33 replies to this topic

[ludocus]

Hello!

I made this chat client a long time ago with tcp.
Now I can't use my pc as a server (for some weird reason..), So i decided to use a website.

It works pretty simple:
Using _IE functions the program submits the username and text everytime you send something.
Also using _IE functions the program checks the username&text page for new messages and displays them in the gui.

Supports:
- Smileys
- Different colors, bold, etc.
- Account creating
- Xp and ranking
- Server is via website
- Anti-spam function
- Swearword filtering
- Offline messaging
- File sedning
- Moderator/Administrator/Owner (=Staff) ability's
- 23 Ranks (Last rank = 10000 XP)
- Strike option
- Giving XP
- Private-Messaging (PM)
- Ability to change password
- Gradient text color ([c=$begincolor]text[/c=$endcolor])
- Auto-update
- Changeable background!

That's not very good explained but I'm to lazy to do better, just check for yourself.
You gotta make an account before using it.

Because there are passwords in the source I can only give you the compiled full version.
I'm sorry

You can download the program here: http://www.mediafire.com/?zc9osorel149ago


A movie about it was here:


Please comment!
ludocus

Edited by ludocus, 14 December 2011 - 07:20 PM.

[wakillon]

It seems to work well !

I'll try at home and i found the function "_REPLACESWEARWORDS" funny !
Do you allow other languages ?

[ludocus]

@wakillon:
Thnx!
Yeh that function replaces alot of swearwords into the same number of *'s as the StringLen.

No, not yet at least.

[pierrotm777]

A source code without login and password is not possible ?

[ludocus]

Yeh it is.
I will work on that.

[AlmarM]

Yeh it is.
I will work on that.

Mayby you should HASH the passwords. I can view all of them. Pretty simple actualy.

[Manadar]

PM sent.

Hash-ing the passwords is of no use, you are sharing the source code so it should be easy to rainbow/bruteforce crack the passwords you are displaying. You'll need a whole different solution.

[ludocus]

@AlmarM:
Yeh that's why i didn't release source.
But now I'll need to find a solution to make the passwords private.

@Manadar:
Pm replied

[AlmarM]

I mean when creating an account you should SHA1 hash the password.
When connection SHA1 again and then compare with the previous hashed and stored password.

I ment the accounts.txt file.

[ludocus]

What's SHA1

[AlmarM]

What's SHA1

Whoops, I ment MD5.

EDIT:
Something like this.

#include  <Crypt.au3>

; Example of hashing data and using it to authenticate password

; This is the MD5-hash of the correct password
$bPasswordHash="0xCE950A8D7D367B5CE038E636893B49DC"

$sPassword=InputBox("Login","Please type the correct password.","Yellow fruit that is popular among monkeys")

If _Crypt_HashData($sPassword,$CALG_MD5)=$bPasswordHash Then
    MsgBox(64,"Access Granted","Password correct!")
Else
    MsgBox(16,"Access Denied","You entered the wrong password!")
EndIf

Edited by AlmarM, 04 September 2010 - 07:22 AM.

[ludocus]

I don't get that MD5 then?
People will be able to reverse the hash if they see the function that turns the password into a hash.
Could you give a better example? I'm not great with terms like MD5

[AlmarM]

I don't get that MD5 then?
People will be able to reverse the hash if they see the function that turns the password into a hash.
Could you give a better example? I'm not great with terms like MD5

MD5 is unhashable. Well, without 100's of super computers.
I'll make an example.

EDIT:
Here you go.

