Password encryption on UNA
I'm trying to integrate / merge two websites together, one of which is UNA powered. When people register on other website I have, I have their user names and passwords to be updated into UNA user table too, where UNA user name and passwords are saved. This way other website users can login to UNA based website easily without migration.
I want to know how the passwords are encrypted and stored in UNA, so I can implement that functionality in PHP on UNA site.
-
Hello Alchemy!
Here you may find how UNA encrypts users passwords, point 4 (How to manually reset the password ?)
https://github.com/unaio/una/wiki/FAQ
With the best regards, Leonid
-
Thank you Leonid, that answers my question however I was trying to find the function call for this in PHP where user registers and logs in, so they can verify user name / password. Registration involves calling this function to store the password in tables and login involves comparing the passwords. That's what I'm trying to find in the code, which is actually called as the code executes.
Same code I can use in my other website to perform registration and login functionality, so I can make UNA as main website.
-
I was trying to find the function call for this in PHP
-
Thank you Alex, Well I tried to create the user using below query when users are signing up from other website and insert the records in UNA sys accounts table. When they sign up on other website, the same record is updated in UNA table(s), so I can use it to verify their login, when they login to UNA in future.
$query = "insert into sys_accounts (name, email, password, salt) values ('$full_name', '$email', SHA1(CONCAT(MD5('$password'), '$salt')), '$salt')";
After executing this query, record gets updated in sys_accounts table successfully. But when I try to verify the login on UNA website, it fails. Reason could be that
I didn't update all required values like added, logged, profile_id etc in sys_accounts and some other values in other tables (which I don't know).
So I'd like to know, to which function I should pass these four values in UNA, so it updates all required tables and default values, which we don't pass
while creating new registration? Or what values should be updated in which tables to create a new registered user, so we can verify them using default UNA login functionality. -
Reposting as I see the message text was out of view boundary (which could be another bug).
Thank you Alex, Well I tried to create the user using below query when users are signing up from other website and insert the records in UNA sys accounts table. When they sign up on other website, the same record is updated in UNA table(s), so I can use it to verify their login, when they login to UNA in future.
$query = "insert into sys_accounts (name, email, password, salt)
values ('$full_name', '$email', SHA1(CONCAT(MD5('$password'), '$salt')), '$salt')";
After executing this query, record gets updated in sys_accounts table successfully.
But when I try to verify the login on UNA website, it fails. Reason could be that
I didn't update all required values like added, logged, profile_id etc in sys_accounts and some other values
in other tables (which I don't know).
So I'd like to know, to which function I should pass these four values in UNA, so it updates all required tables and
default values, which I'm not passing while creating new registration?
Or what values should be updated in which tables to create a new registered user, so we can verify them using
default UNA login functionality. -
Hello, any help in finding query or function calls, which creates profile and related login info into required tables? I'm stuck here as of now.
-
It isn't enough to add record into sys_accounts table, you need to add record to sys_profiles table as well to be able to login. Also you will need to add record to bx_persons_data and one more record to sys_profiles table to make profile publicly visible.
So, minimal set of tables to display profiles and ability to login are sys_accounts, sys_profiles, bx_persons_data.
The relations between these tables are described here:
https://github.com/unaio/una/wiki/User-Profiles -
I understand it now. However I was not able to find the query or code / function call, which inserts data in all these three tables. E.g. When we register profile, we use 4 fields, Account Name, email, password and newsletters. Somewhere in code UNA might be passing these parameters to a function... which automatically call other functions and executes the queries. So I wanted to call the same function and pass these parameters, coming from other website to UNA, so rest of the things happen smoothly. I'm not PHP programmer, the guy who is working on it, is beginner in PHP too, so we would appreciate spoon feeding to get started.
-
Hello Alchemy!
Most of actions with INSERT / UPDATE in UNA are done via Forms which work according data from `sys_object_forms`. So it would be hard to call "some code / function" to inserts data to all three tables. In common way you may call BxAccntFormAccount and its method insert(array(with fields and fields values)), then get account id, then call class BxDolProfile with its static method "add" etc. To proper work of similar constructions better to build full module for UNA. Or insert content to mentioned tables via MySQL only.
