demandnothing Posted September 13, 2009 Share Posted September 13, 2009 i want a script that i can put into my programs so that you have to login to a website before being able to use anything.. a simple box with login ID and PW is all i need.. the website is running and all the user accounts are created, i just want to cross check the ID's and PW's with the website to make sure its a valid user before they can run the application. is this possible? and how? Link to comment Share on other sites More sharing options...
andygo Posted September 13, 2009 Share Posted September 13, 2009 maybe something like: $users = inetget www.yourdomain.com/hiddenfile.txt if stringinstr ($users, "username1") and stringinstr ($users, "userpass1") then $login = 1 elseif stringinstr ($users, "username1") and stringinstr ($users, "userpass1") then $login = 1 else msgbox (16, "error", "access denied") exit endif Link to comment Share on other sites More sharing options...
demandnothing Posted September 14, 2009 Author Share Posted September 14, 2009 well that looks good.. but i need to make a GUI like thing with the input boxes for ID and PW.. is there a way i should go about doing that? and how would i have to have it set up in the .txt document for it to read the usernames and passwords.. cuz i have a bad feeling that if i mess it up, you can enter any username and any password to get in.. Link to comment Share on other sites More sharing options...
Hawkwing Posted September 14, 2009 Share Posted September 14, 2009 (edited) Look at Koda, IniRead, and IniWrite.Use IniWrite to write the file, then once you're sure it's working, upload it to a site where you can use InetGet to get it.Edit: Of course, you might want to use _StringEncrypt when writing and reading it, so that if someone finds the downloaded file, they don't have all your usernames/passwords. Edited September 14, 2009 by Hawkwing The Wheel of Time turns, and Ages come and pass, leaving memories that become legend. Legend fades to myth, and even myth is long forgotten when the Age that gave it birth comes again. Link to comment Share on other sites More sharing options...
demandnothing Posted September 14, 2009 Author Share Posted September 14, 2009 (edited) thanks man.. but how would i put it all together?? i realize that the IniWrite would have to be a completely seperate program.. but i put it in there just to make sure i get everything right. expandcollapse popup#include <EditConstants.au3> ;GUI start #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> #Region ### START Koda GUI section ### Form= $Form1 = GUICreate("Form1", 527, 188, 190, 119) GUISetBkColor(0x000000) $UserName = GUICtrlCreateInput("UserName", 88, 40, 329, 21) $PassWord = GUICtrlCreateInput("PassWord", 88, 88, 329, 21) GUISetState(@SW_SHOW) #EndRegion ### END Koda GUI section ### ;GUI stop IniWrite("C:\Temp\myfile.ini", "section1", "key", "UserName") IniWrite("C:\Temp\myfile.ini", "section2", "key", "PassWord") While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $UserName Case $PassWord EndSwitch WEnd $var = IniRead("C:\Temp\myfile.ini", "section1", "key", $UserName) $var = IniRead("C:\Temp\myfile.ini", "section2", "key", $PassWord) $users = inetget("www.mywebsite.com/myfile.ini") if stringinstr ($users, "username1") and stringinstr ($users, "userpass1") then $login = 1 elseif stringinstr ($users, "username1") and stringinstr ($users, "userpass1") then $login = 1 else msgbox (16, "error", "access denied") exit endif Edited September 14, 2009 by demandnothing Link to comment Share on other sites More sharing options...
jvanegmond Posted September 14, 2009 Share Posted September 14, 2009 Unless you want people to be able to read every username and password, I suggest you don't store them all in a "hidden file". For this to be somewhat secure, you'll have to create a login API on your website using two $_GET variables to read the password. $username = "Username here" $password = "Password here" $password = md5($password) ; good idea to counter sniffers, or use sha1. Whatever you website uses. $session = InetGet("www.website.com/api/login.php?user=" & $username & "&pass=" & $password) If (IsValidSession($session)) Then ; Logged in Else Exit EndIf Func IsValidSession($s) Return $s <> "" ;) This can be better, but you can decide how it can be better. Make it return a hash of the username, password and the date/salt or something EndFunc github.com/jvanegmond Link to comment Share on other sites More sharing options...
demandnothing Posted September 14, 2009 Author Share Posted September 14, 2009 (edited) so you're saying i should have it like this? expandcollapse popup#include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> #Region ### START Koda GUI section ### Form= $Form1 = GUICreate("Form1", 527, 188, 190, 119) GUISetBkColor(0x000000) $UserName = GUICtrlCreateInput("UserName Here", 88, 40, 329, 21) $PassWord = GUICtrlCreateInput("PassWord Here", 88, 88, 329, 21) GUISetState(@SW_SHOW) #EndRegion ### END Koda GUI section ### IniWrite("C:\Temp\myfile.ini", "section1", "key", "UserName") IniWrite("C:\Temp\myfile.ini", "section2", "key", "PassWord") While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $UserName Case $PassWord EndSwitch WEnd $var = IniRead("C:\Temp\myfile.ini", "section1", "key", "UserName") $var = IniRead("C:\Temp\myfile.ini", "section2", "key", "PassWord") $username = "Username here" $password = "Password here" $password = md5($password) $session = InetGet("www.website.com/api/login.php?user=" & $username & "&pass=" & $password) If (IsValidSession($session)) Then Else Exit EndIf Func IsValidSession($session) Return $session <> EndFunc the $password = md5($passowrd) gives an undefined function error and im still not sure how i would put it all together to work properly.. of course the IniWrite would be in a seperate script.. i just have it in there to make sure i get everything right. Edited September 14, 2009 by demandnothing Link to comment Share on other sites More sharing options...
