Hi everyone so I'm making an authentification scheme that has 2 functions.
A function that authenticates the user. All the data for the user is stored in a table called DJELATNIK which has attributes KORISNICKO_IME (username) and LOZINKA (password) and some more.
So this function just returns true if the username and password match in that table.
create or replace FUNCTION
prijava_custom(p_username IN VARCHAR2, p_password IN VARCHAR2)
RETURN BOOLEAN
AS
v_korisnicko varchar2(100);
v_lozinka varchar2(100);
BEGIN
SELECT KORISNICKO_IME, LOZINKA
INTO v_korisnicko, v_lozinka
FROM DJELATNIK
WHERE UPPER(KORISNICKO_IME) = UPPER(p_username)
AND LOZINKA = enkripcija_MD5(p_password);
RETURN TRUE;
EXCEPTION
WHEN NO_DATA_FOUND THEN
RETURN FALSE;
END;
The other function is the encryption mentioned in the last function.
create or replace Function enkripcija_MD5 (pstring IN VARCHAR2) Return VARCHAR2 IS
hash_lozinka VARCHAR2(32) := '' ;
BEGIN
hash_lozinka := DBMS_OBFUSCATION_TOOLKIT.md5(input => UTL_I18N.STRING_TO_RAW (pstring, 'AL32UTF8' ));
RETURN hash_lozinka;
END enkripcija_MD5;
The thing that escapes my mind at the moment is how I save the encrypted password in the table instead of the plain text password?
I tried making an "After submit" process on the FORM edit page but that didn't work. Tried making a dynamic action that sets the password value right away to the hashed value, but that didnt work either. I know it's like a really banal thing and I should know it but I really cant think of it so I'm looking for ideas.
CodePudding user response:
One option would be a database trigger.
Here's an example.
Simplified table:
SQL> CREATE TABLE djelatnik
2 (
3 korisnicko_ime VARCHAR2 (20),
4 lozinka VARCHAR2 (32)
5 );
Table created.
Function:
SQL> CREATE OR REPLACE FUNCTION enkripcija_MD5 (pstring IN VARCHAR2)
2 RETURN VARCHAR2
3 IS
4 hash_lozinka VARCHAR2 (32) := '';
5 BEGIN
6 hash_lozinka :=
7 DBMS_OBFUSCATION_TOOLKIT.md5 (
8 input => UTL_I18N.STRING_TO_RAW (pstring, 'AL32UTF8'));
9 RETURN hash_lozinka;
10 END enkripcija_MD5;
11 /
Function created.
Trigger:
SQL> CREATE OR REPLACE TRIGGER trg_biu_djel
2 BEFORE INSERT OR UPDATE
3 ON djelatnik
4 FOR EACH ROW
5 BEGIN
6 :new.lozinka := enkripcija_md5 (:new.lozinka);
7 END;
8 /
Trigger created.
Let's test it:
SQL> INSERT INTO djelatnik (korisnicko_ime, lozinka)
2 VALUES ('little', 'foot');
1 row created.
Table contents:
SQL> SELECT * FROM djelatnik;
KORISNICKO_IME LOZINKA
-------------------- --------------------------------
little D8735F7489C94F42F508D7EB1C249584
Query from your prijava_custom function:
SQL> SELECT *
2 FROM djelatnik
3 WHERE UPPER (korisnicko_ime) = 'LITTLE'
4 AND lozinka = enkripcija_md5 ('foot');
KORISNICKO_IME LOZINKA
-------------------- --------------------------------
little D8735F7489C94F42F508D7EB1C249584
SQL>
Testing your function:
SQL> set serveroutput on
SQL> CREATE OR REPLACE FUNCTION prijava_custom (p_username IN VARCHAR2,
2 p_password IN VARCHAR2)
3 RETURN BOOLEAN
4 AS
5 v_korisnicko VARCHAR2 (100);
6 v_lozinka VARCHAR2 (100);
7 BEGIN
8 SELECT KORISNICKO_IME, LOZINKA
9 INTO v_korisnicko, v_lozinka
10 FROM DJELATNIK
11 WHERE UPPER (KORISNICKO_IME) = UPPER (p_username)
12 AND LOZINKA = enkripcija_MD5 (p_password);
13
14 RETURN TRUE;
15 EXCEPTION
16 WHEN NO_DATA_FOUND
17 THEN
18 RETURN FALSE;
19 END;
20 /
Function created.
SQL> begin
2 if prijava_custom('little', 'foot') then
3 dbms_output.put_line('True');
4 else
5 dbms_output.put_line('False');
6 end if;
7 end;
8 /
True
PL/SQL procedure successfully completed.
SQL>
Everything looks OK to me.