CRYPT



> This command is probably a modifier or

Yes, it is an operator, and as most other operators (except of NOT), it has
two operands. The simplest example of use is in fact already directly in the
first line of the operator description in the documentation, just like at
the other operators above it:

plaintext CRYPT key


> something ... What var went where was not obvious for some
> reason...maybe I needed some more caffiene. I did however
> need some clarification as what was being done to who (whom?)

Yes, Scott, I understand. Please do not be mistaken or offended; I did not
mind at all that you posted the question. I am just telling that if you've
hit the search key over Merchant sources (that you certainly use daily), you
would have seen the same (or very similar) example in 20 seconds. But for
some reason you preferred waiting few hours till someone copies and pasts
the code to you. And that was exactly the point - there is no problem in
asking, and we are all happy to help here, but I find important to point the
developer to the right place so he can figure out the problem alone, and
learn finding solutions independently better, than doing the homework for
him.

You are right that I told that Merchant code is quite (over)verbose.
Although it is not very good for the performance, in contrary it (in most
cases) simplifies the understanding of the code considerably (at least as
for such simple syntax questions goes).

And yes, I know that you developed and sell some fine Miva Merchant modules,
so please excuse if I wasted your time (as you wrote) with my mentoring :)

Ivo
http://mivo.truxoft.com



-----Original Message-----
From: IDS

Hello Ivo,

You've assumed way too much. We don't get too many newbies on here.
You actually wasted a little of my time. That's OK!
because, I agree with about much of what you say and appreciate your
effort. But I had already spent much
time looking/sifting through MM code, writing and testing some code, before
even thinking about
posting. I rarely post with questions. Hence, you believe me to be a
new developer. In my 5+ years writing miva script, I haven't needed to deal
with this subject -- and I'm sure I'll find many other subjects in the
future
too.

BTW: MM is not always the best example of good programming practices and
you have once said, the programming of MM is quite verbose. At least I
think it was you. If the docs about CRYPT were
clear to me, I obviously would not have posted.

Further, Good programming documentation will always have valid
examples to show all the characteristics of that
function/modifier/etc. This command is probably a modifier or
something ... What var went where was not obvious for some
reason...maybe I needed some more caffiene. I did however need some
clarification as what was being done to who (whom?). The examples I
received helped me troubleshoot my test code I was using to verify.
Simple as that.

Regards,

Scott
IDS



Monday, January 10, 2005, 2:12:36 PM, you wrote:

IT> From: IDS
>> The docs really needs examples.

IT> In fact, Miva delivers several megabytes of examples in their Miva
Merchant
IT> code. There are, of course, also other numerous applications, both from
Miva
IT> or from 3rd parties available.

IT> I actually did not post the sample syntax quite deliberately, and
pointed to
IT> the source code instead. I find that young or inexperienced developers
are
IT> helped much better when they learn how to work alone, then when they get
IT> used screaming for help at each trivial problem and waiting for a good
soul
IT> willing to do the work of hitting the F3 key in the source code and
copying
IT> and pasting the snippet to them. Although you usually get the answer
from
IT> the list within hours or even minutes, if you learn working
independently
IT> and check available sources (documentation, source code, Google), you
will
IT> usually find it much quicker. Additionally you will remember the
solution
IT> much better, and will be able to solve more difficult tasks easier next
IT> time.

IT> I do not tell it to discourage people from posting - in fact, we old
IT> residents are thankful for any post on this semi-dead list (as long as
it
IT> does not ask how to unsubscribe - that's being forwarded to Crazy Tony).
I
IT> really told it because I think that if a new developer wants to become a
IT> good programmer, first of all he needs to learn working and thinking
IT> independently, and rather challenging the community with more complex
IT> problems.

IT> Ivo
IT> http://mivo.truxoft.com





IT> -----Original Message-----
IT> From: IDS

IT> Thanks, got it working now. I needed the correct syntax -- of course.
IT> :-)

IT> The docs really needs examples. Richard's email helped clarify which
IT> var was the source and what the result would/should be. I was able to
IT> recreate some test code that verified the results.

