SQL-based authentication: Difference between revisions

=={{header|Objeck}}==

<lang objeck>use ODBC;

use Encryption;

class SqlTest {

@conn : Connection;

function : Main(args : String[]) ~ Nil {

SqlTest->New()->Run();

}

New() {

@conn := Connection->New("test", "root", "helloworld");

}

method : Run() ~ Nil {

CreateUser("robert", "beer");

IO.Console->Print("authenticated?=")->PrintLine(AuthenticateUser("robert", "beer"));

@conn->Close();

}

method : AuthenticateUser(username : String, password : String) ~ Bool {

status := false;

if(@conn->IsOpen()) {

sql := "SELECT pass_salt, pass_md5 FROM users WHERE username = ?";

ps := @conn->CreateParameterStatement(sql);

ps->SetVarchar(1, username);

result := ps->Select();

if(result <> Nil & result->Next()) {

salt := result->GetVarchar(1);

md5_db_password := result->GetVarchar(2);

password->Append(salt);

md5_user_password := Hash->MD5(password->ToByteArray())->ToHexString();

status := md5_user_password->Equals(md5_db_password);

};

ps->Close();

};

return status;

}

method : CreateUser(username : String, password : String) ~ Nil {

salt := "";

for(i := 0; i < 16; i+=1;) { salt->Append((Float->Random() * 100)->As(Int)); };

salt := salt->SubString(16);

password->Append(salt);

md5_password := Hash->MD5(password->ToByteArray());

if(@conn->IsOpen()) {

sql := "INSERT INTO users(username, pass_salt, pass_md5) VALUES (?, ?, ?)";

ps := @conn->CreateParameterStatement(sql);

ps->SetVarchar(1, username);

ps->SetVarchar(2, salt);

ps->SetVarchar(3, md5_password->ToHexString());

IO.Console->Print("adding user: username=")->Print(username)

->Print(", salt=")->Print(salt)

->Print(", status=")->PrintLine(ps->Update());

ps->Close();

};

}

}</lang>