使用pwdencrypt时从哪里登录?
omi*_*ata 6 java sql-server security stored-procedures login
我试图通过我的程序登录我们的数据库,但是当我这样做时,我得到无效的凭证,所以我不知道从哪里开始希望任何人都可以帮助我,因为我之前没有使用过pwdencryp和pwdcompare而且我不是确定如何让它发挥作用
我的代码:
protected String doInBackground(String... params) {
if (userid.trim().equals("Developer")|| password.trim().equals("Dev!n_234"))
isSuccess2=true;
z = getString(R.string.login_succes);
if(userid.trim().equals("")|| password.trim().equals(""))
z = getString(R.string.indsæt_rigtigt_bruger);
else
{
try {
Connection con = connectionClass.CONN();
if (con == null) {
z = getString(R.string.Forbindelses_fejl)+"L1)";
} else {
CallableStatement cs = null;
String query = "{call [system].[usp_validateUserLogin] (?,?,?,?,?)}";
Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery(query);
CallableStatement ps = con.prepareCall(query);
ps.setString(1, userid);
ps.setString(2, password);
ps.setInt(3,72);
ps.setNull(4, Types.BOOLEAN);
ps.registerOutParameter(5, Types.VARCHAR);
cs.executeUpdate();
if(rs.next())
{
z = getString(R.string.login_succes);
isSuccess=true;
}
else
{
z = getString(R.string.Invalid_Credentials);
isSuccess = false;
}
}
}
catch (Exception ex)
{
isSuccess = false;
z = getString(R.string.Exceptions)+"L2)";
Log.e("MYAPP", "exception", ex);
}
}
return z;
}
}
}
} 程序,流程
ALTER PROCEDURE [system].[usp_validateUserLogin]
@p_Login NVARCHAR ( 50 )
, @p_Password NVARCHAR ( 32 )
, @p_CompanyID INT
, @p_OutDetails BIT = 1
, @p_AuthenticationTicket VARCHAR(200) OUTPUT
AS
BEGIN
SET NOCOUNT ON;
DECLARE @errNo INT
, @recCount INT
, @res INT
SELECT u.*
INTO #tmpLogin
FROM system.[User] AS u WITH ( NOLOCK )
WHERE ( u.Login = @p_Login )
AND ( u.Company_ID = @p_CompanyID )
AND ( pwdcompare ( @p_Password, u.Passwd ) = 1 )
AND ( u.Status = 0 ) --Active
SELECT @errNo = @@ERROR
, @recCount = @@ROWCOUNT
IF ( @errNo <> 0 )
BEGIN
RETURN 1010
END
IF ( @recCount = 1 )
BEGIN
DECLARE @userID INT
SELECT @userID = ID
FROM #tmpLogin
EXEC @res = system.usp_renewAuthenticationTicket @p_DoerTicket = ''
, @p_AuthenticationTicket = @p_AuthenticationTicket OUTPUT
, @p_UserID = @userID
, @p_CompanyID = @p_CompanyID
IF ( @res <> 0 )
RETURN @res
END
--SET @p_AuthenticationTicket = 'TESTAUTHENTICATIONTICKET0123456789'
IF ( @p_OutDetails = 1 )
BEGIN
SELECT *
FROM #tmpLogin
END
RETURN 0
END
这是用户注册的过程
ALTER PROCEDURE [system].[usp_iudUser]
@p_ID INT = NULL OUTPUT
, @p_Login NVARCHAR ( 50 ) = NULL
, @p_Password NVARCHAR ( 32 ) = NULL
, @p_FullName NVARCHAR ( 100 ) = NULL
--, @p_LastName NVARCHAR ( 50 ) = NULL
, @p_EMail NVARCHAR ( 200 ) = NULL
, @p_Status TINYINT = NULL
, @p_Roles VARCHAR ( 200 ) = NULL
, @p_DoerTicket VARCHAR ( 200 )
AS
BEGIN
SET NOCOUNT ON;
DECLARE @doerUserID INT
, @doerCompanyID INT
EXEC system.usp_validateAuthenticationTicket @p_Ticket = @p_DoerTicket
, @p_UserID = @doerUserID OUTPUT
, @p_CompanyID = @doerCompanyID OUTPUT
MERGE INTO system.[User] AS target
USING ( SELECT @p_ID
, @doerCompanyID
, @p_Login
, @p_Password
, @p_FullName
, @p_Roles
, @p_Status
/*, @p_FirstName
, @p_LastName*/
, @p_EMail ) AS source ( ID
, CompanyID
, Login
, Password
, FullName
, Roles
, Status
/*, FirstName
, LastName*/
, EMail )
ON ( target.ID = source.ID )
AND ( target.Company_ID = source.CompanyID )
WHEN MATCHED THEN
UPDATE SET
target.Login = CASE WHEN source.Status = 200 THEN target.Login + '_' + CAST ( source.ID AS VARCHAR ( 10 ) ) ELSE target.Login END --Login can not be changed
, target.Passwd = ISNULL ( pwdencrypt ( source.Password ), target.Passwd )
, target.FullName = ISNULL ( source.FullName, target.FullName )
--, target.LastName = ISNULL ( source.LastName, target.LastName )
, target.EMail = ISNULL ( source.EMail, target.EMail )
, target.Roles = ISNULL ( source.Roles, target.Roles )
, target.Status = ISNULL ( source.Status, target.Status )
WHEN NOT MATCHED BY TARGET AND source.ID IS NULL THEN
INSERT ( Company_ID
, Login
, Passwd
, FullName
, Roles
, Status
/*, FirstName
, LastName*/
, EMail )
VALUES ( source.CompanyID
, source.Login
, pwdencrypt ( source.Password )
, source.FullName
, NULLIF ( RTRIM ( source.Roles ), '' )
, ISNULL ( source.Status, 0 )
/*, source.FirstName
, source.LastName*/
, NULLIF ( source.EMail, '' ) );
IF ( @@ROWCOUNT <> 1 )
BEGIN
RETURN 1010
END
IF ( @p_Id IS NULL )
SET @p_Id = SCOPE_IDENTITY ( )
RETURN 0
END
在过程 [usp_validateUserLogin] 中,您使用参数 @p_OutDetails 来确定是否将数据返回给调用者,而在调用者中,您使用记录已返回的事实来确定该过程是否成功。
该行将ps.setString(4, null);[usp_validateUserLogin] 中的参数 @p_OutDetails 的值设置为 null。这与根本不提供参数不同,因为 SQL Server 将使用值 NULL 而不是默认值。如果未提供该参数,则它将使用默认值 (1)。此外,预期的参数类型是 BIT,因此应该使用 ps.SetBoolean 之类的东西将 BIT 参数的值设置为显式值 1(或 true)。
作为显示使用默认值与提供 NULL 值的示例:
CREATE PROCEDURE TestProc
@MyString VARCHAR(10) = 'string'
AS
BEGIN
SET NOCOUNT ON
SELECT @MyString AS Param, ISNULL(@MyString, 'Was Null') AS ItsValue
END
GO
EXEC TestProc null
EXEC TestProc 'A Value'
EXEC TestProc --no params at all
运行此过程会为 3 种类型的 EXEC 返回以下内容。
Param,ItsValue
NULL,Was Null
Param,ItsValue
A Value,A Value
Param,ItsValue
string,string
您的代码正在执行第一种方式,因此当它执行以下行时,@p_OutDetails 包含 NULL 并且它会跳过此位。
IF ( @p_OutDetails = 1 )
BEGIN
SELECT *
FROM #tmpLogin
END
| 归档时间: |
|
| 查看次数: |
257 次 |
| 最近记录: |