AutoIt        expandcollapse  popup

#include <Crypt.au3>

Global $sUsername, $sPassword
Global $iniPath = @ScriptDir & "\accounts.ini"

LogInForm()

Func LogInForm()
    $GUI = GUICreate("Login.", 180, 120)

    GUICtrlCreateLabel("Username", 10, 10)
    $Username = GUICtrlCreateInput("", 70, 7, 100)
    GUICtrlCreateLabel("Password", 10, 40)
    $Password = GUICtrlCreateInput("", 70, 37, 100)

    $Register = GUICtrlCreateButton("Register", 10, 65, 160)
    $Login = GUICtrlCreateButton("Log in", 10, 90, 160)

    GUISetState()
    While 1
        Switch GUIGetMsg()
            Case -3
                Exit

            Case $Register
                GUIDelete($GUI)
                RegisterForm()

            Case $Login
                If (IniRead($iniPath, "accounts", "username", "#") == GUICtrlRead($Username)) Then ; if the username exists
                    If (_Crypt_HashData(GUICtrlRead($Password), $CALG_MD5) == IniRead($iniPath, "accounts", "password", "#")) Then ; if hashing the giving password equals to the saved hashed password
                        MsgBox(64, "Succes.", "Login succes!") ; Login succes
                    Else
                        MsgBox(64, "Fail.", "Wrong password!") ; Wrong password
                    EndIf
                Else
                    MsgBox(64, "Fail.", "Wrong username!") ; Wrong username
                EndIf
        EndSwitch
    WEnd
EndFunc

Func RegisterForm()
    $GUI = GUICreate("Register.", 180, 100)

    GUICtrlCreateLabel("Username", 10, 10)
    $Username = GUICtrlCreateInput("", 70, 7, 100)
    GUICtrlCreateLabel("Password", 10, 40)
    $Password = GUICtrlCreateInput("", 70, 37, 100)

    $Register = GUICtrlCreateButton("Complete", 10, 65, 160)

    GUISetState()
    While 1
        Switch GUIGetMsg()
            Case -3
                Exit

            Case $Register
                IniWrite($iniPath, "accounts", "username", GUICtrlRead($Username))
                IniWrite($iniPath, "accounts", "password", _Crypt_HashData(GUICtrlRead($Password), $CALG_MD5)) ; hash the givin password and save it
                MsgBox(64, "Succes.", "Register succes! You can nog login.")

                GUIDelete($GUI)
                LogInForm()

        EndSwitch
    WEnd
EndFunc

This is how my accounts.ini now looks like.

[accounts]
username=AlmarM
password=0x9AA6E5F2256C17D2D430B100032B997C

Hope it makes sence!

Edited by AlmarM, 04 September 2010 - 10:57 AM.

[ludocus]

Ok I updated the text with the _Crypt_HashData function used now for username and password.
Because (for some reason) it didn't support the entire hashed string, I only use 10 char's.
Please download and comment

[TheRevenger]

Can you release the source script, without your webserver data included ? It is nice u let ppl use your server but i wanna use somting like this on my own server ? Or if not then give me some more info on how to remake a script like yours ...

With regards,

Rev

[MvGulik]

nevermind.

Edited by iEvKI3gv9Wrkd41u, 28 June 2011 - 01:42 PM.

[shanet]

Hmm... asking for source to 'create your own server' hey?
Maybe if you sweet talk the creator of this software enough he will tell you how its done, or create a tool to do that?
However that is completely up to him.

On another note, congratulations on this piece of work! However, just one problem:
-I created an account, closed the program then tried to log back in and it didnt work?
-So I then tried to sign up again and was able to sign up with exactly the same information? (username + password).



I also noticed above the mention of MD5 hashes as use for password encryption and you stating that it would be possible to reverse the encryption, it actually is not possible to reverse MD5 encryption, however it is possible to brute force the MD5 hash if they get their hands on it. However I do not think it would be easy to do so, and even if they did, it would take the average user ages to brute force a good password, the best way to crack an MD5 password is with rainbow tables where every single possible hash is pre-computed and stored in a rainbow table (hence the name). As you would imagine, this creates an enourmous file (20 GB for normal characters, I found one in excess of 100GB with German special chars!!!).

I hope you better understand this now?
shanet

[ludocus]

Yes, I have implemented that.
However, alot has changed. Check the new program!

[barkeeper]

Can you please release the sourcecode m8, we need it

[ludocus]

Na man, can't do that.
I can give you some parts. Like: What do you want to know?
The Edit with smileys part? The 'over http' functions?