With the best regards, Leonid
-
Ok, great, that explains everything, as a novice we were confused by the code.
So once the login is successful, which cookie or session ID is used to maintain session for further communication?
-
Hello Alchemy!
After login system set COOKIE for memberID and memberPassword. You may find more details in inc/profiles.inc.php file, functions like bx_login, bx_require_authentication and check_logged.
With the best regards, Leonid
-
Ok great after understanding the code a bit more, I think you guys are beyond Awesome :)
Here is another one now. On each successful login action, I'd like to update a unique website name value in sys_accounts table in the same row against user name and password, this would be useful to identify which website this profile belongs to and whether certain actions need to be taken for that particular user depending on the value. This value is being passed as hidden field from login form and I have added column for this value too.
I'd like to know what would be best way to update this new hidden value from login form in sys_accounts table after user is verified? Is there any other place too, where I need to perform this action?
Here is what I had in mind, please check the bold statement :
/**
* Check if user is logged in (necessary cookies are present) and set some global variables
*/
function check_logged()
{
$aAccTypes = array(
BX_DOL_ROLE_ADMIN => 'admin',
BX_DOL_ROLE_MEMBER => 'member'
);$sID = isset($_COOKIE['memberID']) ? bx_process_input($_COOKIE['memberID']) : false;
$sPassword = isset($_COOKIE['memberPassword']) ? bx_process_input($_COOKIE['memberPassword']) : false;$bLogged = false;
foreach ($aAccTypes as $iRole => $sValue) {
if ($GLOBALS['logged'][$sValue] = ($sID && !bx_check_login($sID, $sPassword, $iRole))) {
$bLogged = true;// Update website value here in sys_accounts table... (My question is, can I access $iWebsite, which is hidden value in sys-form-login form and run update query here something like update sys_accounts with $iWebsite value where UserID = $sID?)
break;
}
}if ((isset($_COOKIE['memberID']) || isset($_COOKIE['memberPassword'])) && !$bLogged)
bx_logout(false);
} -
Hello Alchemy!
Well, your task is almost clear except question where data about this site will arrive from. If you know how to fill and process it with the then it's OK. More critical part is changing core files like inc/profile.inc.php. It's not good especially in UNA which has many tools to call own code without changes system files which can be changed during the next upgrade :-)
So let's do it prolerly right from now. UNA has alert system almost like in Dolphin, but more advanced. So it is needed to fire some alert(event) in one place and caught it with a handler somewhere else. You may meet in code constructions like (for example in function bx_login, file inc/profiles.inc.php)
bx_alert('account', 'login', $iId);
It means that system call all alert handlers for system type "account" and action "login". $iId is object identifier, in this case - id of logged account.
So now you may to create own handler to add some own action after login where possible to process data from login form on your own look.
Necessary stages for this:
1) create some PHP file like BxDolAdvancedLogin.php in inc/classes/ folder (if you don't want to create own module for now)
2) in this file create code like
class BxDolAdvancedLogin extends BxBaseModProfileAlertsResponse
{
public function __construct()
{
$this->MODULE = 'bx_persons';
parent::__construct();
}public function response($oAlert)
{
parent::response($oAlert);switch ($oAlert->action)
{
case 'login':
// make actions with login form data wcich you need
break;
}
}
}3) Run this queries in your UNA Database:
INSERT INTO `sys_alerts_handlers` (`name`, `class`, `file`, `service_call`) VALUES
('adv_login', 'BxDolAdvancedLogin ', 'inc/classes/BxDolAdvancedLogin.php', '');
SET @iHandler := LAST_INSERT_ID();INSERT INTO `sys_alerts` (`unit`, `action`, `handler_id`) VALUES
('acount', 'login', @iHandler);4) go to Studio and clear caches.
So after this actions after every login in your UNA site you will have call of your code in mentioned PHP file.
If this way is little hard for now and you're sute that you will remember your changes in system files then add this code
// make actions with login form data wcich you need
in function bx_login right after the following line:
bx_alert('account', 'login', $iId);
With the best regards, Leonid
-
Thank you Leonid. This is awesome and explanation is very clear, I would have never figured this out for long as I'm from Java background and just started in PHP.
Will try this and post more, if I get into any issue.