On May 2, 2006, at 9:58 AM, Jonathon Bevar wrote:
Joe,
Thanks for the answer to question one.
"(I'm assuming that you have gone through the tutorials that come
with RB, and mastered the basics of reading and writing files,
designing windows and menus, etc.)" Now as for reading the LR, umm
well kinda-sorta read it. I mostly read it when I need to, so I
did read about the MD5, but not to the point as doing anything
without a little help. I learn best by having someone show me a
simple code then letting me work on it and playing with it to
understand HOW and WHY it works.
"Using TextInputStream as usual. Remember that you can't undo this
MD5 hash; you just read it in, and then compare it to the MD5 of
whatever the user enters for a password to see if it matches." Ok
here is where a little simple code will help me out most.
We (I) have this:
// Write User/Password Code to text file
Dim strout As TextOutputStream
Dim f As FolderItem
f = GetFolderItem("").Child("PatientLog_UPC.ini")
if f <> Nil then
strout = f.CreateTextFile
strout.WriteLine userName.text
strout.WriteLine MD5( userPassword.text )
strout.Close
end if
MsgBox("The User's Name and Password has been saved. Please press
'OK' to continue...")
Self.Close
// Read User/Password Code from text file
Dim strin As TextInputStream
Dim f As FolderItem
f = GetFolderItem("").Child("PatientLog_UPC.ini")
If r.exists then
if f <> Nil then
strin = f.OpenAsTextFile
userName.text = strin.ReadLine
userPassword.text = strin.ReadLine
strin.Close
end if
End if
Ok, now what do I do?
First, rewrite the code above to prevent the NilObject Exception that
will occur if PatientLog_UPC.ini cannot be opened.
// Write User/Password Code to text file
Dim f As FolderItem
f = GetFolderItem("").Child("PatientLog_UPC.ini")
if f <> Nil then
Dim strout As TextOutputStream = f.CreateTextFile
If strout <> nil then
strout.WriteLine userName.text
strout.WriteLine MD5( userPassword.text )
Else
Msgbox "I was unable to open the file for writing.
End if
end if
In a simple scheme, you would write the password to
PatientLog_UPC.ini. At login, you open PatientLog_UPC.ini, read the
password value, and compare it to the user entry to see if it is
valid. Obviously this has a security hole -- if someone opens
PatientLog_UPC.ini with a text editor, they can grab the password.
So instead you store a hash of the password. Given the hash, it is
not feasible to reconstruct the password. So now at login, you take
the user entry and compute its hash. Then you open
PatientLog_UPC.ini, read the password hash, and compare that to the
hash of the user entry to check validity.
Function CheckPassword(userPassword as String) as Boolean
dim f as FolderItem = GetFolderItem("").Child("PatientLog_UPC.ini")
If f is nil then
dim alert as new MessageDialog
alert.Message = "A configuration error has messed up your day."
alert.Explanation = "The file 'PatientLog_UPC.ini' is missing,
or its permissions are wrong for the current user."
Call alert.ShowModal
Return false
End if
dim t as TextinputStream = f.OpenAsTextFile
If t is nil then
dim alert as new MessageDialog
alert.Message = "A file error occurred."
alert.Explanation = "The file 'PatientLog_UPC.ini' could not be
opened for reading (error " + Str(f.LastErrorCode) + "."
Call alert.ShowModal
Return false
End if
dim passwordHash as String = t.ReadLine
t = nil //closes file; don't use t.Close
Return StrComp(passwordHash, userPassword, 0)
End Function
Charles Yeomans
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>
