Jump to content

Create user account and add to password list in labtech


Recommended Posts

I am working on a script to add a user and make it admin ..  this is done..

 

but is there a way to add the password to the password list for the customer location in labtech with the script?

 

It would help on so many levels..  

Anyone have a pointer on this? I want to run it once a month to update the passwords and for each customer group.. 5ab3b31b6535a_ltadmincapture.thumb.PNG.7274847e2a8847835a50d56517e2393f.PNG

ltadmin create and hide.xml

Link to post
Share on other sites

I am working on a script to add a user and make it admin ..  this is done..

 

but is there a way to add the password to the password list for the customer location in labtech with the script?

 

It would help on so many levels..  

Anyone have a pointer on this? I want to run it once a month to update the passwords and for each customer group.. 5ab3b31b6535a_ltadmincapture.thumb.PNG.7274847e2a8847835a50d56517e2393f.PNG

Link to post
Share on other sites

To accomplish this you need to get your hands a bit dirty with mysql, but it can be done:

#This is how you would add a password
INSERT INTO `labtech`.`passwords` 
    ('ClientID`, 
    `LocationID`, 
    `Title`, 
    `UserName`, 
    `Password`
    )
    VALUES
    (%clientid%', 
    '%locationid%', 
    '@Title@', 
    '@Username@', 
    AES_ENCRYPT('@PasswordToSet@', SHA(CONCAT(' ',clientID + 1)))
    );

#This is how you would check if you already have the password
SELECT passwordid FROM passwords WHERE clientID='%clientid%' AND username = '@Username@';
#This is how you would set the location to use it (deployments and defaults)
UPDATE locations SET passwordid = %sqlresult% WHERE clientid = %clientid%


If you get creative you can check if a location already has a password configured and update or if it doesnt have one create and set it, EX: (sorry can't post the script as its IP for the company I work for but a screen shot should be fine ;) and give you enough of head start).

Example.png

Edited by MSTECH_Keegan
  • Thanks 2
Link to post
Share on other sites
On 3/25/2018 at 5:53 PM, MSTECH_Keegan said:

To accomplish this you need to get your hands a bit dirty with mysql, but it can be done:

#This is how you would add a password
INSERT INTO `labtech`.`passwords` 
    ('ClientID`,   `LocationID`,    `Title`,    `UserName`,    `Password`   )
    VALUES   (%clientid%',    '%locationid%',    '@Title@',    '@Username@',    AES_ENCRYPT('@PasswordToSet@', SHA(CONCAT(' ',clientID + 1)))   );

A could minor points for anyone that tries this query:

  1. The first use of %clientid% is missing a single quote.
  2. The clientID column cannot be referenced for the SHA input in an INSERT (but works great in a SELECT or UPDATE)
  3. The Title, Username, and especially the PasswordToSet need to be guaranteed not to contain any invalid (special to MySQL) chars. Use the LabTech Script Function: String Functions - MYSQLENCODE to make the values safe. "@Title@" can be saved in it's encoded format as "@encodedTitle@" for instance. This is especially important if any of the variable values are coming from user input. It is also good to explicitly make sure that the system doesn't break with UTF8 characters. The solution is to include the "CONVERT(xxxx USING UTF8)" function around each STRING to be inserted.

Here is a fixed version (Also includes CONVERT additions): 

INSERT INTO `labtech`.`passwords` 
    (`ClientID`, `LocationID`, `Title`, `UserName`, `Password`) VALUES
    ('%clientid%', '%locationid%', CONVERT('@encodedTitle@' USING UTF8), CONVERT('@encodedUsername@' USING UTF8), AES_ENCRYPT(CONVERT('@encodedPasswordToSet@' USING UTF8), SHA(CONCAT(' ','%clientID%' + 1))) );

 

Edited by DarrenWhite99
Edited to fix example CONVERT() syntax
  • Thanks 3
Link to post
Share on other sites
  • 2 years later...
On 3/26/2018 at 6:02 PM, DarrenWhite99 said:

 


INSERT INTO `labtech`.`passwords` 
    (`ClientID`, `LocationID`, `Title`, `UserName`, `Password`) VALUES
    ('%clientid%', '%locationid%', CONVERT('@encodedTitle@' AS UTF8), CONVERT('@encodedUsername@' AS UTF8), AES_ENCRYPT(CONVERT('@encodedPasswordToSet@' AS UTF8), SHA(CONCAT(' ','%clientID%' + 1))) );

2: The Title, Username, and especially the PasswordToSet need to be guaranteed not to contain any invalid (special to MySQL) chars. Use the LabTech Script Function: String Functions - MYSQLENCODE to make the values safe. "@Title@" can be saved in it's encoded format as "@encodedTitle@" for instance. This is especially important if any of the variable values are coming from user input. It is also good to explicitly make sure that the system doesn't break with UTF8 characters. The solution is including the "CONVERT(xxxx AS UTF8)" around each STRING to be inserted.

Couldn't get this to proc until I changed 'AS' to 'USING'... any thoughts?

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...