Snitz Forum Login Advise

Posted on 2012-09-18
Last Modified: 2012-10-10
OVERVIEW: I am incorporating Snitz Forums 2000 into an existing portal written in ASP.

The portal utilizes a MySQL Database and I've configured the option for Snitz to utilize MySQL as well, a very convenient install I must say.

The portal has it's own existing member profiles, usernames and password, ect.

GOAL: Minimize account setup and signup for the form by utilizing existing account login data from the portal database.

Thoughts: I considered an Insert of the account data but am weary of by-passing the password encryption Snitz utilizes and is stored in: FORUM_MEMBERS.M_PASSWORD

At this time I am planning to pre-populate the Snitz Register form with data from the
portal profile and have the user submit the form to create the profile. Then the user can
move between the portal and the form, with each running it's own member enforcement.

But, I know their are a lot of people out there smarter then me, so I figured I'd ask.
I've attached Snitz page: register.asp as register.txt
Thank You
Question by:hammermcphee
    LVL 3

    Accepted Solution


    I've had this to do before (quite a while ago) with Snitz and found that after a lot of trial and error a single sign-on pattern was better, leaving the portal database in control with the snitz forum_members being a slave member table.

    That would mean using the portal to log the user in, and then just authenticate them with sniz which is done usually by setting the appropriate cookie.

    You will need to keep the forum_members in line with the portal information, but generally thats just a case changing the update member and registration screen to update the other table with basic information.

    Hope this helps

    Author Comment

    I was moving in that direction Graham but your advise convinced me it was the best way to go. When account is created for the portal, I grab the incoming data I need for Snitz Forum, insert it into table FORUM_MEMBERS and write the access cookies.

    Then you add the cookie creation to your login pages, as well as update the FORUM_MEMBERS table when an account holder or admin changes the profile password.

          strEncodedPassword = sha256("" & trim(Request.Form("Password")))
                "('" & MEMBER_ID & "', '1', '" & M_NAME & "', '" & M_USERNAME & "', '" & strEncodedPassword & "','" & M_EMAIL & "', '" & M_FIRSTNAME & "', '" & M_LASTNAME & "')"
                      objCmd_FORUM.CommandText = createForumUserSQL
                            response.write "FORUM USER CREATED"
                            'CREATE FORM COOKIES
                            Response.Cookies("Snitz00User")("Name") = M_NAME
                            Response.Cookies("Snitz00User")("Pword") = strEncodedPassword
                            response.write "<br><a href=members.asp>Test Cookies by accessing members.asp</a><br>"

    Author Closing Comment

    Thank You.
    LVL 3

    Expert Comment

    No problem - be careful of SQL Injection make sure that you check the password and login for bad characters before you use it in a string, or use a stored procedure.

    Good Luck

    Author Comment

    Thanks Graham,

    I understand the dangers of SQL Injection, but I have been unable to locate a tutorial that I really, er, uhm, understand.

    Can you point me at a resource that provides good advice for preventing SQL Injection attacks?

    Thank You,

    LVL 3

    Expert Comment

    Hi Tom,

    have a look at the 4 guys from Rolla - , there are also a few links at the bottom which are worth reading.

    Any problems just raise a question

    Good Luck

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    I have been using r1soft Continuous Data Protection ( for many years now with the mySQL Addon and wanted to share a trick I have used several times. For those of us that don't have the luxury of using all transact…
    Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now