Okay.. here's what I've got, currently:
STORED PROCEDURE:
CREATE PROCEDURE dbo.check_login
@un nvarchar(50),
@pw nvarchar(100)
AS
DECLARE @statusCode int
SET @statusCode='0'
IF EXISTS (
SELECT [adminID]
FROM [cpwr_org_01].[dbo].[cpwr_admin_users]
WHERE [userName] = @un AND [userPW] = @pw
)
BEGIN
SET @statusCode='1'
SELECT [adminID], [firstName], [lastName], [userName],
[userLevel], [datecreated], [lastLogin], [isActive], @statusCode as
statusCode, [userPW]
FROM [cpwr_org_01].[dbo].[cpwr_admin_users]
WHERE [userName] = @un AND [userPW] = @pw AND [isActive] = 1
END
ELSE
BEGIN
SELECT @statusCode as statusCode
END
IF (@statusCode = '1')
BEGIN
UPDATE [cpwr_org_01].[dbo].[cpwr_admin_users]
SET [lastLogin] = getdate()
WHERE [userName] = @un AND [userPW] = @pw
END
GO
APPLICATION.CFM
<cfset request.cryptAlgorithm = "BLOWFISH" />
<cfset request.cryptKey = "8charkey" />
LOGINACTION.CFM
<cfset session.user.username = trim(form.username) />
<cfset session.user.password =
Encrypt(trim(form.password), request.cryptKey,
request.cryptAlgorithm) />
<cfset session.user.SQLpassword = session.user.password
/>
<cfquery name="checkLogin" dbtype="odbc"
datasource="#request.data_source#">
EXEC cpwr_adm_check_login @un='#session.user.username#',
@pw='#trim(session.user.SQLpassword)#'
</cfquery>
direct encrypted pw is <cfdump
var="#session.user.SQLpassword#"><br>
db retrieved pw is <cfdump var="#checkLogin.userPW#">
This is what displays when I run the page:
direct encrypted pw is 0L42&E!R11!?XN3Z#X#$J;
db retrieved pw is 0L42&E!R11!?XN3Z#X#$J;
According to this, they are identical. But when I run the
other page that attempts to decrypt, I get this:
An error occurred while trying to encrypt or decrypt your
input string: The input and output encodings are not same..
72: Password for this account is #Decrypt(getAdmin.userPW,
request.cryptKey, request.cryptAlgorithm)#
STORED PROCEDURE:
CREATE PROCEDURE dbo.get_admin_edit
@adminID int
AS
SELECT [adminID], [firstName], [lastName], [userName],
[userPW], [userLevel], [datecreated], [lastLogin], [isActive],
[userEmail]
FROM [cpwr_org_01].[dbo].[cpwr_admin_users]
WHERE adminID = @adminID
GO
EDIT PAGE:
Password for this account is #Decrypt(getAdmin.userPW,
request.cryptKey, request.cryptAlgorithm)#
^_^
... View more