Is there anyone who can assist with our dilema? We have created a web-based reporting tool that users will log into with a loginid/password. We want to authenticate the loginid/password against the LMS user tables however the password is encrypted. Does anyone have experience trying to authenticate against this and what have you done?
Please advise if you can,
Thanks! Jayne
SumTotal 7.1 Password
Hi Jayne:
I currently have 7.2 installed, but I'd guess that 7.1 isn't that much different for what you need to do. I think you can find the code you need in I_SYS_util.asp, and examples of how to use it in I_SYS_login.asp as well.
The implementation looks a bit backwards to me, but there may be some reason for this I'm not familiar with. Most password crypto functionality I'm used to takes the plaintext password, encrypts it with a one-way function, then compares the encrypted value against the stored encrypted value. In this code, we see a reversible encryption used instead, and the stored encrypted value is decrypted and compared against the plaintext password.
Note that there is a web service call to get the password of a user. Not sure if that's the encrypted or plaintext value, but I'd guess it's probably plaintext, as what appears to be the inverse function is provided to set the password of a user, and that's almost certainly based on plaintext.
--
Joe Kyle
--jjkd--