Hi!
Is there a way to substitute the user / pass to a unique pin as a login?
thank you
Yep. You would want to copy login.php to usersc/login.php and write some code there. I don't have time this moment to write it, but I could help you. So you're saying no username. No password, just a pin?
Cool! Thank you, Mudmin.
Yes, it would be just a pin, uniquely assigned to each user.
Ok. I have some ideas. When I get a break from work, I will get you some sample code.
I just wanted to caution you with this idea given the chances of breaches are much higher with a simple PIN number. Not knowing what exactly you're data set is like or what you're using your project for, consider an ID and PIN (Case ID, User Id, what have you). I will let mudmin help you otherwise.
Yeah. I was going to say the same thing. The other issue you have is that with only a single piece of data, there's no way you can encrypt the pin in the database.
What happens if you have a username and a password, it finds the username and then tries to decrypt the password in the db with the password entered in the form.
Since there won't be a username, you would have to go through every single password and try to decrypt it looking for a match. Since our database is designed to prevent that, it would take forever.
The only thing I can think of if you truly want a single input is to let them pick the first last 4 digits of the pin and you pick the first 4(or more). You'd start your database with user 1000 and basically the first 4 digits would be the row in the db and the last 4 would be the pin.
So 10014124 would go to row 1001 and try to decrypt with the pw 4124.
This would be extremely easy to crack though as Brandin said.
So yeah, you'll definitely have to tell me what you want there, but I can help.
Thanks guys for brining the security issue to my attention. I am well aware of this, but still liked to proceed with the pin option... it should/would be also 6 digits.
Thanks
