NetTalk Central

NetTalk Web Server => Web Server - Ask For Help => Topic started by: jking on July 19, 2021, 08:43:12 AM

Title: storing salted hash passwords (NT 12.19)
Post by: jking on July 19, 2021, 08:43:12 AM

Hello all,

     I'm trying to store salted hashed passwords in a user.tps file.  On a NT Form, I have fields for user name, password and salt.  In the Validate embed for the password and salt fields I have the following:

If Usr:Password <> p_web.GSV('PW')
    st.setvalue(clip(Usr:Salt)&Clip(Usr:Password))
    Crypto.MakeHash(st, cs:CALG_SHA_256)
    Usr:Password = st.GetValue()   
END

     The condition is to see if the values have changed.  I find that when I save after an insert, and try to log in, this does not work.  If I go back in and enter the same password again and save, then login a second time, it does work.  It seems my hashed value is not correct on the first attempt.  I have tried many other embeds but get the same behavior.  By the way, I also set the following in the GenerateForm, 2 Start embed:

p_web.SSV('PW', Clip(Usr:Password))
p_web.SSV('SALT', Clip(Usr:Salt))

Again, this is to check if the password or hash was changed during editing.  I'm not sure my code/logic is correct here.  Can anyone suggest where I'm going wrong?

Thanks,

Jeff King

Title: Solved - Re: storing salted hash passwords (NT 12.19)
Post by: jking on July 19, 2021, 06:06:26 PM

I solved this by using session values, here is the revised code:

p_web.SSV('PW', p_web.GSV('Usr:Password'))
p_web.SSV('SALT', p_web.GSV('Usr:Salt'))

and

If p_web.GSV('Usr:Password') <> p_web.GSV('PW')
    st.setvalue(p_web.GSV('Usr:Salt')&p_web.GSV('Usr:Password'))
    Crypto.MakeHash(st, cs:CALG_SHA_256)
    Usr:Password = st.GetValue()   
END

If p_web.GSV('Usr:Salt') <> p_web.GSV('SALT')
    st.setvalue(p_web.GSV('Usr:Salt')&p_web.GSV('Usr:Password'))
    Crypto.MakeHash(st, cs:CALG_SHA_256)
    Usr:Password = st.GetValue()   
END

Thanks,

Jeff