I am new at Oracle development using oracle 10g Forms.
I am trying to write this code for login purpose. When user enters wrong password, it gives alert in popup window. Also, when user enters wrong username, it raise an alert.
I wrote this code but I am unable to correct it.
DECLARE
un VARCHAR (15);
pwd VARCHAR (15);
BEGIN
--- Dynamic altert properties code start--
SET_ALERT_PROPERTY ('LOGIN_ALERTS', TITLE, 'Security Altert');
SET_ALERT_PROPERTY ('LOGIN_ALERTS',
ALERT_MESSAGE_TEXT,
'Wrong Username?');
SET_ALERT_PROPERTY ('LOGIN_ALERTS',
ALERT_MESSAGE_TEXT,
'Wrong Password?');
SELECT username, users_password
INTO un, pwd
FROM MENU_USERS
WHERE username = :TXT_USERNAME;
IF un = :TXT_USERNAME
THEN
IF pwd = :TXT_PWD
THEN
CALL_FORM ('F:\ISMS\INV\inv_stock.fmx');
ELSE
SHOW_ALERT ('LOGIN_ALERTS');
END IF;
ELSE
SHOW_ALERT ('LOGIN_ALERTS');
END IF;
END;
Alerts are OK, but - consecutive message calls will do as well. This example shows how to use that approach.
Code you wrote is kind of "wrong" as it doesn't handle "wrong username" situation. When that happens, select won't return anything and will raise the no_data_found exception which should be handled.
Here you go:
declare
pwd varchar2(15);
begin
select users_password
into pwd
from menu_users
where username = :txt_username;
-- if TXT_USERNAME value exists, SELECT will return its password
if pwd = :txt_pwd then
call_form('whichever form you want');
else
message('Wrong password');
message('Wrong password');
raise form_trigger_failure;
end if;
exception
when no_data_found then
-- SELECT didn't return anything, but raised an exception
message('Wrong username');
message('Wrong username');
end;
Related
I'm developing a simple application in Oracle APEX and one of the requirements is to create an error message if a duplicate column (which is also the UK of the table) is saved to the Interactive Grid. I've created a support package and then a column validation in APEX that calls the function in the support package.
When I first implemented the code and the call, everything was working and the correct error message was displayed. However, I think I unknowingly modified a property setting or something because now I cannot get the validation to fire -- if the user enters a duplicate column value and presses save, they get the generic "constraint violation" error message that Oracle raises. The only IG Process in this app is the Automatic Row Processing - Save button.
Does anyone have know why the column validation is being ignored? I have gone through the error stack of the "constraint violation" and all I am seeing is the Save process and Oracles generic error messages.
Support Package Function:
`FUNCTION Prod_Family_Exists (
i_id IN NUMBER
,i_prod_family IN VARCHAR2
) RETURN BOOLEAN IS
v_cnt NUMBER;
BEGIN
SELECT COUNT(*)
INTO v_cnt
FROM adm_prod_families
WHERE prod_family = i_prod_family
AND id <> i_id
;
IF v_cnt = 0 THEN
RETURN(FALSE);
ELSE
RETURN(TRUE);
END IF;
EXCEPTION
WHEN OTHERS THEN
RETURN(FALSE);
END Prod_Family_Exists;
END Z_TEST;`
Validation Call in APEX - PL/SQL Function (Returning Boolean):
BEGIN
IF z_test.prod_family_exists( i_id => :id
,i_prod_family => :prod_family)
THEN
RETURN FALSE;
ELSE
RETURN TRUE;
END IF;
END;
Based on the image below and the code I've provided, my custom error message would only be raised if the result from the validation returned FALSE right? Is the code bad?
I figured this out. The code for the validation call to the support package function needed to be modified. New code:
BEGIN
IF z_test.prod_family_exists( i_id => NVL(:id,0)
,i_prod_family => :prod_family)
THEN
RETURN FALSE;
ELSE
RETURN TRUE;
END IF;
END;
I have created procedure to check and validate username and password, even when I provide correct password I will receive always exception error. I tried different thing inside the procedure but results would be the same.
