Dual Pins for Users


Yea I’ve upgraded my SQL database to 2017

the script is the same from the post

function getEntityByCustomDataFieldValue(entityType,fieldName,fieldValue) {
var qry = “SELECT e.[Name] FROM [Entities] e JOIN [EntityTypes] et on et.[Id] = e.[EntityTypeId] JOIN [EntityCustomFields] cf on cf.[EntityTypeId] = e.[EntityTypeId] CROSS APPLY OPENJSON(e.[CustomData]) WITH (jsonName varchar(50) ‘$.Name’, jsonValue varchar(50) ‘$.Value’) jsonData WHERE et.[Name] = '”+entityType+"’ AND cf.[Name] = ‘"+fieldName+"’ AND jsonName = ‘FOB’ AND jsonValue=’"+fieldValue+"’";
var userName = sql.Query(qry).First;
return userName || ‘NOTFOUND’;

I also have the entity list Employees and the custom field FOB


Can you show the entity tag screen showing the field names, entity type?
Do you get any errors?
Id sugest trying the sql code in sql manager replacing the “+entityType+”, “+fieldName+” and “+fieldValue+” with string values that would be used in samba.


I am going to try and change the field type to number maybe that could be it.

I will try it in SQL manager to see if it works.


Type shouldn’t matter for a simple where =
There is defiantly a entity with that fob value?
What do you get back? Maybe remove the || NOTFOUND and put call in a show message or ask question to see what your getting back.
Where are you using the call?


Yea there is an entity with the FOB value. The rest of the set up works, when I enter a number that isn’t active I return with a wrong pin message.

I will tinker some more after we close tonight. If I find anything I will post it.


So wrong pin gives wrong pin messgae? What happens with correct pin? This suggests the scrip isnt the problem and its the login automation.


I believe the problem is that the script isnt working, so when a FOB is entered it doesnt find it and return a wrong pin number message. Users can log in with their normal user numbers (the 4 digit pin).


Yes but your presumably catching invalid default user pins entered, the normal user pins should always work else you could messup automation and not be able to login…

So if you enter an invalid pin which isnt normal user pin or a ‘second’ pin it gives an error message?
But a pin configured in entity for FOB returns nothing?

If it returns message for invalid pin this is not default setup so is part of your automation.
If entering invalid pin/fob number gives message the script is doing something.
This is why I said add a show message or ask question action to show the value returned by the script call so you can validate it.

What does the message say? if its anything other than ‘NOTFOUND’ the message is part of your automation and your triggering based on that response.
So the problem (without seeing what the script is returning) could be your automation to login using the returned value.

Without seeing your setup its not possible to say for sure.

Show your automation for the second pin login?


Just to check, does the entity primary field (Name) exactly match the user name for samba login?




Here is a example employee entity:

in my set up name is the same as username



so what does this test return?


What does this return in SQL Manager?

SELECT e.[Name] FROM [Entities] e JOIN [EntityTypes] et on et.[Id] = e.[EntityTypeId] JOIN [EntityCustomFields] cf on cf.[EntityTypeId] = e.[EntityTypeId] CROSS APPLY OPENJSON(e.[CustomData]) WITH (jsonName varchar(50) '$.Name', jsonValue varchar(50) '$.Value') jsonData WHERE et.[Name] = 'Employees' AND cf.[Name] = 'FOB' AND jsonName = 'FOB' AND jsonValue='123456789'


Q is wiz and SQL and have tried script with different fields on database on this machine and works.
So check the script directly that your getting what you expect then check with message in samba that its working and returning as expected in samba.


It is not enough to upgrade. You need to set the DB Compatibility Level to 130 or higher…


It was the compatibility. I appreciate you guys taking time to help, thanks


Hi…as per my experience adding dual pins may solve your issue but we shouldn’t add a specific feature for every case we encounter. Maybe we should execute a script when a pin entry does not match to allow custom logins. I am not saying this will be a better solution but such approach will also be useful for user-entity method.

pcb assembly supplier


@BilHonan not sure if you missed the beginning of the topic but this is what was done. Emre added a rule event to allow us to catch invalid pin entry and abolility to login with an action allowing a bypass for default pin with a second pin.


Finally got round to trying to improve my idea for dual pin.
Was thinking I could use the new password field in user however it looks to be hashed in database.
@emre can I ask what hash type you have used so I can hash the incorrect pin and check against password?
The values in the column look to be prefixed with some stings separated by $
See V1 so guessing you have left open for adaption to alternative hash methods in the future?
Looking at what I guess is the hashed password it looks more complex than md5 etc, guessing they are salted too?
I understand password field is not set to require being unique so plan to only return first result to prevent issue or maybe call via a script and make it not login if returns more than one.


I may change to sha256 in the future but his is how we verify passwords atm.

public static bool Verify(string password, string hashedPassword)
            //check hash
            if (!IsHashSupported(hashedPassword))
                throw new NotSupportedException("The hashtype is not supported");

            //extract iteration and Base64 string
            var splittedHashString = hashedPassword.Replace("$SPHASH$V1$", "").Split('$');
            var iterations = int.Parse(splittedHashString[0]);
            var base64Hash = splittedHashString[1];

            //get hashbytes
            var hashBytes = Convert.FromBase64String(base64Hash);

            //get salt
            var salt = new byte[SaltSize];
            Array.Copy(hashBytes, 0, salt, 0, SaltSize);

            //create hash with given salt
            var pbkdf2 = new Rfc2898DeriveBytes(password, salt, iterations);
            byte[] hash = pbkdf2.GetBytes(HashSize);

            //get result
            for (var i = 0; i < HashSize; i++)
                if (hashBytes[i + SaltSize] != hash[i])
                    return false;
            return true;


Thanks for the info, going to need to research some of those functions LOL.
Unless you perhaps might happen to have a snippet of Jscript to just create the hashed value given original user entered password by chance? :wink: