Rad Posted December 3, 2009 Share Posted December 3, 2009 I have made a program that lets me take screenshots and uploads them via FTP to my website [link].I am starting a new version of this program, and am going to be testing a lot of theories I had so far, but would greatly appreciate any advice or suggestions to making this work under my circumstances.Three people are currently using this program, and I plan to expand that later. For now, I need to fix a major security problem. This is both an autoit problem, and a web design problem.I only have access to a web server, so writing a desktop application isn't an option. This makes it tricky to ask for help, I'm not sure if I should ask here or on a web design forum.What I have now - Single Public FTP account which all users share to upload files, causes timeouts and errors when multiple users upload a screenshot. - User system is very basic, you choose a username and the screenshots get uploaded to the server in a folder named after your username. (Example www.website.com/screenshots/RadGH/) - Insecurity, if they decompile the program they can find the FTP account and upload other files, including server scripts, to the server. - Server side, gallery is completely automated with PHP scriptsWhat I need changed in the new version - User authentication. Preferably using a MySQL database, however, the server must know if the user is authenticated. - Sign in/Register ability through software, I can't directly access the MySQL database due to security issues as you saw with the FTP accounts - Ability to modify/delete images on the web, this I can handle - but the usernames/password should be the same as those used in the software.How can I register? I was thinking of a way to send a fake HTML form to a sign-in page on the website, but this must be fully automated and the user shouldn't know what is going on.How can I upload images? If the above form method worked, it's possible I could use a PHP upload script to do the same thing - though I'm not sure how I would attach a file to a form in Autoit. FTP is still an option, but I am very much new to web administration including FTP account access and restrictions.How will the user stay "logged in" through autoit? If the form method was used, what will keep the user logged in server side? I could add the users IP to the username and remove it after 5 minutes of being idle while using a periodic web request to avoid the timeout, but I would prefer a cleaner way. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now