create or replace
PROCEDURE member_ck_sp
(p_uname IN VARCHAR2,
p_pass IN VARCHAR2,
p_name OUT VARCHAR2,
p_cookie OUT VARCHAR2)
IS
CURSOR CUR_CHECK IS
SELECT USERNAME, PASSWORD,FIRSTNAME||''||LASTNAME, COOKIE
FROM bb_shopper;
lv_check_txt VARCHAR2(100);
BEGIN
FOR rec_check IN cur_check LOOP
IF p_uname = rec_check.username
AND p_pass = rec_check.PASSWORD THEN
lv_check_txt := 'Pass';
ELSE lv_check_txt := 'Fail';
END IF;
END LOOP;
IF lv_check_txt = 'Pass' THEN
SELECT FIRSTNAME||''||LASTNAME, COOKIE
INTO p_name, p_cookie
FROM bb_shopper
WHERE USERNAME = P_UNAME
AND password = p_pass;
dbms_output.put_line(p_name||' '|| p_cookie);
ELSE raise no_data_found;
END IF;
--dbms_output.put_line(p_name||' '|| p_cookie);
EXCEPTION
WHEN no_data_found THEN
dbms_output.put_line('Please reneter credentials');
END;
And block to check code:
DECLARE
lv_username_txt bb_shopper.username%TYPE := 'rat55';
lv_password_txt bb_shopper.PASSWORD%TYPE := 'kile';
lv_name_txt VARCHAR2(200);
lv_cookie_txt bb_shopper.cookie%TYPE;
BEGIN
member_ck_sp(lv_username_txt,lv_password_txt,lv_name_txt,lv_cookie_txt);
--DBMS_OUTPUT.PUT_LINE('User name is '||lv_name_txt||' and
cookie '||lv_cookie_txt);
END;
Your problem is the opening LOOP reads all the records in bb_shopper. One of those records presumably matches the entered credentials. However, unless the last record read is the matching one, you will exit the loop with lv_check_txt = 'Fail'. And that's why you always fail the test in the subsequent IF and get no_data_found.
The solution seems quite simple: ditch the loop and just validate the passed parameters.
create or replace
PROCEDURE member_ck_sp
(p_uname IN VARCHAR2,
p_pass IN VARCHAR2,
p_name OUT VARCHAR2,
p_cookie OUT VARCHAR2)
IS
BEGIN
SELECT FIRSTNAME||''||LASTNAME, COOKIE
INTO p_name, p_cookie
FROM bb_shopper
WHERE USERNAME = P_UNAME
AND password = p_pass;
--dbms_output.put_line(p_name||' '|| p_cookie);
EXCEPTION
WHEN no_data_found THEN
raise_application_error(-20000, 'Please re-enter credentials');
END;
I haven't looked at PL\SQL in a long time. However, my first suggestion would be to look at your test data:
SELECT * FROM bb_shopper where username = 'rat55';
A few things to keep in mind:
The last line in the block to check code was probably meant to be commented out. It contains a quotation mark left open and a close bracket without an opening bracket. That can't help.
I'll take a different tack on this one. I see one potential error that overrides anything regarding the syntax and functionality, and that is:
I really really REALLY hope you are not planning on storing cleartext passwords in a database table.
Do not ever do this....ever. Please tell us that this routine already has the password salted/hashed before making it to this routine and table. Otherwise, this is the first thing you should looking at fixing before anything else.
this is my first pl/sql database project, so I am not experienced but need to start somewhere, I am writing a procedure for a update statement of customer table cpw which the user need to enter the username, if that match the cusername column the they will enter the old password, if that match with the cpw of the same row, then the system will update the new password which is prompt and accepted. here's what i have so far. any help will be appreciated.
CREATE OR replace PROCEDURE Changepassword (input_cusername IN VARCHAR,
old_cpw IN VARCHAR,
new_cpw OUT VARCHAR)
IS
DECLARE
c_username customer.cusername%TYPE;
c_cpw customer.cpw%TYPE;
BEGIN
ACCEPT input_cusername VARCHAR(40) prompt 'Username: '
ACCEPT old_cpw VARCHAR(20) prompt 'Enter Your Old Password:'
ACCEPT new_cpw VARCHAR(20) prompt 'Enter Your New Password:'
UPDATE customer
SET cpw = new_cpw
WHERE cusername = input_cusername;
EXCEPTION
WHEN input_cusername <> c_username customer.cusername%TYPE THEN
dbms_output.put_line('no such user exist');
WHEN old_cpw <> cpw FROM customer WHERE cusername = input_cusername THEN
dbms_output.put_line('Password Incorrect');
END;
There are many things wrong with your procedure.
new_cpw should be an IN parameter.
Better use VARCHAR2 data type.
create or replace procedure changePassword (input_cusername IN VARCHAR2,
old_cpw IN VARCHAR2,
new_cpw IN VARCHAR2)
DECLARE your own EXCEPTION and user-defined error message using raise_application_error.
wrong_username EXCEPTION;
wrong_password EXCEPTION;
You MUST first validate the USERNAME entered.
