Re: WOA, Building a Login form
Re: WOA, Building a Login form
- Subject: Re: WOA, Building a Login form
- From: Amedeo Mantica <email@hidden>
- Date: Sun, 3 Apr 2005 23:19:46 +0200
Thanks for the fast reply
sorry if I ask again... but I'm now learning WO...
After an User login is verified, how to namege it in the session?
Thanks
Amedeo
On 03/apr/05, at 18:14, Drew Thoeni wrote:
First, I'm not, by any stretch, an expert WO/Java programmer. Given
that, here's some code I use that others on the list might have
improvement suggestions on.
/**
* Checks for null email address and password. If not null then
* This user is retrieved from the database and their encrypted password
* of record is compared to what they entered. All methods calculating
the password
* or comparing the password add the user's email address before the
password
* as a salt to ensure no two password digests are the same.
* Requires import java.security.*
* @throws NoSuchAlgorithmException
*/
public WOComponent login() throws NoSuchAlgorithmException {
if (enteredPassword == null) { // User did not enter password
errorMsg = "Error: Password can not be empty.";
return context().page();
}
User tempUser = fetchUser();
if (tempUser == null) {return context().page();}
String encryptedPassword =
Converter.encryptPassword(enteredEmail.trim()+enteredPassword);
if (encryptedPassword.equals(tempUser.password())) { //
passwords match, user is authenticated
tempUser.setLastLogIn(new NSTimestamp());
tempUser.setTimesLoggedIn( new
Integer(tempUser.timesLoggedIn().intValue() + 1) );
ec.saveChanges();
}
else {
errorMsg = "Error: Password or email invalid.";
return context().page();
}
}
/**
* Fecths a single user from the database whose email address
* macthes the one input by the user attempting to login
*/
private User fetchUser() {
if (enteredEmail == null) {
errorMsg = "Error: Email address appears invalid.";
return null;
}
// fetch user from database
NSDictionary bindings = new NSDictionary(enteredEmail.trim(),
"primaryEmailIn");
User u = null;
try {
u = (User)EOUtilities.objectWithFetchSpecificationAndBindings(
ec, "User", "FetchSingleUser", bindings);
}
catch (Exception e) {
NSLog.debug.appendln("Unknown user with email " + enteredEmail +
" generated this login exception: " + e);
errorMsg = User.staticExceptionHandler(e);
ec.revert();
return null;
}
return u;
}
/**
* This static method (from Converter class) takes a string and
encrypts it using one-way encryption.
* @param String passwordIn is any string, but typically will be
* a clear text password to be encrpyted.
*/
public static String encryptPassword(String passwordIn) throws
NoSuchAlgorithmException {
String encryptedPassword;
MessageDigest md = MessageDigest.getInstance("SHA"); // Can be
"MD5" or "SHA" (MD5 is weaker)
md.reset();
md.update(passwordIn.getBytes());
byte[]arr = md.digest();
encryptedPassword = (new BASE64Encoder()).encode(arr);
return encryptedPassword;
}
On Apr 3, 2005, at 11:46 AM, Amedeo Mantica wrote:
I' looking for a code example
Thanks
Amedeo
On 03/apr/05, at 17:38, Drew Thoeni wrote:
Amedeo,
There are many apps on the web that show user authentication (the
Apple Store being an example). Are you looking for code or is there
a specific part of authentication you have a question about?
Drew
On Apr 3, 2005, at 11:30 AM, Amedeo Mantica wrote:
Hi,
I'm new to webojects applications, and I see that webobjects is
really nice and I want to switch from PHP!
Just a question, does anyone have a web example with user
authentication ?
Thanks
Best Regards
Amedeo Mantica
Insigno Design Studio
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
email@hidden
This email sent to email@hidden
Amedeo Mantica
Insigno Design Studio
Amedeo Mantica
Insigno Design Studio
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden