Authenticating with a server before program use... how to?

Kaiser · Post by **Kaiser** » Thu Jun 22, 2006 9:06 pm

Hi again! ^_^

I'm actually quite proud of the chat program I've been working on since last year, and it's been going awesome thanks to the help of all of you

Now however, I'm wanting a little more "control" and since the program is being used (for now) by the channel moderators, I want to check who really is using the program, just in case they "share" it to other people without my consent. I'm gonna release a public version of the program (maybe open source too, who knows) later, but I want to perfection it first so it gets as better as my skills can do

.

So then a friend of mine suggested to make the program authenticate with a PHP (wtf?) server and compare the generated MachineID with the database and all that heck. However I'm kinda puzzled here...

How would I make authentication to an HTTP/PHP server? I know MSN does something like that and sends and receives data through port 80, and I've heard stuff about sending data in "headers" but how actually is this thing done? I have lots, lots of knowledge in PHP but I don't get how would I make my PB program authenticate with the PHP server and wait for validation?

If anybody could lend me a hand here it would be awesome

... thanks in advance

.

Shannara · Post by **Shannara** » Thu Jun 22, 2006 9:24 pm

I can only think of using ASP.net because I prefer that over php5 for certain reasons

More comfortable with basic dialecs and c#, then php, anyhow ..

Have a php script accept a parm. aka machine Id, you can get that from the mac address or whatever. The php script can search the database (mysql or mssql or .. ?), and return a 0 or 1. The client reads the return, and based on that, determines if it will continue to run or not.

Kaiser · Post by **Kaiser** » Thu Jun 22, 2006 9:43 pm

The thing is, the server where I'm planning to host the authentication is not mine

so HTML/PHP is all I have... yup, I have the MachineID, the thing is, I've never made a PB test/program that can actually "connect" to a webserver, or actually understand one and send/receive data between the webserver and itself ...

Pantcho!! · Post by **Pantcho!!** » Fri Jun 23, 2006 3:47 pm

This is how i do it:

I got my program "initializing" and while that it connects to my http server which i programmed a CGI form (you can do it with PHP/ASP whatever) and use the "GET" command of the http with a simple send of a encrypted string.

then the CGI program validate the encrytion and sends back an encrypted string.

then the PB program validates the string to auth' the source.

if yes , woo hoo.
if no, damn.

In the server side i use Paul CGI_LIB which works great! .

almost forgot, another thing to consider is that your users firewall will show them the attempt to connect a diffrent server ( you actual validation server) if that so they might think it is a spyware or somthing so remark that so your users wont get the wrong impression.

good luck.

Kaiser · Post by **Kaiser** » Fri Jul 14, 2006 9:32 am

That's great help Pantcho!!

Alright, sorry for the late reply.... I've been really busy with school lately - however I'm on vacations now so I can retake the project again

.

I fiddled around with the CGI-BIN library (which is real good, I agree with you

) and tested the first example I saw (that one with Name & Phone and the three submission methods) and I really liked the POST method because it doesn't show anything in the browser URL bar.

However that's done through the browser, and I need my program to do it itself. I have my validation program ready (getting the string by the browser, just for testing) but I don't know how to make a POST request through my program... do you know how to?

Thanks in advance

Pantcho!! · Post by **Pantcho!!** » Sat Jul 15, 2006 12:09 pm

You can use a simple "GET" no need for "POST" (cgi-lib support also get with parameters).
You just open a connection to your web server, and enters the get command, for example like this:
"GET /cgi-bin/auth.exe?UserName=john&UserPass=doe"

where auth.exe is your Purebasic CGI exe.
and the UserName and UserPass are CGI-BIN lib parameters.

And search the forum regarding opening a connection on port 80 and requesting with GET/POST, there are many examples.

good luck.

Kaiser · Post by **Kaiser** » Mon Jul 17, 2006 8:35 am

Thanks a lot!!!

that really, really helped me LOTS

I solved it ^^. I'm not going to post my entire auth system (security reasons

) but this one is a really basic example that works like hell

CGITEST.EXE (To be placed in the cgi-bin folder)

Code: Select all

CGI_In() 
Key.s=CGI_Val("KEY")
If Key.s="123456"
  CGI_Header()
  CGI_Out("Yes")
Else 
  CGI_Header()
  CGI_Out("No")
EndIf

EXAMPLE.PB (Example program. Thanks to Karbon for this one

)

Code: Select all

  ; 
  ; All stuff for the WinInet lib. 
  ; 
  #INTERNET_OPEN_TYPE_DIRECT = 1 
  #HTTP_ADDREQ_FLAG_ADD = $20000000 
  #HTTP_ADDREQ_FLAG_REPLACE = $80000000 
  #INTERNET_FLAG_SECURE = 0
  ; 
  ; Type of connection (could be FTP Gopher etc). HTTPS is done as HTTP too. 
  ; 
  #INTERNET_SERVICE_HTTP = 3 
  ; 
  ; HTTP port is 80, HTTPS (SSL) port is 443. 
  ; 
  #INTERNET_DEFAULT_HTTP_PORT = 80 
Procedure.s do_post() 
    ; 
    ; Do NOT include http:// or any other protocol indicator here 
    ; 
    host.s = "localhost" 
    ; 
    ; Everything after the hostname of the server 
    ; 
    get_url.s = "/cgi-bin/cgitest.exe" 
    ; 
    ; Holds the result from the CGI/page 
    ; 
    result.s = "" 
    ; 
    ; All from the wininet DLL 
    ; 
    ; Be sure your Internet Explorer is up to date! 
    ; 
    open_handle = InternetOpen_("User Agent Info Goes Here",#INTERNET_OPEN_TYPE_DIRECT,"","",0) 
    connect_handle = InternetConnect_(open_handle,host,#INTERNET_DEFAULT_HTTP_PORT,"","",#INTERNET_SERVICE_HTTP,0,0) 
    request_handle = HttpOpenRequest_(connect_handle,"POST",get_url,"","",0,#INTERNET_FLAG_SECURE,0) 
    headers.s = "Content-Type: application/x-www-form-urlencoded" +Chr(13)+Chr(10)  
    HttpAddRequestHeaders_(request_handle,headers,Len(headers), #HTTP_ADDREQ_FLAG_REPLACE | #HTTP_ADDREQ_FLAG_ADD) 

    ;*******
    ;Change this to "123456" and you shall see it work :)
    ;*******
    post_data.s = "KEY=456789" 

    post_data_len = Len(post_data) 
    send_handle = HttpSendRequest_(request_handle,"",0,post_data,post_data_len) 
    buffer.s = Space(1024) 
    bytes_read.l 
    total_read.l 
    total_read = 0 
    ; 
    ; Read until we can't read anymore.. 
    ; The string "result" will hold what ever the server pushed at us. 
    ; 
    Repeat 
      InternetReadFile_(request_handle,@buffer,1024,@bytes_read) 
      result + Left(buffer,bytes_read) 
      buffer = Space(1024) 
    Until bytes_read=0 
    ProcedureReturn result
EndProcedure
  
Debug do_post()

;This returns "No". Change the post_data.s to "123456" and it should say "Yes" :)

YAY!

Pantcho!! · Post by **Pantcho!!** » Wed Jul 19, 2006 8:31 pm