If username is incorrect, then RAISE an EXCEPTION for wrong_username EXCEPTION.
If cusername entered is valid, i.e. if it exists in the table, then verify theold password` entered is correct.
SELECT cpw
INTO var_password
FROM customer
WHERE cusername = input_cusername;
IF UPPER(old_cpw) = UPPER(var_password)
THEN
UPDATE customer SET cpw = new_cpw WHERE cusername = input_cusername;
ELSE
RAISE wrong_password;
END IF;
Handle the exceptions gracefully.
EXCEPTION
WHEN wrong_username THEN
raise_application_error (-20001,'You have entered an incorrect username');
WHEN wrong_password THEN
raise_application_error (-20001,'You have entered an incorrect password');
You MUST always have validations on the password security and levy some password rules. For example, LENGTH of password etc.
Although there are a few minor issues with your code (such as those pointed out by Lalit), the main thing you need to address first is what you actually want this code to do.
You have mixed some ACCEPT commands in your PL/SQL, but these are SQL*Plus commands that are only intended for interactive scripts; they cannot be included within PL/SQL. PL/SQL is not an interactive language; it is designed to be called from some other process (whether from within an interactive SQL*Plus script, or from a front-end interface such as Apex).
I made a table that has a column Date_Created in it. And in my form I put a display item above having a formula of sysdate so that each time the form runs and insert new data, the date will always e updated but when I looked up into the database, Date_Created is blank!
What causes this problem? tnx
screen shots:
http://static.tumblr.com/ezdv8nl/YcUmu2vcc/untitled_1.jpg
My code for the submit button:
DECLARE
adminPass VarChar(20);
alert Number;
BEGIN
IF :USERS.PASS != :USERS.PASS2 OR :USERS.PASS IS NULL THEN
MESSAGE('Passwords did not match');
GO_ITEM('PASS2');
ELSIF :USERS.ACCESS_LEVEL = 'admin' THEN
SELECT password
INTO adminPass
FROM admin_pass_history
WHERE id = (SELECT MAX(id) FROM admin_pass_history);
IF :USERS.ADMIN_PASS IS NULL THEN
MESSAGE('Please enter the Administrator Password');
ELSIF :USERS.ADMIN_PASS != adminPass THEN
MESSAGE('Administrator Password did not match');
GO_ITEM('ADMIN_PASS');
ELSE
COMMIT;
alert:= show_alert('USER_CREATED');
IF alert = alert_button1 THEN
OPEN_FORM('C:\Documents and Settings\Richzer Cruz\Desktop\LOGIN.fmx');
END IF;
END IF;
END IF;
EXCEPTION
WHEN NO_DATA_FOUND THEN
MESSAGE('Administrator Password did not match');
GO_ITEM('ADMIN_PASS');
END;
The first thing is to make sure that your display item is a database item property set to Yes.
From what I remember items with formulas are not saved to database. Remove formula and use WHEN-CREATE_RECORD trigger.
I have created a table named password
CREATE TABLE PASSWORD (USER_ID NUMBER(10) CONSTRAINT PASSWORD_USER_ID_PK PRIMARY KEY,
PASSWD VARCHAR2(20) NOT NULL);
INSERT INTO PASSWD (USER_ID,PASSWD) VALUES (1,100);
INSERT INTO PASSWD (USER_ID,PASSWD) VALUES (2,200);
And created a Login form in an Oracle form developer 10g. And I used this code into Login button.
DECLARE
CURSOR login_cursor IS
SELECT user_id,
passwd
FROM password;
user_id_var password.user_id%TYPE;
passwd_var password.passwd%TYPE;
login_flag BOOLEAN := FALSE;
BEGIN
OPEN login_cursor;
<<check_records>>
LOOP
FETCH login_cursor INTO user_id_var, passwd_var;
IF( :login_user_id = user_id_var
AND :login_passwd = passwd_var ) THEN
Message('You are in');
login_flag := TRUE;
exit check_records;
END IF;
EXIT WHEN login_cursor%NOTFOUND;
END LOOP;
CLOSE login_cursor;
IF( NOT login_flag ) THEN
Message('INVALID LOGIN');
END IF;
clear_form;
END;
But error message appeared like
bad bind variable 'login_user_id'
bad bind variable 'login_passwd'
What's the solution for this?
Form variables are referenced using :block_name.item_name. You're using :login_user_id which seems to be missing the reference to block, hence Forms is not able to reference the variable and seems to thing it's a bind variable, which it's not.
Correct the syntax referencing the variables