The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/printthread.php 16 require_once



UserSpice
user / pass -> unique pin - Printable Version

+- UserSpice (https://userspice.com/forums)
+-- Forum: Support Center (https://userspice.com/forums/forumdisplay.php?fid=23)
+--- Forum: UserSpice 4.3 and Below (https://userspice.com/forums/forumdisplay.php?fid=26)
+--- Thread: user / pass -> unique pin (/showthread.php?tid=1080)



user / pass -> unique pin - roger - 06-22-2018

Hi!

Is there a way to substitute the user / pass to a unique pin as a login?
thank you



user / pass -> unique pin - mudmin - 06-22-2018

Yep. You would want to copy login.php to usersc/login.php and write some code there. I don't have time this moment to write it, but I could help you. So you're saying no username. No password, just a pin?


user / pass -> unique pin - roger - 06-22-2018

Cool! Thank you, Mudmin.
Yes, it would be just a pin, uniquely assigned to each user.



user / pass -> unique pin - mudmin - 06-22-2018

Ok. I have some ideas. When I get a break from work, I will get you some sample code.



user / pass -> unique pin - roger - 06-22-2018

great! thank you so much



user / pass -> unique pin - Brandin - 06-22-2018

I just wanted to caution you with this idea given the chances of breaches are much higher with a simple PIN number. Not knowing what exactly you're data set is like or what you're using your project for, consider an ID and PIN (Case ID, User Id, what have you). I will let mudmin help you otherwise.


user / pass -> unique pin - mudmin - 06-22-2018

Yeah. I was going to say the same thing. The other issue you have is that with only a single piece of data, there's no way you can encrypt the pin in the database.

What happens if you have a username and a password, it finds the username and then tries to decrypt the password in the db with the password entered in the form.

Since there won't be a username, you would have to go through every single password and try to decrypt it looking for a match. Since our database is designed to prevent that, it would take forever.

The only thing I can think of if you truly want a single input is to let them pick the first last 4 digits of the pin and you pick the first 4(or more). You'd start your database with user 1000 and basically the first 4 digits would be the row in the db and the last 4 would be the pin.

So 10014124 would go to row 1001 and try to decrypt with the pw 4124.

This would be extremely easy to crack though as Brandin said.

So yeah, you'll definitely have to tell me what you want there, but I can help.



user / pass -> unique pin - roger - 06-25-2018

Thanks guys for brining the security issue to my attention. I am well aware of this, but still liked to proceed with the pin option... it should/would be also 6 digits.
Thanks