IT> Regards,

IT> Scott
IT> IDS

IT> Monday, January 10, 2005, 11:45:52 AM, you wrote:

RG>> On Mon, 10 Jan 2005 08:54:27 -0800, IDS <[email protected]> gave
utterance

RG>> to the following:

>>>
>>> Never said the manual isn't good. I said the explanation wasn't
>>> "clear" to me. I see no example of how to use the command for syntax
>>> purposes. I really didn't grow up on UNIX based OS so I wouldn't know
>>> from that point of view either.
>>>
>>> What I do understand is that, with no de-crypt, and only one-way, that
>>> means my string, that is being evaluated, that is already 'CRYPT'ED,
>>> is going to be compared to some input value. For instance:
>>>
RG>> You simply encrypt the value to be tested using the same salt (which
can

RG>> be found as the first two characters of the stored encrypted value)

RG>> <MvASSIGN name="g.testpass" VALUE="{g.password CRYPT
RG>> substring(user.d.password,1,2)}"
RG>> <MvIF EXPR="{g.testpass EQ user.d.password}">

RG>> These days I use Ivo's MD5 algorithm, which is considerably stronger
IT> than
RG>> CRYPT and removes all restrictions on password length and characters.

Re[6]: CRYPT



Hello Ivo,

You've assumed way too much. We don't get too many newbies on here.
You actually wasted a little of my time. That's OK!
because, I agree with about much of what you say and appreciate your
effort. But I had already spent much
time looking/sifting through MM code, writing and testing some code, before even thinking about
posting. I rarely post with questions. Hence, you believe me to be a
new developer. In my 5+ years writing miva script, I haven't needed to deal
with this subject -- and I'm sure I'll find many other subjects in the future
too.

BTW: MM is not always the best example of good programming practices and
you have once said, the programming of MM is quite verbose. At least I
think it was you. If the docs about CRYPT were
clear to me, I obviously would not have posted.

Further, Good programming documentation will always have valid
examples to show all the characteristics of that
function/modifier/etc. This command is probably a modifier or
something ... What var went where was not obvious for some
reason...maybe I needed some more caffiene. I did however need some
clarification as what was being done to who (whom?). The examples I
received helped me troubleshoot my test code I was using to verify.
Simple as that.

Regards,

Scott
IDS



Monday, January 10, 2005, 2:12:36 PM, you wrote:

IT> From: IDS
>> The docs really needs examples.

IT> In fact, Miva delivers several megabytes of examples in their Miva Merchant
IT> code. There are, of course, also other numerous applications, both from Miva
IT> or from 3rd parties available.

IT> I actually did not post the sample syntax quite deliberately, and pointed to
IT> the source code instead. I find that young or inexperienced developers are
IT> helped much better when they learn how to work alone, then when they get
IT> used screaming for help at each trivial problem and waiting for a good soul
IT> willing to do the work of hitting the F3 key in the source code and copying
IT> and pasting the snippet to them. Although you usually get the answer from
IT> the list within hours or even minutes, if you learn working independently
IT> and check available sources (documentation, source code, Google), you will
IT> usually find it much quicker. Additionally you will remember the solution
IT> much better, and will be able to solve more difficult tasks easier next
IT> time.

IT> I do not tell it to discourage people from posting - in fact, we old
IT> residents are thankful for any post on this semi-dead list (as long as it
IT> does not ask how to unsubscribe - that's being forwarded to Crazy Tony). I
IT> really told it because I think that if a new developer wants to become a
IT> good programmer, first of all he needs to learn working and thinking
IT> independently, and rather challenging the community with more complex
IT> problems.

IT> Ivo
IT> http://mivo.truxoft.com





IT> -----Original Message-----
IT> From: IDS

IT> Thanks, got it working now. I needed the correct syntax -- of course.
IT> :-)

IT> The docs really needs examples. Richard's email helped clarify which
IT> var was the source and what the result would/should be. I was able to
IT> recreate some test code that verified the results.

IT> Regards,

IT> Scott
IT> IDS

IT> Monday, January 10, 2005, 11:45:52 AM, you wrote:

RG>> On Mon, 10 Jan 2005 08:54:27 -0800, IDS <[email protected]> gave utterance

RG>> to the following:

>>>
>>> Never said the manual isn't good. I said the explanation wasn't
>>> "clear" to me. I see no example of how to use the command for syntax
>>> purposes. I really didn't grow up on UNIX based OS so I wouldn't know
>>> from that point of view either.
>>>
>>> What I do understand is that, with no de-crypt, and only one-way, that
>>> means my string, that is being evaluated, that is already 'CRYPT'ED,
>>> is going to be compared to some input value. For instance:
>>>
RG>> You simply encrypt the value to be tested using the same salt (which can

RG>> be found as the first two characters of the stored encrypted value)

RG>> <MvASSIGN name="g.testpass" VALUE="{g.password CRYPT
RG>> substring(user.d.password,1,2)}"
RG>> <MvIF EXPR="{g.testpass EQ user.d.password}">

RG>> These days I use Ivo's MD5 algorithm, which is considerably stronger
IT> than
RG>> CRYPT and removes all restrictions on password length and characters.

