I have a database created by a different software but I dont like the configuration of there pages
so I used there log in page but I want to redirect users after login to my custom pages designed in wappler but with same login details. so I have buikt SCRUD apis but the log in is a problem
first the password in the database is encrypted so I have to use a password verify in my security log in API but I dont have an idea of how I can do it…
Kindly help
Hey @Pixsley , welcome to our community.
Can you explain a little more?
Database can be created wherever you like and you just have to create a database connection within wappler in order to work with wappler.
Database and pages are in the same server?
Have you created a new login page with wappler?
If yes, the only thing you need to do is add first thing in your api the security identify module to keep track of the log-in info (if there is) and after that a security resctrict in order to restrict the access in only allowed members/groups…
Can you understand what I’m saying?
Have you gone through any steps of the above?
I suggest you to take some time and watch these beatifull videos from @Hyperbytes and @ben
okay but look
I built a website and I bought an external Php script called amemberpro to handle my membership settings , products , affiliates and so on.
but there dasboard and other pages are so funny and I feel they dont meet up to my company standards but the database created by the software is really good in structure and I would want to use there admistrator capabilities to handle stuff but when it comes to the client side, I want to use my custom pages built in wappler.
The concept is I direct the user to a login page made by amember and so the user enters their details but they get redirected to my wappler designed pages depending on the user group they get redirected to either basic, gold or Afdmin dashboard.
I cant modify the script api for amember though I can redirect a user after login to just one page.
so since i can access the database I wanted to build my own log in API but the passowrd in the data base is already encrypted by amember so
how do I create a log in API where by the user enters there password and user name and it matches the one in the amember database so I can redirect them to any page I want given ther user group.
Remember
the user enters the normal password but amember script encrypts it and I am not sure of the encryption i think it could be BCRYPT or some thing ,
So how do I create my login page that querries the user password on my custom page and matches it to the encrypted password inn the amember user table for a successful login???
I did something for NodeJS and bcrypt, here you can see how the Server Action is done:
For the front-end you need to check a Wappler tutorial on how to make a login form, etc.
Also, you need to discover the exact hashing (“encryption”) algorithm the passwords are using, without that information it’s a dead-end. And then you probably need to build (or pay someone else) to build a custom extension (or custom formatter) for the hashing algorithm it’s using, or if it’s bcrypt and you’re using NodeJS then you can use extension I wrote
As a matter of fact @Pixsley wants to recreate his entire website…
The only thing that holds him back is the Logging functionality, right?
One thing comes to my mind.
Is there a secure way to force his existing users to update/reset their passwords?
I don’t know exactly but thinking of sending them an email with a security code and a link to click and then reset the passwork without cjecking the existing cradendials…
Or use a token? (I don’t know about that procudure…)
And the reset will be done on his new login page build with wappler.
So, he will handle with a way he wants the encryption method and OWN his site without reatrictions?
Good idea!
Login functionality, logging refers to logs, not login 
1 Like
I got an extra g-point there… Sorry 
I think this step might do the magic but am using PHP not node js can the same extention work?
If not how do I write a PHP extention that does the same
Also I have contacted the support team and they said the password in the daabase is just a hash not an encryption and advised me to use the password _verify function
see this is the message from the amember support
It is not encryption. It is hash of password.
You need to use php function password_verify to verify password:
https://www.php.net/password_verify
$password - user submitted password
$hash - value from aMember table am_user column pass
SO any ideas on how i can use the password verify function in the login step please???
okay thanks let me try it
The password verify properties
Password is the user Post password and the Hash is the database password ( that is in Hash form?)
Password is the user Post password and the hash is the value that you have in the aMember table…
I’m not sure (haven’t done it before…) but try and see
Here is what I have done but the login page just allows even wrong un existent emails and passwords provided the meet the validation rules.
it still doesnt give the correct results since now any one cam login aslong as validation is okay
I dont know what to do now
Just wondering, have you tried something like this?
1
2
3
4
So it turns to
$_POST.password.passwordVerify(query[0].pass)
- Each step returns a result
- Password Verify step returns a boolean
falseortrue - Your Security Login step is always running, independently if the Password Verify step succeeded or not
You’re missing a Condition step to verify if the password verification was successful. Only if it’s successful (true) you run Security Login. Please check the screenshots how I did it with bcrypt:
Look at the Condition step!
1 Like
let me give it try
I have still failed to figure this out but is there a way I can log my user in without using a password that is hashed??
for example instead of password, I use username and email
kindly check the picture and advise
- User inputs e-mail address
- You send an e-mail to user with a login link (containing a random secret string)
- User clicks login click
- You use Security Login step to login, with the password that exists in the database (obtained through a Database Query step)
Regarding point 2, you would need to create a “login_secret” column in the users table, so you can create a random string and then send it through e-mail, and then when the users click the link you check if the secret matches
https://youtube.com/playlist?list=PLUjqTJN3byC9W9UFjsV9f9vefe_ZSFQfb&si=VBDt_AelPoTCiO5r
Take a look at this series from around module 14 which covers the techniques you need such as sending codes for login.
1 Like
Thanks all for the help but i figured out an alternative solution
since the amember technology already has a login step that is highly secure, I made my users to login first on the amember login page, then I redirected them to my custom bridge page where I asked users to confirm their login details
in this login I used the user email and the user name as a password. since all this data exists in the database, I put a security restrict to this page in that it can only be accessed by first logging in from amember page and so I am able to have a secure site with a proper login functionality. and I can base other APIs on this login ie user logged in, user data , security identity , etc