Sign in to follow this  
Followers 0
demandnothing

login required script

26 posts in this topic

i want a script that i can put into my programs so that you have to login to a website before being able to use anything..

a simple box with login ID and PW is all i need.. the website is running and all the user accounts are created, i just want to cross check the ID's and PW's with the website to make sure its a valid user before they can run the application. is this possible? and how?

Share this post


Link to post
Share on other sites



maybe something like:

$users = inetget www.yourdomain.com/hiddenfile.txt

if stringinstr ($users, "username1") and stringinstr ($users, "userpass1") then

$login = 1

elseif stringinstr ($users, "username1") and stringinstr ($users, "userpass1") then

$login = 1

else

msgbox (16, "error", "access denied")

exit

endif

Share this post


Link to post
Share on other sites

well that looks good.. but i need to make a GUI like thing with the input boxes for ID and PW..

is there a way i should go about doing that?

and how would i have to have it set up in the .txt document for it to read the usernames and passwords.. cuz i have a bad feeling that if i mess it up, you can enter any username and any password to get in..

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Look at Koda, IniRead, and IniWrite.

Use IniWrite to write the file, then once you're sure it's working, upload it to a site where you can use InetGet to get it.

Edit: Of course, you might want to use _StringEncrypt when writing and reading it, so that if someone finds the downloaded file, they don't have all your usernames/passwords.

Edited by Hawkwing

The Wheel of Time turns, and Ages come and pass, leaving memories that become legend. Legend fades to myth, and even myth is long forgotten when the Age that gave it birth comes again.

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

thanks man.. but how would i put it all together?? i realize that the IniWrite would have to be a completely seperate program.. but i put it in there just to make sure i get everything right.

#include <EditConstants.au3>  ;GUI start
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#Region ### START Koda GUI section ### Form=
$Form1 = GUICreate("Form1", 527, 188, 190, 119)
GUISetBkColor(0x000000)
$UserName = GUICtrlCreateInput("UserName", 88, 40, 329, 21)
$PassWord = GUICtrlCreateInput("PassWord", 88, 88, 329, 21)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###  ;GUI stop

IniWrite("C:\Temp\myfile.ini", "section1", "key", "UserName")
IniWrite("C:\Temp\myfile.ini", "section2", "key", "PassWord")

While 1
    $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE
            Exit

        Case $UserName
        Case $PassWord
    EndSwitch
WEnd

$var = IniRead("C:\Temp\myfile.ini", "section1", "key", $UserName)
$var = IniRead("C:\Temp\myfile.ini", "section2", "key", $PassWord)

$users = inetget("www.mywebsite.com/myfile.ini")

if stringinstr ($users, "username1") and stringinstr ($users, "userpass1") then
    $login = 1
elseif stringinstr ($users, "username1") and stringinstr ($users, "userpass1") then
    $login = 1
else
    msgbox (16, "error", "access denied")
    exit
endif
Edited by demandnothing

Share this post


Link to post
Share on other sites

Unless you want people to be able to read every username and password, I suggest you don't store them all in a "hidden file". For this to be somewhat secure, you'll have to create a login API on your website using two $_GET variables to read the password.

$username = "Username here"
$password = "Password here"

$password = md5($password) ; good idea to counter sniffers, or use sha1. Whatever you website uses.

$session = InetGet("www.website.com/api/login.php?user=" & $username & "&pass=" & $password)
If (IsValidSession($session)) Then
   ; Logged in
Else
   Exit
EndIf

Func IsValidSession($s)
   Return $s <> "" ;) This can be better, but you can decide how it can be better. Make it return a hash of the username, password and the date/salt or something
EndFunc

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

so you're saying i should have it like this?

#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#Region ### START Koda GUI section ### Form=
$Form1 = GUICreate("Form1", 527, 188, 190, 119)
GUISetBkColor(0x000000)
$UserName = GUICtrlCreateInput("UserName Here", 88, 40, 329, 21)
$PassWord = GUICtrlCreateInput("PassWord Here", 88, 88, 329, 21)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###

IniWrite("C:\Temp\myfile.ini", "section1", "key", "UserName")
IniWrite("C:\Temp\myfile.ini", "section2", "key", "PassWord")

While 1
    $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE
            Exit

        Case $UserName
        Case $PassWord
    EndSwitch
WEnd

$var = IniRead("C:\Temp\myfile.ini", "section1", "key", "UserName")
$var = IniRead("C:\Temp\myfile.ini", "section2", "key", "PassWord")

$username = "Username here"
$password = "Password here"

$password = md5($password)

$session = InetGet("www.website.com/api/login.php?user=" & $username & "&pass=" & $password)
If (IsValidSession($session)) Then
Else
    Exit
EndIf

Func IsValidSession($session)
   Return $session <>
EndFunc

the $password = md5($passowrd) gives an undefined function error

and im still not sure how i would put it all together to work properly.. of course the IniWrite would be in a seperate script.. i just have it in there to make sure i get everything right.

