Re: Form Validator

Sun, 30 Jun 2002 19:47:08 -0700 

> > My other question with the DBAuth stuff is can cocoon run the submitted
> > password through MySQLs PASSWORD() function? I would really like to be
> able
> > to keep the password column in the table encrypted and still be able to
> use
> > the DBAuth stuff.

sometime slightly less than a year ago i sent a patch to the dev mailing list
for exactly that purpose.  Since then, i don't use it anymore.  I use an
xsp action with esql that i'll go ahead and attach.

If you really want the patch for dbauth, let me know-- but i consider it hackish.

Tim


<?xml version="1.0"?>

<xsp:page 
  xmlns:xsp="http://apache.org/xsp"; 
  xmlns:esql="http://apache.org/cocoon/SQL/v2";
  xmlns:log="http://apache.org/xsp/log/2.0";
  xmlns:xsp-session="http://apache.org/xsp/session/2.0";
  xmlns:xsp-request="http://apache.org/xsp/request/2.0";
  xmlns:action="http://apache.org/cocoon/action/1.0";
  create-session="true">
  <page>
    <log:logger name="auth"/>
    <esql:connection>
      <esql:pool>concenter</esql:pool>
      <esql:execute-query>
        <esql:query>
          select * from user where 
            username='<xsp-request:get-parameter name="username"/>' and
            password=password('<xsp-request:get-parameter name="password"/>')
        </esql:query>
        <esql:results>
          <esql:row-results>
            <action:set-success/>
            <log:info>authentication succeeded.</log:info>
            <xsp-session:set-attribute name="user-id"><esql:get-string 
column="id"/></xsp-session:set-attribute>
            <xsp-session:set-attribute name="priv"><esql:get-string 
column="permissions"/></xsp-session:set-attribute>
            <xsp-session:set-attribute name="username"><xsp-request:get-parameter 
name="username"/></xsp-session:set-attribute>
          </esql:row-results>
        </esql:results>
        <esql:no-results>
          <log:info>authentication failed.</log:info>
          <action:set-failure/>
        </esql:no-results>
      </esql:execute-query>
    </esql:connection>
  </page>
</xsp:page>


---------------------------------------------------------------------
Please check that your question  has not already been answered in the
FAQ before posting.     <http://xml.apache.org/cocoon/faq/index.html>

To unsubscribe, e-mail:     <[EMAIL PROTECTED]>
For additional commands, e-mail:   <[EMAIL PROTECTED]>

Reply via email to