I am new to programming...
I know this probably is the best way to do an Offline login page
but
MYSQL users db (consists of usernames, passwords, id) is 'downloaded' from a php script to iOS device.That part works, and the users print to the console.
What I am struggling with is, checking the textfield where the user enters their username to the 'usersArray' to see if it exists at index[0]
Any help is appreciated.
I'm not entirely sure what you are trying to do here but I think you are trying to take the value of a text field and see if that value appears in your usersArray. Provided this is the case try:
let exists = usersArray.contains(usernameTextField.text)
This will give you a Bool that indicates if the username exists in your array.
Side Note:
Hopefully you are only doing some general testing at the moment but in case you aren't… Please don't send passwords in plain text and absolutely don't download all usernames and passwords even in an encrypted format to a device! Aside from potentially taking up a large amount of space on the user's device you would be making it very easy for unscrupulous people to crack every user password in your database!
Related
I couldn't come up with a better title, so here is what I'd like to do in an Active Directory (Windows 2008 R2):
A user forgot his password and asks an admin to set his password to a new, randomly generated password. Using this random password, the user logs in again and is prompted to change his password (via having the pwdLastSet option set to 0 when setting the random password).
So far, so good.
Is there a way to enforce that the new random password is only valid for a certain amount of time? The only idea I could come up with was to also set the accountExpires property to "now + n hours", but this poses the problem that I'd have to reset this property as soon as the user legitimatly changes his password within the given time frame, and I don't know how to do that.
Is this at all possible using Windows functionality?
if you have a PasswordExpire date field for each password you can use that. if you don't have, i would recommend you create one.
if you don't want this kind of field you can create a database/file/any other way you choose that contains temporary passwords and their expire date/time
there are many other ways to do it. you need to decide the best for you and if you need help come to use with a problem, this is more a recommendation question.
I'm trying to get a user by email or username from the database, imagine functionality that a user can login either with unique alias or email address, I thought the following would work but it doesn't,
User user =
coll.findOne(DBQuery.is("email", emailOrUsername).or(DBQuery.is("username", emailOrUsername)));
anything i'm missing?
Ok, So apparently the way to create the above query is this:
coll.findOne(DBQuery.or(DBQuery.is("email", emailOrUsername),DBQuery.is("username", emailOrUsername)));
I still don't know what the first query in the original question supposed to do.
Below is my create script of user
CREATE LOGIN [sa] WITH PASSWORD=N'ô/PDM643¸}''8%õ''f;âw¡ÈS'
Can you tell me this password please?
I would say its [ ô/PDM643¸}'8%õ'f;âw¡ÈS ].
select N'ô/PDM643¸}''8%õ''f;âw¡ÈS'
Double quotes like: '' makes just one ' at the end.
And shouldn't forget that N'somestirng' not really the same as 'somestring'.
N'somestirng' - stores 2 bytes/char
'somestirng' - stores 1 bytes/char
So if there is some special characters like in this case- it makes difference.
That password is a one way hash of the original password entered. No one here is going to be able to decrypt it without generating a rainbow table based on the way it was hashed.
So, if you've lost the password then you need to login into the machine using the administrator account and change it.
If you're just trying to hack a sql server... well, I don't think anyone needs to give you more advice.
I've written a C/CGI web application for booking items. My client has requested that I add an 'admin' feature where an authorised user can delete and change data, and those who aren't, can only add data. It is much simpler in concept than most login implementations as there is only a password, and effectively only two states, 'anonymous' and 'admin'.
I come from a PHP background where session management is as simple as session_start(), and I can instantly play around with $_SESSION. Of course, in C/CGI there is nothing built-in like that. I would like to avoid adding a CGI library dependency (I already depend on glib, confuse and libmysqlclient, plus I'm curious to learn about session management).
What is the simplest way to do a password-based session management in C/CGI, without the need for multiple users, large amounts of session data, or anything complex?
A session implies server side maintained state. As you don't have users I guess you want it simpler. If that is the case a signed cookie with an expiration date can do it. This tutorial will show how to do it with Python:
http://webpython.codepoint.net/cgi_cookie
First you have to decide how you are going to persist state in the browser : are you going to use a session cookie or pass a session token on each page ? If you go with the cookie way, you don't have to change your pages and forms, but you need to add cookie management if it's not already present (be careful to use session + httpOnly cookies)
Then you must decide how to get data about the state on the server : if you're already using a database, you could add a "SESSION" table with columns "SESSION_ID" and "EXPIRATION_DATE" + a second table called "SESSION_DATA" with columns "SESSION_ID", "KEY", "VALUE".
You now "just" have to create some simple functions :
int session_createNewSession(long& session_id, long duration)
int session_setValue(long session, char[] key, char[] value)
int session_getValue(long session, char[] key, char[] value)
int session_abandonSession(long session)
This functions would return error codes if session could not be created, or value could not be set/get. You should also probably create a job that runs regularly on the database to delete older sessions.
Now that you have your session system in place, the rest is pretty straightforward :
create a login form
in your cgi handle the received data by checking if the login/password is right (don't store the passwords in the db though : store a salted hash)
if connexion is OK, save the user id in session (or in your case, you could just save a "IsAdmin" value)
You could do in fact simpler : just a session_createNewSession(long& session_id, int isAdmin) would be sufficient in your case (with only one database table), but your client is probably going to ask more features over time isn't he ?
One final note : be careful that your session_id's are random, not indent fields, otherwise it would be quite simple to hijack someone else's session.
I have been tasked with coming up with a solution where I am not sure if there is a solid answer:
How can I match username records from an application's database to users in our Active Directory?
I have two applications this needs to be done for - 1st application I only have firstname and lastname information. Second application i have the application's username, which is similar to activeD's but not a definate match. I also have firstname lastname info.
Now, simply put I can just write a script that matches all the records in ActiveD that match the firstname lastname in the application DB, but that is fraught with errors.
Having no unique identifier to begin with might make this an impossible task, but before I start to task someone else with manually comparing the data after running the script, I thought I would ask the delightful StackOverflow crew to chew on it. There are always methods I don't think of, after all.
So any brilliant ideas out there to accomplish this task?
Thanks guys
Once you get them matched up automatically and the exceptions by hand, make a custom attribute in Active directory where you can store the information to keep them matched up in the future.
You could store the Active Directory object GUID against the database record.
Well, the one thing that will be indeed unique in AD is the sAMAccountName for each user. If you find a way to associate your users in your two databases with a SAM Account Name, you should have no big trouble anymore to do an automatic sync check with AD.
That property is already available in AD, you don't need to add any additional artificial IDs, and it's much easier to read than a GUID.
Marc