Let me explain:

    We have a cancellation form that customers fill out when they rewuest a termination of service. They are required to provide both their login (email addy) and password for their account. Currently, the only way to determine if the cancellation request is valid is to attempt to login to the admin panel using the provided login and password. To better automate this process, I was hoping to somehow use these provided fields on-the-fly.

    I have tried the following 2 solutions, but they do not appear to work:

    1) passing username and password via the login URL (https://OURSITE/cp/login.cgi?Name=AAAAA&password=BBBBBB) - this method merely reloads the very same login.cgi page

    2) using the HSP API to verify a username and password; the Integration Guide lists no APIs that can access user password information

    Anyone have any thoughts?
     
  2. fenster

    fenster Tera Poster

    Messages:
    429
    Hi,

    1. Encoded passwords are stored in asppassport.passport table;

    2. It's impossible to decode them. To encode a password for verifying, use the following Perl code (should be run inside HSPC VE):

    Code:
    use Digest::HMAC_SHA1;
    use ASPpassport::Common;
    
    my $digest = ASPpassport::Common::Digest($password);
    This is true only for HSPcomplete 2.1.x.
     
  3. StickyKiwi

    StickyKiwi Guest

    confused & need clarification

    I'm a bit confused.

    1) This script is run in the customers VE? or my admin VE?

    2) When you list the following line

    my $digest = ASPpassport::Common::Digest($password);

    where is the $password variable getting populated from? Is this passed through the URL? Or do I need to hard code the variable to the specific password I am trying to verify?

    3) Is there a way to pass a user and password to the login.cgi page so that it will open the control panel if the combination provide is correct? I would prefer this method to actually needing a script to be run, as this requires more hands-on attention.

    Many Thanks.

    Kelley
     
  4. fenster

    fenster Tera Poster

    Messages:
    429
    If you want to create some form and ask user to enter login/password, you should call that function to encode the password entered by the user and then compare it with the value stored in asppassport.passport table. It should be done inside your HSPC VE (it is what you call 'admin VE').

    If you need more help, please create a support ticket.

    Thanks.
     

Share This Page