Re[4]: CRYPT



From: IDS
> The docs really needs examples.

In fact, Miva delivers several megabytes of examples in their Miva Merchant
code. There are, of course, also other numerous applications, both from Miva
or from 3rd parties available.

I actually did not post the sample syntax quite deliberately, and pointed to
the source code instead. I find that young or inexperienced developers are
helped much better when they learn how to work alone, then when they get
used screaming for help at each trivial problem and waiting for a good soul
willing to do the work of hitting the F3 key in the source code and copying
and pasting the snippet to them. Although you usually get the answer from
the list within hours or even minutes, if you learn working independently
and check available sources (documentation, source code, Google), you will
usually find it much quicker. Additionally you will remember the solution
much better, and will be able to solve more difficult tasks easier next
time.

I do not tell it to discourage people from posting - in fact, we old
residents are thankful for any post on this semi-dead list (as long as it
does not ask how to unsubscribe - that's being forwarded to Crazy Tony). I
really told it because I think that if a new developer wants to become a
good programmer, first of all he needs to learn working and thinking
independently, and rather challenging the community with more complex
problems.

Ivo
http://mivo.truxoft.com





-----Original Message-----
From: IDS

Thanks, got it working now. I needed the correct syntax -- of course.
:-)

The docs really needs examples. Richard's email helped clarify which
var was the source and what the result would/should be. I was able to
recreate some test code that verified the results.

Regards,

Scott
IDS

Monday, January 10, 2005, 11:45:52 AM, you wrote:

RG> On Mon, 10 Jan 2005 08:54:27 -0800, IDS <[email protected]> gave utterance

RG> to the following:

>>
>> Never said the manual isn't good. I said the explanation wasn't
>> "clear" to me. I see no example of how to use the command for syntax
>> purposes. I really didn't grow up on UNIX based OS so I wouldn't know
>> from that point of view either.
>>
>> What I do understand is that, with no de-crypt, and only one-way, that
>> means my string, that is being evaluated, that is already 'CRYPT'ED,
>> is going to be compared to some input value. For instance:
>>
RG> You simply encrypt the value to be tested using the same salt (which can

RG> be found as the first two characters of the stored encrypted value)

RG> <MvASSIGN name="g.testpass" VALUE="{g.password CRYPT
RG> substring(user.d.password,1,2)}"
RG> <MvIF EXPR="{g.testpass EQ user.d.password}">

RG> These days I use Ivo's MD5 algorithm, which is considerably stronger
than
RG> CRYPT and removes all restrictions on password length and characters.

Re[4]: CRYPT



Thanks, got it working now. I needed the correct syntax -- of course.
:-)

The docs really needs examples. Richard's email helped clarify which
var was the source and what the result would/should be. I was able to
recreate some test code that verified the results.

Regards,

Scott
IDS

Monday, January 10, 2005, 11:45:52 AM, you wrote:

RG> On Mon, 10 Jan 2005 08:54:27 -0800, IDS <[email protected]> gave utterance
RG> to the following:

>>
>> Never said the manual isn't good. I said the explanation wasn't
>> "clear" to me. I see no example of how to use the command for syntax
>> purposes. I really didn't grow up on UNIX based OS so I wouldn't know
>> from that point of view either.
>>
>> What I do understand is that, with no de-crypt, and only one-way, that
>> means my string, that is being evaluated, that is already 'CRYPT'ED,
>> is going to be compared to some input value. For instance:
>>
RG> You simply encrypt the value to be tested using the same salt (which can
RG> be found as the first two characters of the stored encrypted value)

RG> <MvASSIGN name="g.testpass" VALUE="{g.password CRYPT
RG> substring(user.d.password,1,2)}"
RG> <MvIF EXPR="{g.testpass EQ user.d.password}">

RG> These days I use Ivo's MD5 algorithm, which is considerably stronger than
RG> CRYPT and removes all restrictions on password length and characters.



