In our company, we are now using ProjeQtor as our Project Management tool.
We also have an accountancy system and we woud like to produce SQL queries extracting data from both ProjecQtor PostgreSql database and the accountancy database. In order not to expose accountancy data to users with access to only certain projects, we would like to prevent access to users based upon the same projects that are granted to them by projeqtor.
To do that, first we need to identify the user who is requesting the data, but we would need to asses his/her username and password (or perhaps their windows username, which is the same in our projeqtor database.
First issue is to understand the hashing algoritm. In resource table, I can see three hashes: password, salt and API Key.
1.- How could I verify a user's pasword (say "userpasswordstring") against the hashes stored in the database?
2.- Is there a way to identify the actual projeqtor user somewhere in the cookie or PHP temp storage ?
Is there any workaround to do this? I am creating a report in a separate php simple application and, to be able to produce a SQL function (on a separate database) to produce a query, I would need to identify the user's username to be able to filter the data he/she has acces to, so that not all the projects are exposed.
We also have an accountancy system and we woud like to produce SQL queries extracting data from both ProjecQtor PostgreSql database and the accountancy database. In order not to expose accountancy data to users with access to only certain projects, we would like to prevent access to users based upon the same projects that are granted to them by projeqtor.
To do that, first we need to identify the user who is requesting the data, but we would need to asses his/her username and password (or perhaps their windows username, which is the same in our projeqtor database.
First issue is to understand the hashing algoritm. In resource table, I can see three hashes: password, salt and API Key.
1.- How could I verify a user's pasword (say "userpasswordstring") against the hashes stored in the database?
2.- Is there a way to identify the actual projeqtor user somewhere in the cookie or PHP temp storage ?
Is there any workaround to do this? I am creating a report in a separate php simple application and, to be able to produce a SQL function (on a separate database) to produce a query, I would need to identify the user's username to be able to filter the data he/she has acces to, so that not all the projects are exposed.