Hi,

I'm trying to use the openflyers' database to check login/password of another page of my website. This page checks user/pass using the "Authentication" tables.

By the way it doesn't work, and it's strange. My question is: are password insterted in the database cripted?

I attach the page, maybe you can find the error, but really I cannot understand.

Thank you,
Stefano

Stefano Marchesin

Hello,

To perform correctly your request, you should call the OpenFlyers checkIdent.php file in your own php file instead of trying to access directly to the database.

An example, for "how to use it", is given within this file.

And to answer you : yes password are crypted. It's safer for everybody ;-)

Christophe LARATTE
OpenFlyers manager

Could you please tell me the encription method? Is md5?

Thanks,
Stefano

Stefano Marchesin

Yes it's MD5.

You can see the right check method with the database in the userSession.php file (classes directory).

But, I confirm that it's not the good way to check directly the database.

The good way is to use the checkIdent.php file.

For 2 good reasons :

- in the future we can change the encrypt method

- the checkIdent.php file returns you more informations than just a password check. For example, an user could have a right password but had his fee outdated.

In every case, DO NOT FORGET TO setslashes (if require) to your ident and password strings. See the file in the pool directory for more information.

Christophe LARATTE
OpenFlyers manager

Thank you for your reply.

In my site I vahe installed OF, now I'd like to create a page for all our members, where we'll put announcements and docs to be downloaded. This page should be protected with a password, and I'd like to use the openflyers' database for authentication.

How can I do to protect this page with a login/password checked through the of database? Do I have to prepare a new login page (as I tried unsiccessfully) or can I use the of login page?

Thank you,
Best regards.

Stefano Marchesin

Problem solved! I've created another login page that encrypts $_Post datas with md5 and then it checks with the database!

One more thing only: after that I had login in my new login page, if I try to enter openflyers it asks for the password again. Because Ive already done the login on the pther page, how can I do that OF doesn't ask for the password again?

Thank you.


Stefano Marchesin

There is no safe way for the moment.

I'll think about it.

Christophe LARATTE
OpenFlyers manager