Dual Pins for Users


#61

lol I posted it to encourage you to give up.

… Of course our JScript environment does not have support for cryptography functions but maybe doing it by importing .net assemblies might be possible. Well I don’t know if it really worth for the effort.


#62

LOL, NEVEEERRR!

I was guessing something allong those lines was going to be needed, still tracing variables to try and see whats hapening.


#63

Think your going to win in all honestly but you know what comes next now;

Can we not get a secondary pin field for users :stuck_out_tongue: ‘Quick Pin’ for RFID/MSR, either pins work,1 out of two required, both in same unique pool amongst all users?

@RickH obviously would like something like this LOL


#64
function verifyPassword(p,h){
	var lib = host.lib('mscorlib');
  	var asm = lib.System.Reflection.Assembly.LoadFrom('C:\\Program Files (x86)\\SambaPOS5\\Samba.Infrastructure.dll');
	var type = asm.GetType('Samba.Infrastructure.Helpers.SecurePasswordHasher');
	var method = type.GetMethod('Verify');
	var arr = host.newArr(2);
	arr[0]=p;
	arr[1]=h;
	var result = method.Invoke(null, arr);
	return result;
}

#65

But what we’ll release with V6 if we’ll implement everything in V5?


#66

Love you :wink:

So just to clarify I will need to input both the password string entered § and the hashed password (h) to test against?


#67

Forget that, answered my own question, so would need to call all users and loop this function inputting entered password each time with the looped hash from each user.
Awesome, thanks for that emre.
Will sort a tutorial when implimented.


#68

You’re calling the method I previously gave the source code. You’ll send password entered by user and the hash stored in the database.


#69

Although @emre have just had a thought, in future I would ideally need a way to generate the hash :-/. Had planned to intergrate samba with our guestlink site, not just for loyalty members but also as a way of syncing users between all our properties as we share/move staff arround by having the users also sync through the site.
Would the hash process be specific to an install or are methods generic enough they could be generated in PHP or other web based script as was going to make the process for creating users on the site and script samba to sync with the site each morning.


#70

I really don’t know PHP. Search for Rfc2898


#71

Worst case these users wouldn’t have API access in samba and they are being treated as pins so could store in a decodable hash on site and generate within samba.
Do you have the method for creating the hash by chance? Then would generate it in samba in the sync script.


#72

Yes call Hash method instead of Verify and just send the p.


#73

Awesome, missed that, should have picked up on that line…


#74

And that would also save the looping as if can generate the hash and just query using that to return directly the matched user.
Cheers.


#75

Hey noticed you entity screen on this thread and saw that you have employment status listed… how do you use this I’m assuming it’s active or inactive is it linked to a state?


#76

Its nothing really, it simply notes if the employee is active( works here) or terminated (fired). Its just a note for my self