I have an approve button on a form. The user requires so when the button is click the user is logged out (like an F5) and then the user has to log in and then the approval code can run.
This is to stop people who are not the authorised approver, going onto an unlocked PC and approving it as the person who was logged in.
I have has a go at using some api calls to perform an F5 key press just before I call the ‘Approval’ agent to run but this doesn’t work very well as it finishes running the code and THEN performs the log out/F5.
Is there a way I can grab the users hashed Notes password, give them a password prompt box to enter, compare the two, and then based on if its correct, continue with calling the approve agent??
I want to avoid creating my own set of user names and passwords just for this database.
How can I get a hold of the users Notes password? Is it in the ini file? person document somewhere?
Subject: Using lotusscript to make someone enter Notes password before running agent…how??
As an alternative, I came up with a method that doesn’t require any use of API’s. It’s kind of a roundabout method, but the only way I could find to use the @Command [ToolsUserLogoff] from within script.
I created a form called “ForceLogin”. Only one field on the form, SaveOptions, Computed to “0”.
Subject: RE: Using lotusscript to make someone enter Notes password before running agent…how??
I had to play with it a bit. Basically, the password prompt doesn’t come up until you do something that actually tries to read or write the database. So if your approval agent is doing some processing on the document that’s already in memory, it can go a while before it does something that causes the password prompt.
You may find it useful to add a step at the beginning of your “ApproveDoc” function that does something (like opening a database or another document) that will require it to authenticate. Then you should see the password prompt before the rest of your approival logic executes.
Subject: Using lotusscript to make someone enter Notes password before running agent…how??
The Notes password is not stored anywhere. It is merely a seed for a decryption key for the private portions of the notes ID file. That is, if the ID file is successfully decrypted, then the user must have entered the correct password (or one that creates an identical hash). You could, conceivably, compare an entered value to the HTTP password, but that is vulnerable to attack by anyone with sufficient access to names.nsf.
Subject: RE: Using lotusscript to make someone enter Notes password before running agent…how??
Hi Stan,Thanks for your reply.
I did think about the HTTP password option but not sure about it yet. I think I would prefer to create a profile document for each of the users in the database with a hashed password protected with readers fields.
Another option (if this is possible) would be to capture the last log in time for a user. So say I am working all morning on Notes my last log in time would be 9am… if at 10:30 I hit F5 and locked Notes, then logged back in at 10:45…I could grab this value (provided it is stored somewhere) and when I am running my code, if the last log in time is more than 30 seconds ago I can run my ‘press f5’ code, if its less than 30 seconds ago then run the approval agent. Not elegant but it would work.
So my next question is…is the last log in time for a user stored anywhere?
It will require some tweaking for your situation (getting the actual path of the ID file in use), but should be pretty much copy/paste for the API part.