lolita-01
Messages postés90Date d'inscriptionmercredi 5 janvier 2011StatutMembreDernière intervention26 juillet 2013
-
15 sept. 2012 à 00:16
moiced59
Messages postés1145Date d'inscriptionsamedi 15 novembre 2008StatutMembreDernière intervention18 août 2014
-
15 sept. 2012 à 15:36
Bonsoir,
En fait je cherchais un code sql pour que un mot de passe soit crypté avant stockage dans la base et je suis tombé sur ce code la:
SQL> CREATE TABLE demo_users (
id_user NUMBER(12) NOT NULL,
username VARCHAR2(128) NOT NULL,
password VARCHAR2(128) NOT NULL
);
--Création du package pour la sécurisation des informations des utilisateur
SQL> CREATE OR REPLACE PACKAGE demo_user_security AS
FUNCTION GET_HASH (p_username IN VARCHAR2,
p_password IN VARCHAR2)
RETURN VARCHAR2;
PROCEDURE add_user (p_username IN VARCHAR2,
p_password IN VARCHAR2);
PROCEDURE change_password (p_username IN VARCHAR2,
p_old_password IN VARCHAR2,
p_new_password IN VARCHAR2);
PROCEDURE valid_user (p_username IN VARCHAR2,
p_password IN VARCHAR2);
FUNCTION valid_user (p_username IN VARCHAR2,
p_password IN VARCHAR2)
RETURN BOOLEAN;
END;
SQL> package created.
SQL>CREATE OR REPLACE PACKAGE BODY demo_user_security AS
FUNCTION GET_HASH (p_username IN VARCHAR2,
p_password IN VARCHAR2)
RETURN VARCHAR2 AS
v_secur VARCHAR2(30) := 'Test';
BEGIN
-- Pre Oracle 10g
RETURN DBMS_OBFUSCATION_TOOLKIT.MD5(
input_string => UPPER(p_username) || v_secur || UPPER(p_password));
PROCEDURE add_user (p_username IN VARCHAR2,
p_password IN VARCHAR2) AS
BEGIN
INSERT INTO demo_users (
id_user,
username,
password
)
VALUES (
demo_users_seq.NEXTVAL,
UPPER(p_username),
GET_HASH(p_username, p_password)
);
COMMIT;
END;
PROCEDURE change_password (p_username IN VARCHAR2,
p_old_password IN VARCHAR2,
p_new_password IN VARCHAR2) AS
v_rowid ROWID;
BEGIN
SELECT rowid
INTO v_rowid
FROM demo_users
WHERE username = UPPER(p_username)
AND password = get_hash(p_username, p_old_password)
FOR UPDATE;
UPDATE demo_users
SET password = get_hash(p_username, p_new_password)
WHERE rowid = v_rowid;
COMMIT;
EXCEPTION
WHEN NO_DATA_FOUND THEN
RAISE_APPLICATION_ERROR(-20010, 'nom utilisateur/mot de passe incorrect.');
END;
PROCEDURE valid_user (p_username IN VARCHAR2,
p_password IN VARCHAR2) AS
v_numy VARCHAR2(1);
BEGIN
SELECT '1'
INTO v_numy
FROM demo_users
WHERE username = UPPER(p_username)
AND password = get_hash(p_username, p_password);
EXCEPTION
WHEN NO_DATA_FOUND THEN
RAISE_APPLICATION_ERROR(-20000, 'nom utilisateur/mot de passe incorrect.');
END;
FUNCTION valid_user (p_username IN VARCHAR2,
p_password IN VARCHAR2)
RETURN BOOLEAN AS
BEGIN
valid_user(p_username, p_password);
RETURN TRUE;
EXCEPTION
WHEN OTHERS THEN
RETURN FALSE;
END;
END;
/
SQL> package body created.
Je l'ai exécuté et jusque la ça marche tout est bon et puis y a ce code la qui marche pas et j'ai pas compris d'ailleurs c'est quoi ce PL/SQL:
--Création des utilisateurs
SQL> EXEC demo_user_security.valid_user('William','bblsld');
BEGIN app_user_security.valid_user('william','bblsld'); END;
*
ERROR at line 1:
ORA-20000: nom utilisateur/mot de passe incorrect.
ORA-06512: at "W2K1.DEMO_USER_SECURITY", line 66
ORA-06512: at line 1
--Ensuite on vérifiéra la fonction VALID_USER.
SQL> SET SERVEROUTPUT ON
SQL> BEGIN
2 IF demo_user_security.valid_user('Smith','secret') THEN
3 DBMS_OUTPUT.PUT_LINE('TRUE');
4 ELSE
5 DBMS_OUTPUT.PUT_LINE('FALSE');
6 END IF;
7 END;
8 /
TRUE
PL/SQL procedure successfully completed.
SQL> BEGIN
2 IF demo_user_security.valid_user('William','bblsld') THEN
3 DBMS_OUTPUT.PUT_LINE('TRUE');
4 ELSE
5 DBMS_OUTPUT.PUT_LINE('FALSE');
6 END IF;
7 END;
8 /
FALSE
PL/SQL procedure successfully completed.
SQL>
--Au final on vérifiéra la procédure CHANGE_PASSWORD.