我一直在尝试为我的应用程序设置自定义身份验证方案。为了登录,我希望用户在我的Oracle数据库表中拥有一个帐户。我使用了以下代码:
FUNCTION my_auth(p_username IN VARCHAR2, p_password IN VARCHAR2)
RETURN BOOLEAN IS x number(3);
BEGIN
SELECT 1 INTO x FROM STUDENTS
WHERE UPPER(S_EMAIL)=UPPER(p_username)
and UPPER(S_PASSWORD)=UPPER(p_password);
return true;
exception
when no_data_found then
return false;
END;
但是,即使我输入了表中存在的正确用户名和密码,它仍然不允许我登录,并说“ Invalid Login Credentials”。有关如何纠正此问题的任何想法?
答案 0 :(得分:0)
您需要使用更多的安全性,以便将密码存储为哈希值。这是我为自定义身份验证架构创建的。
function fn_val_user_and_pwd (
p_username in varchar2,
p_password in varchar2 )
return boolean is
l_user my_schema.my_table.ldap_id%type := upper(p_username);
l_pwd varchar2(512);
l_val pls_integer;
begin
select count(*) into l_val from my_schema.my_table
where ldap_id = l_user and
expirate_pw_date < sysdate ;
if l_val = 1
then
APEX_050100.APEX_UTIL.SET_AUTHENTICATION_RESULT(4);
raise_application_error(-20001,'Your password has expired. Please, change it before login', true);
else
select password
into l_pwd
from my_schema.my_table
where ldap_id = l_user ;
return l_pwd = rawtohex(sys.dbms_crypto.hash (
sys.utl_raw.cast_to_raw(p_password||l_user),
sys.dbms_crypto.hash_sh512 ));
APEX_050100.APEX_UTIL.SET_AUTHENTICATION_RESULT(0);
end if;
exception when NO_DATA_FOUND then return false;
end;