jvanegmond Posted September 14, 2009 Share Posted September 14, 2009 I can see this is going nowhere. Please hire an expert to avoid a massive security breach in your application and website. github.com/jvanegmond Link to comment Share on other sites More sharing options...
demandnothing Posted September 14, 2009 Author Share Posted September 14, 2009 its not gonna be some huge thing.. if somebody actually knows how to get the usernames and passwords thats fine.. i just want the ignorant ones to think they cant do anything about it Link to comment Share on other sites More sharing options...
jvanegmond Posted September 14, 2009 Share Posted September 14, 2009 Alright. Did you understand what I meant by "login API" on your website or will I need to expand on that? github.com/jvanegmond Link to comment Share on other sites More sharing options...
demandnothing Posted September 14, 2009 Author Share Posted September 14, 2009 if you would please.. the website im using is only to store the usernames and passwords.. its free-web-host.me ... and i use an FTP client to upload to it, i dont think it has API, atleast i didnt see anything like that Link to comment Share on other sites More sharing options...
jvanegmond Posted September 14, 2009 Share Posted September 14, 2009 An API is pretty easy to build. I saw that free-web-host.me supports PHP and MySQL so it would be a good idea to use these. The PHP file would look something like this: /api/login.php // make a connection to the database running on the webserver mysql_connect("localhost", "dbuser", "dbpass", "dbname"); $username = $_GET['username']; $password = $_GET['password']; $query = "SELECT * FROM users WHERE username = '" . mysql_real_escape_string($username) . "' AND password = ''"; $result = mysql_query($query); if ($result) then echo "VALID LOGIN"; // and this would tell the Au3 script that the user exists end The SQL database something like this: CREATE TABLE users ( INT 11 userid VARCHAR 255 username VARCHAR 255 password ) And the au3 script would be this: $username = "Username here" $password = "Password here" $session = InetGet("www.website.com/api/login.php?user=" & $username & "&pass=" & $password) If (IsValidSession($session)) Then ; Logged in Else Exit EndIf Func IsValidSession($s) Return $s == "VALID LOGIN" EndFunc But that's just off the top of my head. github.com/jvanegmond Link to comment Share on other sites More sharing options...
demandnothing Posted September 14, 2009 Author Share Posted September 14, 2009 (edited) wow.. you're good.. i'll try and work with that.. thanks man.. or lady.. i dunno and cant tell lol Edited September 14, 2009 by demandnothing Link to comment Share on other sites More sharing options...
jvanegmond Posted September 14, 2009 Share Posted September 14, 2009 Thank you. 'Tis what programmers do. Click my name for my profile, I have uploaded a picture of me. If you still can't tell if I'm a man or a lady, then please check your eyes. github.com/jvanegmond Link to comment Share on other sites More sharing options...
demandnothing Posted September 14, 2009 Author Share Posted September 14, 2009 lol sorry man.. thanks for your help.. unless thats a chick with really short hair at a nude beach.. Link to comment Share on other sites More sharing options...
jvanegmond Posted September 14, 2009 Share Posted September 14, 2009 And really small boobies. github.com/jvanegmond Link to comment Share on other sites More sharing options...
demandnothing Posted September 14, 2009 Author Share Posted September 14, 2009 (edited) i cant get that going.. you think it'd be ok if i used the iniwrite and iniread with _stringencrypt like hawkwing said instead?? i notice that when you compile to .exe it uses UPX to pack it with, i can use Themida to repack it with after that, it might stop people who know what they are doing from hacking into it.. or atleast stall them for a while Edited September 14, 2009 by demandnothing Link to comment Share on other sites More sharing options...
jvanegmond Posted September 14, 2009 Share Posted September 14, 2009 Ultimately you have to decide what level of security you're going to be using. The way I described is quite secure, although it could be better. Any other methods in this thread rely on obscurity. It is often said that security through obscurity is not security at all. So, you decide.. : ) github.com/jvanegmond Link to comment Share on other sites More sharing options...
demandnothing Posted September 14, 2009 Author Share Posted September 14, 2009 thanks man.. but i think i'll go with the easier one about .ini files.. i'll bet that the small community im posting these to wont have any idea they could possibly breech the security of usernames and passwords from an encrypted text file. Link to comment Share on other sites More sharing options...
demandnothing Posted September 15, 2009 Author Share Posted September 15, 2009 i suppose this is a 24 hour bump, but its been longer than that, and i have a problem with the iniwrite.. here's what i got: #include <ButtonConstants.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> #Region ### START Koda GUI section ### Form= $Form1 = GUICreate("Form1", 510, 206, 192, 124) GUISetBkColor(0x000000) $UserName = GUICtrlCreateInput("UserName", 88, 32, 305, 21) $PassWord = GUICtrlCreateInput("PassWord", 88, 88, 305, 21) $Button1 = GUICtrlCreateButton("Create", 184, 136, 75, 25, $WS_GROUP) GUISetState(@SW_SHOW) #EndRegion ### END Koda GUI section ### While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $Button1 IniWrite("C:\myfile.ini", "section1", "key", $UserName) IniWrite("C:\myfile.ini", "section2", "key", $PassWord) EndSwitch WEnd but all i get in the ini file is [section1] key=3 [section2] key=4 how am i doing this wrong? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now