Edited by demandnothing

Share this post


Link to post
Share on other sites

its not gonna be some huge thing.. if somebody actually knows how to get the usernames and passwords thats fine.. i just want the ignorant ones to think they cant do anything about it

Share this post


Link to post
Share on other sites

if you would please.. the website im using is only to store the usernames and passwords.. its free-web-host.me ... and i use an FTP client to upload to it, i dont think it has API, atleast i didnt see anything like that

Share this post


Link to post
Share on other sites

An API is pretty easy to build. I saw that free-web-host.me supports PHP and MySQL so it would be a good idea to use these.

The PHP file would look something like this:

/api/login.php

// make a connection to the database running on the webserver
mysql_connect("localhost", "dbuser", "dbpass", "dbname");

$username = $_GET['username'];
$password = $_GET['password'];

$query = "SELECT * FROM users WHERE username = '" . mysql_real_escape_string($username) . "' AND password = ''";
$result = mysql_query($query);

if ($result) then
   echo "VALID LOGIN"; // and this would tell the Au3 script that the user exists
end

The SQL database something like this:

CREATE TABLE users
(
   INT 11 userid
   VARCHAR 255 username
   VARCHAR 255 password
)

And the au3 script would be this:

$username = "Username here"
$password = "Password here"

$session = InetGet("www.website.com/api/login.php?user=" & $username & "&pass=" & $password)
If (IsValidSession($session)) Then
   ; Logged in
Else
   Exit
EndIf

Func IsValidSession($s)
   Return $s == "VALID LOGIN"
EndFunc

But that's just off the top of my head.

Share this post


Link to post
Share on other sites

#13 ·  Posted (edited)

wow.. you're good.. i'll try and work with that.. thanks man.. or lady.. i dunno and cant tell lol

Edited by demandnothing

Share this post


Link to post
Share on other sites

Thank you. 'Tis what programmers do.

Click my name for my profile, I have uploaded a picture of me. If you still can't tell if I'm a man or a lady, then please check your eyes. :D

Share this post


Link to post
Share on other sites

lol sorry man.. thanks for your help.. unless thats a chick with really short hair at a nude beach..

Share this post


Link to post
Share on other sites

#17 ·  Posted (edited)

i cant get that going.. you think it'd be ok if i used the iniwrite and iniread with _stringencrypt like hawkwing said instead?? i notice that when you compile to .exe it uses UPX to pack it with, i can use Themida to repack it with after that, it might stop people who know what they are doing from hacking into it.. or atleast stall them for a while

Edited by demandnothing

Share this post


Link to post
Share on other sites

Ultimately you have to decide what level of security you're going to be using. The way I described is quite secure, although it could be better. Any other methods in this thread rely on obscurity.

It is often said that security through obscurity is not security at all. So, you decide.. : )

Share this post


Link to post
Share on other sites

thanks man.. but i think i'll go with the easier one about .ini files.. i'll bet that the small community im posting these to wont have any idea they could possibly breech the security of usernames and passwords from an encrypted text file.

Share this post


Link to post
Share on other sites

i suppose this is a 24 hour bump, but its been longer than that, and i have a problem with the iniwrite.. here's what i got:

#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#Region ### START Koda GUI section ### Form=
$Form1 = GUICreate("Form1", 510, 206, 192, 124)
GUISetBkColor(0x000000)
$UserName = GUICtrlCreateInput("UserName", 88, 32, 305, 21)
$PassWord = GUICtrlCreateInput("PassWord", 88, 88, 305, 21)
$Button1 = GUICtrlCreateButton("Create", 184, 136, 75, 25, $WS_GROUP)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###

While 1
    $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE
            Exit
        Case $Button1
            IniWrite("C:\myfile.ini", "section1", "key", $UserName)
            IniWrite("C:\myfile.ini", "section2", "key", $PassWord)
    EndSwitch
WEnd

but all i get in the ini file is

[section1]
key=3
[section2]
key=4

how am i doing this wrong?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0