Sign in to follow this  
Followers 0
Rad

Need some advice / suggestions for screenshot uploading program

1 post in this topic

I have made a program that lets me take screenshots and uploads them via FTP to my website [link].

I am starting a new version of this program, and am going to be testing a lot of theories I had so far, but would greatly appreciate any advice or suggestions to making this work under my circumstances.

Three people are currently using this program, and I plan to expand that later. For now, I need to fix a major security problem. This is both an autoit problem, and a web design problem.

I only have access to a web server, so writing a desktop application isn't an option. This makes it tricky to ask for help, I'm not sure if I should ask here or on a web design forum.

What I have now

- Single Public FTP account which all users share to upload files, causes timeouts and errors when multiple users upload a screenshot.

- User system is very basic, you choose a username and the screenshots get uploaded to the server in a folder named after your username. (Example www.website.com/screenshots/RadGH/)

- Insecurity, if they decompile the program they can find the FTP account and upload other files, including server scripts, to the server.

- Server side, gallery is completely automated with PHP scripts

What I need changed in the new version

- User authentication. Preferably using a MySQL database, however, the server must know if the user is authenticated.

- Sign in/Register ability through software, I can't directly access the MySQL database due to security issues as you saw with the FTP accounts

- Ability to modify/delete images on the web, this I can handle - but the usernames/password should be the same as those used in the software.

How can I register? I was thinking of a way to send a fake HTML form to a sign-in page on the website, but this must be fully automated and the user shouldn't know what is going on.

How can I upload images? If the above form method worked, it's possible I could use a PHP upload script to do the same thing - though I'm not sure how I would attach a file to a form in Autoit. FTP is still an option, but I am very much new to web administration including FTP account access and restrictions.

How will the user stay "logged in" through autoit? If the form method was used, what will keep the user logged in server side? I could add the users IP to the username and remove it after 5 minutes of being idle while using a periodic web request to avoid the timeout, but I would prefer a cleaner way.

Share this post


Link to post
Share on other sites



Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0