--
Best regards,
IDS mailto:[email protected]

Re[2]: CRYPT



On Mon, 10 Jan 2005 08:54:27 -0800, IDS <[email protected]> gave utterance
to the following:

>
> Never said the manual isn't good. I said the explanation wasn't
> "clear" to me. I see no example of how to use the command for syntax
> purposes. I really didn't grow up on UNIX based OS so I wouldn't know
> from that point of view either.
>
> What I do understand is that, with no de-crypt, and only one-way, that
> means my string, that is being evaluated, that is already 'CRYPT'ED,
> is going to be compared to some input value. For instance:
>
You simply encrypt the value to be tested using the same salt (which can
be found as the first two characters of the stored encrypted value)

<MvASSIGN name="g.testpass" VALUE="{g.password CRYPT
substring(user.d.password,1,2)}"
<MvIF EXPR="{g.testpass EQ user.d.password}">

These days I use Ivo's MD5 algorithm, which is considerably stronger than
CRYPT and removes all restrictions on password length and characters.
--
Richard Grevers
Between two evils always pick the one you haven't tried

Re[2]: CRYPT



If you are comparing two strings, then they have to be both hashed
(CRYPT-ed) in the very same way, of course. Use the same syntax on both
parts.

As for examples and the way MM admin handles passwords, you really best open
the source code and search for the string 'CRYPT'.

Ivo Truxa

| http://miva.truxoft.com
| Advanced Miva Merchant modules



-----Original Message-----
From: IDS


Never said the manual isn't good. I said the explanation wasn't
"clear" to me. I see no example of how to use the command for syntax
purposes. I really didn't grow up on UNIX based OS so I wouldn't know
from that point of view either.

What I do understand is that, with no de-crypt, and only one-way, that
means my string, that is being evaluated, that is already 'CRYPT'ED,
is going to be compared to some input value. For instance:

g.password EQ user.d.password

g.password is plain text and user.d.password has been stored as CRYPT,
the comparison will fail. How do I CRYPT the user input, g.password,
so that it will compare properly so I get the appropriate pass/fail?
What is the syntax?

Also, further, I am working on an independent application that uses MM admin
users db (will read other dbs as well). I eventually will need to read the
user names and passwords
as an admin in MM.

Thanks,

Scott
IDS



Monday, January 10, 2005, 3:17:41 AM, you wrote:

IT> I would recommend reading the fine manual again and carefully :)
IT> Although people often complain it is not good, I am of a quite the
opposite
IT> opinion - it contains all necessary; all you need is reading it
carefully.
IT> At the CRYPT operant it tells:
IT> (i.e. at http://miva.com/docs/ScriptMan_html/...rs.html#472233)

IT> "plaintext CRYPT key Performs a one-way encryption, similar to that
provided
IT> with the UNIX crypt command. The string plaintext is encrypted using the
IT> string key (this string is sometimes called a 'salt'). key can be any
two
IT> characters (extra characters will be ignored). Only the first eight
IT> characters of plaintext will be used in the encryption. key is used as
the
IT> first two characters of the encrypted value. CRYPT always yields the
same
IT> result when applied to a particular plaintext and key."

IT> As explained it is actually not an encryption function, but rather an
IT> asymmetric hash function, whose only purpose is exactly the opposite of
what
IT> you are looking for - the result MUST NOT be decryptable. For symmetric
IT> encryption you will need to use encryption functions described in the
IT> built-in function section at
IT> <A HREF ="http://www.miva.com/docs/ScriptGuide_html/ScriptGuide.html#497338">http://www.miva.com/docs/ScriptGuide_html/ScriptGuide.html#497338</A>
(compiled
IT> Miva Script v4 only). If you need some examples of use, then you can
review
IT> Miva Merchant source code.

IT> For uncompiled script, you would need external symmetric encryption
(there
IT> are some article and links on my website)

IT> Ivo Truxa

IT> | http://miva.truxoft.com
IT> | Advanced Miva Merchant modules




IT> -----Original Message-----
IT> From: IDS


IT> Hello miva-users,

IT> I need to do some password stuff. Can't seem to figure out how the CRYPT
IT> command works. I seem to
IT> missing something with what it actually does. Maybe some sample code
IT> that explains it. Miva docs aren't that clear to me. Also, is there a
IT> De-CRYPT command?

Re[2]: CRYPT




Never said the manual isn't good. I said the explanation wasn't
"clear" to me. I see no example of how to use the command for syntax
purposes. I really didn't grow up on UNIX based OS so I wouldn't know
from that point of view either.

