Odd issue with user login

NP209 · February 27, 2026, 4:45pm

Okay so I have an odd problem with getting a user database working properly.

First I setup a user database

I have it set to Automatic

We setup a generic UI for managing the user DB.

Now here is the funny part, if we setup the password on the gateway it works

If we reset/generate a password from here, it will not work.

It’s my understanding that passwords are typically encoded in base64. So we have our reset/generate button setup to randomly generate a password encode it and write it to the table.

We have tested to make sure that what is in the table for the password comes back correct so its not an issue where we are writing the wrong password to the table and attempting to login with the wrong password.

Is there a step or anything that I’m missing? Does something else on the backend check something I’m missing? The only thing different between the two methods of changing the password that I can see is where its happening. The passwords being recorded appear to be exactly the same in the table.

This is the built in login screen in question

bkarabinchak.psi · February 27, 2026, 4:52pm

(post deleted by author)

bmusson · February 27, 2026, 4:52pm

They are also typically hashed and salted.
Maybe share how you’re generating the passwords?

paul-griffith · February 27, 2026, 4:55pm

The database user source uses SHA1 hashing but no salt by default, for legacy/backwards compatibility reasons as far as I remember.

See this example that does exactly what you're trying to do (though is built in a Vision context, so will require some minor adjustments):

bkarabinchak.psi · February 27, 2026, 5:04pm

Just good rule of thumb if you’re using Ignition’s built in solution then to interact with it’s definitely preferable to use their API for it. Simple as

user = system.user.getUser("someUserSource", "someUserName")
user.set("Password", "newPassword")
result = system.user.editUser("someUserSource", user)
if result.errors:
    # handle here

NP209 · February 27, 2026, 5:07pm

I switched it over to use this method like in the example, just modified to work in our library.

def EmailPasswordReset(ID, Email, dbName="NamesDB"):
newPass = "JGF321"
from com.inductiveautomation.ignition.common.util import SecurityUtils
encryptPass = SecurityUtils.sha1String(newPass)
query = "UPDATE JGF_users SET passwd = ? WHERE id = ?"
args = [encodedPassword, ID]
system.db.runPrepUpdate(query, args, dbName)

The password comes out like this in the table

When we try to login with JGF321 under Test

NP209 · February 27, 2026, 5:09pm

I didn’t know about this, I will look into it. Might be better than what we are doing now.

paul-griffith · February 27, 2026, 5:11pm

Are there any messages in the gateway logs from UserSource.DB_AutomaticMode? What if you set it to trace?

You might be locked out from successive failed attempts.

michael.flagler · February 27, 2026, 5:11pm

Your code is sending encodedPassword to the stored procedure instead of encryptPass. SHA1 hashes don't look like what your passwd column shows. Your column looks like base64 encoded data, not hashed data.

Edit: Although, maybe it's doing a base64 encode on it as well. I just tested your code and I get the following string for my encryptPass variable: eO9d3kIvGVY/WZS0FPu4w4j0hjA=

NP209 · February 27, 2026, 5:15pm

Yeah so I got it working just now, I realized I didn’t update one of the params. Thanks everyone! Paul’s solution got us going. I appreciate everyone.