i5_errormsg on failed login for expired password

Post Reply
moellenbdoorcounty
Posts: 12
Joined: Tue Dec 14, 2010 11:29 pm

i5_errormsg on failed login for expired password

Post by moellenbdoorcounty » Thu Apr 26, 2012 10:12 pm

Prior to using the compatibility wrapper, I was able to trap a login error and differentiate between a bad user profile/password and an expired password. This allowed me to direct the user to a "Change Password" script in the case where their password was merely expired, and display a User Name and/or Password Not Valid message on the login window in all other cases. The i5_errormsg value that indicated a failed login due to an expired password was:

trim(i5_errormsg()) == TCP/IP error -5 (quotes omitted)

Now with Zendsvr 5.6 (PHP 5.3) and the compatibility wrapper the i5_errormsg() function appears to return the value 8001 for both a failed user name/password AND for an expired password. So I have lost the ability to selectively redirect the user to a change password script when their password has expired.

Does anyone know of a way to differentiate between these two error situations during login when using Zendsvr 5.6 and the compatibility wrapper??

aseiden
Posts: 875
Joined: Thu Apr 09, 2009 5:45 pm

Re: i5_errormsg on failed login for expired password

Post by aseiden » Fri Apr 27, 2012 5:16 am

The toolkit runs over a db2 connection. I'll have to check if db2 can return any more detailed error message than 8001 (general authentication error).

Some developers using the toolkit(s) have called RTVUSRPRF or APIs to check for expired passwords and other user profile status information.

Alan

moellenbdoorcounty
Posts: 12
Joined: Tue Dec 14, 2010 11:29 pm

Re: i5_errormsg on failed login for expired password

Post by moellenbdoorcounty » Fri Apr 27, 2012 3:01 pm

Thank you for the reply, Alan. I wasn't thinking about how the change to a DB2 connection might also change the return codes for the connection.

Your API suggestion got me started in another direction. QSYGETPH may be an option for the validation routine, as this API appears to return separate errors for unknown user, password not correct, and password expired. Not that I need to generate a profile handle, but it might serve the purpose of validating the user and password.

http://publib.boulder.ibm.com/infocente ... ushand.htm

But before getting too far into trying the API option, I will be interested to hear if anything more specific for return codes is possible on the toolkit connect function. That would be a more general solution for the entire community.

Thanks,
Bob

aseiden
Posts: 875
Joined: Thu Apr 09, 2009 5:45 pm

Re: i5_errormsg on failed login for expired password

Post by aseiden » Mon Apr 30, 2012 6:16 pm

Bob,

I don't think db2 will tell us in the detail you need. However, I have an idea, which I will test, and then report back here.

--Alan Seiden

aseiden
Posts: 875
Joined: Thu Apr 09, 2009 5:45 pm

Re: i5_errormsg on failed login for expired password

Post by aseiden » Tue May 01, 2012 4:01 pm

Bob,

So far my idea looks promising. I found an issue with it that I'd like to resolve before presenting it here. I hope it'll be ready this week.

If you wish, write me offline (alan@alanseiden.com) and I'll let you know when I've posted the answer here on the forum. Or click the "Notify me when a reply is posted" checkbox here on the forum.

Alan

aseiden
Posts: 875
Joined: Thu Apr 09, 2009 5:45 pm

Re: i5_errormsg on failed login for expired password

Post by aseiden » Wed May 09, 2012 7:37 am

Bob, by the way, my idea was to run i5_adopt_authority(), which will return a specific CPF message according to the error, such as an expired password. (Underneath in the compatibility wrapper, i5_adopt_authority() calls the IBM i APIs we discussed). I tested this idea with some success, but I also received a pointer error that ruined it. I'm working with IBM to check that out.

Alan

bob4245
Posts: 2
Joined: Thu Oct 09, 2014 4:13 pm

Re: i5_errormsg on failed login for expired password

Post by bob4245 » Fri Apr 22, 2016 7:08 pm

In the original post you wrote:

So I have lost the ability to selectively redirect the user to a change password script when their password has expired.

How would you do a change password script in PHP on the IBM i? What would that look like?

Post Reply