[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Snitz Forum Login Advise

Posted on 2012-09-18
6
Medium Priority
?
893 Views
Last Modified: 2012-10-10
OVERVIEW: I am incorporating Snitz Forums 2000 into an existing portal written in ASP.
http://forum.snitz.com/

The portal utilizes a MySQL Database and I've configured the option for Snitz to utilize MySQL as well, a very convenient install I must say.

The portal has it's own existing member profiles, usernames and password, ect.

GOAL: Minimize account setup and signup for the form by utilizing existing account login data from the portal database.

Thoughts: I considered an Insert of the account data but am weary of by-passing the password encryption Snitz utilizes and is stored in: FORUM_MEMBERS.M_PASSWORD

At this time I am planning to pre-populate the Snitz Register form with data from the
portal profile and have the user submit the form to create the profile. Then the user can
move between the portal and the form, with each running it's own member enforcement.

But, I know their are a lot of people out there smarter then me, so I figured I'd ask.
I've attached Snitz page: register.asp as register.txt
Thank You
register.txt
0
Comment
Question by:hammermcphee
  • 3
  • 3
6 Comments
 
LVL 3

Accepted Solution

by:
JGRobinson earned 2000 total points
ID: 38434471
Hi,

I've had this to do before (quite a while ago) with Snitz and found that after a lot of trial and error a single sign-on pattern was better, leaving the portal database in control with the snitz forum_members being a slave member table.

That would mean using the portal to log the user in, and then just authenticate them with sniz which is done usually by setting the appropriate cookie.

You will need to keep the forum_members in line with the portal information, but generally thats just a case changing the update member and registration screen to update the other table with basic information.

Hope this helps
Cheers
Graham
0
 

Author Comment

by:hammermcphee
ID: 38483213
I was moving in that direction Graham but your advise convinced me it was the best way to go. When account is created for the portal, I grab the incoming data I need for Snitz Forum, insert it into table FORUM_MEMBERS and write the access cookies.

Then you add the cookie creation to your login pages, as well as update the FORUM_MEMBERS table when an account holder or admin changes the profile password.

      strEncodedPassword = sha256("" & trim(Request.Form("Password")))
            createForumUserSQL = "Insert into FORUM_MEMBERS (MEMBER_ID, M_STATUS, M_NAME, M_USERNAME, M_PASSWORD, M_EMAIL, M_FIRSTNAME, M_LASTNAME) VALUES " &_
            "('" & MEMBER_ID & "', '1', '" & M_NAME & "', '" & M_USERNAME & "', '" & strEncodedPassword & "','" & M_EMAIL & "', '" & M_FIRSTNAME & "', '" & M_LASTNAME & "')"
      
                  objCmd_FORUM.CommandText = createForumUserSQL
                  rsf.open objCmd_FORUM,,3,2      
                  
                        response.write "FORUM USER CREATED"
                        
                        'CREATE FORM COOKIES
                        Response.Cookies("Snitz00User")("Name") = M_NAME
                        Response.Cookies("Snitz00User")("Pword") = strEncodedPassword
                        response.write "<br><a href=members.asp>Test Cookies by accessing members.asp</a><br>"
0
 

Author Closing Comment

by:hammermcphee
ID: 38483215
Thank You.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Expert Comment

by:JGRobinson
ID: 38483324
No problem - be careful of SQL Injection make sure that you check the password and login for bad characters before you use it in a string, or use a stored procedure.

Good Luck
Graham
0
 

Author Comment

by:hammermcphee
ID: 38483516
Thanks Graham,

I understand the dangers of SQL Injection, but I have been unable to locate a tutorial that I really, er, uhm, understand.

Can you point me at a resource that provides good advice for preventing SQL Injection attacks?

Thank You,

Tom
0
 
LVL 3

Expert Comment

by:JGRobinson
ID: 38483578
Hi Tom,

have a look at the 4 guys from Rolla - http://www.4guysfromrolla.com/webtech/061902-1.shtml , there are also a few links at the bottom which are worth reading.

Any problems just raise a question

Good Luck
Graham
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This post contains step-by-step instructions for setting up alerting in Percona Monitoring and Management (PMM) using Grafana.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses
Course of the Month19 days, 15 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question