Welcome Guest Search | Active Topics | Log In | Register

Yet Another Forum.NET » YAF Forum Discussions » YAF & Portals » Where is the Password encryption done at registration?

Where is the Password encryption done at registration? Options · View
Previous Topic · Next Topic
agrodude
#1 Posted : Sunday, April 06, 2008 9:59:47 PM

Rank: YAF Forumling



Joined: 4/6/2008
Posts: 5
Location: Ipswich
Hi guys,

I'm trying to integrate YAF with my site...bet you haven't heard this one before!!lol

I have added the Register stored procedure to my custom registration page for my site so that bot my db and the yaf one get uploaded with the same login credentials.

However, the YAF site seems to encrypt the password somehow so when I pass in the clear text password, the actual password gets stuck in the database. When the user goes to login, this obviously causes an issue.

Please could you give me a pointer to which function/method does the encryption and where is it called from? (I cant see it on the registration page)

I have downloaded the latest version of the site (April 200Cool.

Cheers for the help

AgrodudeRolling Eyes
Back to top
 Report Abusive | Report SPAM
Jaben
#2 Posted : Monday, April 07, 2008 11:12:35 PM

Rank: YAF Head Dude



Joined: 10/10/2004
Posts: 2,737
Location: Honolulu, HI
string sPassword = FormsAuthentication.HashPasswordForStoringInConfigFile( Password.Text, "md5" );
"Honesty may be the best policy, but it’s important to remember that apparently, by elimination, dishonesty is the second-best policy." -- George Carlin
Back to top
 Report Abusive | Report SPAM
agrodude
#3 Posted : Friday, June 27, 2008 12:31:43 PM

Rank: YAF Forumling



Joined: 4/6/2008
Posts: 5
Location: Ipswich
Thanks Jaben,

This clears it up for me now.

I've successfully entered the password into the database now using the same method in VB.

Just need to make my logon screen generate the authentication cookie for the forum then I'm done.

Regards

Agrodude
Back to top
 Report Abusive | Report SPAM
Degeim
#4 Posted : Sunday, July 20, 2008 5:05:11 PM

Rank: YAF Forumling


Joined: 7/1/2008
Posts: 9
Location: Norway
Could someone please tell me why I can't get this to work?

Quote:
using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["yafnet"].ConnectionString))
{
conn.Open();

SqlCommand command = new SqlCommand("yaf_user_login", conn);
command.CommandType = CommandType.StoredProcedure;
command.Parameters.AddWithValue("@BoardID", 1);
command.Parameters.AddWithValue("@Name", User);
command.Parameters.AddWithValue("@Password", Password);

Response.Write(command.ExecuteNonQuery().ToString());
}


It's always returning "-1", even when I know that both the username and password are correct. Shouldn't it return 1 when the correct login information was submitted?

(I've tried with "FormsAuthentication.HashPasswordForStoringInConfigFile(Password, "md5" )" instead of "Password", and I've tried with "yaf_user_login @BoardID, @Name, @Password" as command, but nothing seems to work. I know that the connectionstring is alright, since I can easily SELECT Name FROM yaf_User and retrieve all usernames.)

I hope somebody can help me!
Back to top
WWW  Report Abusive | Report SPAM
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

YAFPro Theme Created by Jaben Cargman (Tiny Gecko)
Powered by YAF 1.9.3 RC1 | YAF © 2003-2008, Yet Another Forum.NET
This page was generated in 0.066 seconds.

SourceForge.net Logo Powered by ASP.NET v2.0 411ASP.NET