What I do understand is that, with no de-crypt, and only one-way, that
means my string, that is being evaluated, that is already 'CRYPT'ED,
is going to be compared to some input value. For instance:

g.password EQ user.d.password

g.password is plain text and user.d.password has been stored as CRYPT,
the comparison will fail. How do I CRYPT the user input, g.password,
so that it will compare properly so I get the appropriate pass/fail?
What is the syntax?

Also, further, I am working on an independent application that uses MM admin
users db (will read other dbs as well). I eventually will need to read the user names and passwords
as an admin in MM.

Thanks,

Scott
IDS



Monday, January 10, 2005, 3:17:41 AM, you wrote:

IT> I would recommend reading the fine manual again and carefully :)
IT> Although people often complain it is not good, I am of a quite the opposite
IT> opinion - it contains all necessary; all you need is reading it carefully.
IT> At the CRYPT operant it tells:
IT> (i.e. at http://miva.com/docs/ScriptMan_html/...rs.html#472233)

IT> "plaintext CRYPT key Performs a one-way encryption, similar to that provided
IT> with the UNIX crypt command. The string plaintext is encrypted using the
IT> string key (this string is sometimes called a 'salt'). key can be any two
IT> characters (extra characters will be ignored). Only the first eight
IT> characters of plaintext will be used in the encryption. key is used as the
IT> first two characters of the encrypted value. CRYPT always yields the same
IT> result when applied to a particular plaintext and key."

IT> As explained it is actually not an encryption function, but rather an
IT> asymmetric hash function, whose only purpose is exactly the opposite of what
IT> you are looking for - the result MUST NOT be decryptable. For symmetric
IT> encryption you will need to use encryption functions described in the
IT> built-in function section at
IT> <A HREF ="http://www.miva.com/docs/ScriptGuide_html/ScriptGuide.html#497338 (compiled">http://www.miva.com/docs/ScriptGuide...de.html#497338 (compiled</A>
IT> Miva Script v4 only). If you need some examples of use, then you can review
IT> Miva Merchant source code.

IT> For uncompiled script, you would need external symmetric encryption (there
IT> are some article and links on my website)

IT> Ivo Truxa

IT> | http://miva.truxoft.com
IT> | Advanced Miva Merchant modules




IT> -----Original Message-----
IT> From: IDS


IT> Hello miva-users,

IT> I need to do some password stuff. Can't seem to figure out how the CRYPT
IT> command works. I seem to
IT> missing something with what it actually does. Maybe some sample code
IT> that explains it. Miva docs aren't that clear to me. Also, is there a
IT> De-CRYPT command?




--
Best regards,
IDS mailto:[email protected]

CRYPT



I would recommend reading the fine manual again and carefully :)
Although people often complain it is not good, I am of a quite the opposite
opinion - it contains all necessary; all you need is reading it carefully.
At the CRYPT operant it tells:
(i.e. at http://miva.com/docs/ScriptMan_html/...rs.html#472233)

"plaintext CRYPT key Performs a one-way encryption, similar to that provided
with the UNIX crypt command. The string plaintext is encrypted using the
string key (this string is sometimes called a 'salt'). key can be any two
characters (extra characters will be ignored). Only the first eight
characters of plaintext will be used in the encryption. key is used as the
first two characters of the encrypted value. CRYPT always yields the same
result when applied to a particular plaintext and key."

As explained it is actually not an encryption function, but rather an
asymmetric hash function, whose only purpose is exactly the opposite of what
you are looking for - the result MUST NOT be decryptable. For symmetric
encryption you will need to use encryption functions described in the
built-in function section at
<A HREF ="http://www.miva.com/docs/ScriptGuide_html/ScriptGuide.html#497338 (compiled">http://www.miva.com/docs/ScriptGuide...de.html#497338 (compiled</A>
Miva Script v4 only). If you need some examples of use, then you can review
Miva Merchant source code.

For uncompiled script, you would need external symmetric encryption (there
are some article and links on my website)

Ivo Truxa

| http://miva.truxoft.com
| Advanced Miva Merchant modules




-----Original Message-----
From: IDS


Hello miva-users,

I need to do some password stuff. Can't seem to figure out how the CRYPT
command works. I seem to
missing something with what it actually does. Maybe some sample code
that explains it. Miva docs aren't that clear to me. Also, is there a
De-CRYPT command?

--
Best regards,
Scott
IDS mailto:[email protected]