User and Security
Posted: Wed Apr 28, 2004 1:32 pm
i'm wondering how to add a user management part in my program.
as my program will be used by various users, they will need to login by entering their name and password at the start of the program.
It's the first time i intend to add such a feature,
so i'm not sure of what 'ive done...
particularly for some security reasons.
in my idea, a user allowed to create a user list (an admin) can generate a crypted file on disk. this file is loaded and decrypted in the user login part.
so i've created an include file in order to do all what i said above.
there's 3 pb files :
1/ the 'UserLib' pb include
2/ creating a userlist
3/ login request
so if someone can test it and report me any problem (bug,security)... thanx
as my program will be used by various users, they will need to login by entering their name and password at the start of the program.
It's the first time i intend to add such a feature,
so i'm not sure of what 'ive done...
particularly for some security reasons.
in my idea, a user allowed to create a user list (an admin) can generate a crypted file on disk. this file is loaded and decrypted in the user login part.
so i've created an include file in order to do all what i said above.
there's 3 pb files :
1/ the 'UserLib' pb include
2/ creating a userlist
3/ login request
Code: Select all
;---------------------------------------------
;- PB INCLUDE FOR USERLIST MANAGEMENT
;---------------------------------------------
#USER_KEY = "kg"
#USER_SEP = ","
#USER_CSV = ";"
Enumeration ; Type d'utilisateur
#USER_TYPE_GUEST
#USER_TYPE_ADMIN
#USER_TYPE_USER
EndEnumeration
Enumeration ; Gadgets pour la requête
#USER_GAD_INFO
#USER_GAD_NOM
#USER_GAD_MDP
#USER_GAD_OK
EndEnumeration
Structure USER
type.b ; Invité, Utilisateur, Administrateur
nom.s ; Nom de l'utilisateur
mdp.s ; Mot de passe
EndStructure
NewList UserList.USER()
Procedure USER_ExisteDeja(nom.s)
ForEach UserList()
If UserList()\nom=nom
ProcedureReturn #True
EndIf
Next
ProcedureReturn #False
EndProcedure
Procedure USER_Ajouter(type.b,nom.s,mdp.s)
If nom<>"" And mdp<>""
If type>#USER_TYPE_GUEST
If USER_ExisteDeja(nom)=#False
AddElement(UserList())
UserList()\type=type
UserList()\nom=nom
UserList()\mdp=DESFingerprint(mdp,#USER_KEY)
ProcedureReturn #True
EndIf
EndIf
EndIf
ProcedureReturn #False
EndProcedure
Procedure USER_Identifier(nom.s,mdp.s)
ForEach UserList()
If UserList()\nom=nom
If UserList()\mdp=DESFingerprint(mdp,#USER_KEY)
ProcedureReturn UserList()\type
EndIf
EndIf
Next
ProcedureReturn #USER_TYPE_GUEST
EndProcedure
Procedure USER_Enregistrer(fichier.s)
If CreatePack(fichier)
ligne.s=""
ForEach UserList()
ligne+Str(UserList()\type)+#USER_SEP
ligne+UserList()\nom+#USER_SEP
ligne+UserList()\mdp+#USER_CSV
Next
AddPackMemory(@ligne,Len(ligne),9)
ClosePack()
ProcedureReturn #True
EndIf
ProcedureReturn #False
EndProcedure
Procedure USER_Charger(fichier.s)
hFichier.l=OpenPack(fichier)
If hFichier=#Null
ProcedureReturn #False
EndIf
UserData$=PeekS(NextPackFile())
ClearList(UserList())
i=1
Repeat
ligne$=StringField(UserData$,i,#USER_CSV)
If ligne$="" : Break : EndIf
If AddElement(UserList())
UserList()\type=Val(StringField(ligne$,1,#USER_SEP))
UserList()\nom=StringField(ligne$,2,#USER_SEP)
UserList()\mdp=StringField(ligne$,3,#USER_SEP)
EndIf
i+1
ForEver
ClosePack()
ProcedureReturn #True
EndProcedure
Procedure USER_RemplirGadget(Gadget.l)
ForEach UserList()
AddGadgetItem(Gadget,-1,UserList()\nom)
Next
EndProcedure
Procedure USER_Login(Titre.s)
fenetre=OpenWindow(#PB_Any,0,0,255,75,#PB_Window_ScreenCentered,Titre)
If fenetre=#Null
ProcedureReturn #False
EndIf
ShowCloseButton(WindowID(),#True)
MakeToolWindow(WindowID(),#True)
MakeStayOnTop(WindowID(),#True)
CreateGadgetList(WindowID())
TextGadget(#USER_GAD_INFO,5,5,245,18,"Veuillez choisir votre nom dans la liste",#PB_Text_Center)
ComboBoxGadget(#USER_GAD_NOM,5,25,120,100)
StringGadget(#USER_GAD_MDP,130,25,120,21,"",#PB_String_Password)
ButtonGadget(#USER_GAD_OK,98,52,60,21,"OK")
police=LoadFont(#PB_Any,"Arial",8,#PB_Font_Bold)
If police<>#Null
SetGadgetFont(#USER_GAD_INFO,FontID())
SetGadgetFont(#USER_GAD_OK,FontID())
EndIf
DisableGadget(#USER_GAD_OK,#True)
USER_RemplirGadget(#USER_GAD_NOM)
Repeat
Select WaitWindowEvent()
Case #PB_Event_CloseWindow : Break
Case #PB_Event_Gadget
Select EventGadgetID()
Case #USER_GAD_OK : Break
Case #USER_GAD_NOM
If EventType()=1
DisableGadget(#USER_GAD_OK,#True)
SetGadgetText(#USER_GAD_MDP,"")
SetGadgetText(#USER_GAD_INFO,"Veuillez saisir votre mot de passe")
EndIf
EndSelect
Case 258
Select USER_Identifier(GetGadgetText(#USER_GAD_NOM),GetGadgetText(#USER_GAD_MDP))
Case #USER_TYPE_GUEST : SetGadgetText(#USER_GAD_INFO,"Utilisateur non identifié") : DisableGadget(#USER_GAD_OK,#True)
Case #USER_TYPE_USER : SetGadgetText(#USER_GAD_INFO,"Utilisateur identifié") : DisableGadget(#USER_GAD_OK,#False)
Case #USER_TYPE_ADMIN : SetGadgetText(#USER_GAD_INFO,"Administrateur identifié") : DisableGadget(#USER_GAD_OK,#False)
EndSelect
EndSelect
ForEver
CloseFont(police)
CloseWindow(fenetre)
EndProcedureCode: Select all
;---------------------------------------
; MAKE A USERLIST CRYPTED FILE
;---------------------------------------
IncludeFile "UserLib.pb"
USER_Ajouter(#USER_TYPE_ADMIN,"Flype","toto")
USER_Ajouter(#USER_TYPE_ADMIN,"Fred","pb")
USER_Ajouter(#USER_TYPE_USER,"Denis","riri")
USER_Ajouter(#USER_TYPE_USER,"Regis","fifi")
USER_Ajouter(#USER_TYPE_USER,"Cederavic","loulou")
USER_Enregistrer("users")Code: Select all
;--------------------------------
; LOGIN
;--------------------------------
IncludeFile "UserLib.pb"
USER_Charger("users")
USER_Login("Login")
