Progress
Programming
Handbook


Validating Progress User IDs and Passwords

If the security administrator establishes a list of valid user IDs, then your application must prompt the user for a user ID and password at connection time. Typically, an application does this by running the standard Progress startup procedure, _prostar.p. This procedure, in turn, runs the standard Progress authentication procedure, _login.p, for each connected database. (Authentication is the process of verifying a user’s identity.)

The _prostar.p procedure also prepares _login.p to run appropriately in the current application environment (character or graphical) and verifies that no connected databases have the logical name DICTDB. This allows _prostar.p to assign the same alias (DICTDB) to each connected database before calling _login.p. Then, _login.p can authenticate access as it is called for each different database using the same database name.

This is the _login.p procedure:

_login.p
DEFINE INPUT PARAMETER viewAsDialog AS LOGICAL NO-UNDO. 
{ login.i } 
DEFINE VARIABLE tries    AS INTEGER NO-UNDO. 
IF USERID("DICTDB") <> "" OR NOT CAN-FIND(FIRST DICTDB._User) THEN  
    RETURN. 
DO ON ENDKEY UNDO, LEAVE: 
    currentdb = LDBNAME("DICTDB"). 
    /* reset id and password to blank in case of retry */ 
    ASSIGN id = "" 
           password = "". 
    if viewAsDialog then do: 
      DISPLAY currentdb WITH FRAME logindb_frame view-as dialog-box. 
      UPDATE id password ok_btn cancel_btn help_btn 
             WITH FRAME logindb_frame view-as dialog-box. 
    end. 
    else do: 
      DISPLAY currentdb WITH FRAME login_frame. 
      UPDATE id password ok_btn cancel_btn help_btn 
             WITH FRAME login_frame. 
    end. 
    IF SETUSERID(id,password,"DICTDB") <> TRUE THEN DO: 
        MESSAGE "Userid/Password is incorrect." 
                VIEW-AS ALERT-BOX ERROR BUTTONS OK. 
        IF tries > 1 THEN  
            QUIT. /* only allow 3 tries*/ 
        tries = tries + 1. 
        UNDO, RETRY. 
    END. 
END. 
HIDE FRAME login_frame. 

The _login.p procedure uses the Progress SETUSERID function to check the user ID and password that the user enters. The user has three tries to enter the correct user ID and password for each database. If the user fails to do so after three tries, Progress exits the user from the database. If the user ID and password combination is valid for the database, SETUSERID establishes that user ID for the connection.

The input parameter for _login.p allows it to display the authentication prompts either in a dialog box (viewAsDialog = TRUE) or in the frame of a separate window (viewAsDialog = FALSE). The _prostar.p procedure uses a separate window in graphical environments and the default window in character environments, so it always passes FALSE as an argument to _login.p.

As explained earlier, the _login.p procedure only works for a database with the DICTDB alias. (By default, this alias is assigned to the first database you connect to during a session.) If you want to avoid this restriction, you can create your own procedures, based on _prostar.p and _login.p, that pass an argument for the database name.

If the application does not run _prostar.p at connection time, or if the user bypasses _login.p (by pressing ENDERROR when prompted for the user ID and password), then the user is assigned the blank user ID. While blank user IDs can connect to the database, they cannot access data protected by compile-time and run-time security.

If you connect to a database dynamically using the CONNECT statement, you can use the User ID (–U) and Password (–P) connection parameters in the CONNECT statement, or you can use the SETUSERID function after the connection.

The following procedure connects to the mywork database that has a list of valid users. The user initially connects to the database with a blank user ID. The code then enters a loop that forces the user to provide a valid user ID and password for that database:

p-passts.p
DEFINE VARIABLE passwd AS CHARACTER FORMAT "x(16) LABEL "Password". 
DEFINE VARIABLE success AS LOGICAL. 
DEFINE VARIABLE user-id AS CHARACTER FORMAT  "x(32)" LABEL "User ID". 
CONNECT mywork. 
success = FALSE. 
DO WHILE NOT success: 
  MESSAGE "Enter a user ID and password for the database mywork.". 
    SET user-id passwd BLANK. 
  IF SETUSERID(user-id, passwd, "mywork") 
  THEN success = TRUE. 
  ELSE DO: 
    BELL. 
    MESSAGE "Invalid user ID and password; please try again.".  
  END.  
END.   


Copyright © 2004 Progress Software Corporation
www.progress.com
Voice: (781) 280-4000
Fax: (781) 280-4095