PureBasic Forums - English

http://www.purebasic.com
https://www.purebasic.fr/english/

Authenticating with a server before program use... how to?

https://www.purebasic.fr/english/viewtopic.php?t=22407

Page 1 of 1

Authenticating with a server before program use... how to?

Posted: Thu Jun 22, 2006 9:06 pm
by Kaiser
Hi again! ^_^

I'm actually quite proud of the chat program I've been working on since last year, and it's been going awesome thanks to the help of all of you :)

Now however, I'm wanting a little more "control" and since the program is being used (for now) by the channel moderators, I want to check who really is using the program, just in case they "share" it to other people without my consent. I'm gonna release a public version of the program (maybe open source too, who knows) later, but I want to perfection it first so it gets as better as my skills can do :).

So then a friend of mine suggested to make the program authenticate with a PHP (wtf?) server and compare the generated MachineID with the database and all that heck. However I'm kinda puzzled here...

How would I make authentication to an HTTP/PHP server? I know MSN does something like that and sends and receives data through port 80, and I've heard stuff about sending data in "headers" but how actually is this thing done? I have lots, lots of knowledge in PHP but I don't get how would I make my PB program authenticate with the PHP server and wait for validation?

If anybody could lend me a hand here it would be awesome :)... thanks in advance :D.

Posted: Thu Jun 22, 2006 9:24 pm
by Shannara
I can only think of using ASP.net because I prefer that over php5 for certain reasons :) More comfortable with basic dialecs and c#, then php, anyhow ..

Have a php script accept a parm. aka machine Id, you can get that from the mac address or whatever. The php script can search the database (mysql or mssql or .. ?), and return a 0 or 1. The client reads the return, and based on that, determines if it will continue to run or not.

Posted: Thu Jun 22, 2006 9:43 pm
by Kaiser
The thing is, the server where I'm planning to host the authentication is not mine :P so HTML/PHP is all I have... yup, I have the MachineID, the thing is, I've never made a PB test/program that can actually "connect" to a webserver, or actually understand one and send/receive data between the webserver and itself ... :P

Posted: Fri Jun 23, 2006 3:47 pm
by Pantcho!!
This is how i do it:

I got my program "initializing" and while that it connects to my http server which i programmed a CGI form (you can do it with PHP/ASP whatever) and use the "GET" command of the http with a simple send of a encrypted string.

then the CGI program validate the encrytion and sends back an encrypted string.

then the PB program validates the string to auth' the source.

if yes , woo hoo.
if no, damn.

In the server side i use Paul CGI_LIB which works great! .

almost forgot, another thing to consider is that your users firewall will show them the attempt to connect a diffrent server ( you actual validation server) if that so they might think it is a spyware or somthing so remark that so your users wont get the wrong impression.

good luck.

Posted: Fri Jul 14, 2006 9:32 am
by Kaiser
That's great help Pantcho!! :)

Alright, sorry for the late reply.... I've been really busy with school lately - however I'm on vacations now so I can retake the project again :).

I fiddled around with the CGI-BIN library (which is real good, I agree with you :D) and tested the first example I saw (that one with Name & Phone and the three submission methods) and I really liked the POST method because it doesn't show anything in the browser URL bar.

However that's done through the browser, and I need my program to do it itself. I have my validation program ready (getting the string by the browser, just for testing) but I don't know how to make a POST request through my program... do you know how to?

Thanks in advance :)

Posted: Sat Jul 15, 2006 12:09 pm
by Pantcho!!
You can use a simple "GET" no need for "POST" (cgi-lib support also get with parameters).
You just open a connection to your web server, and enters the get command, for example like this:
"GET /cgi-bin/auth.exe?UserName=john&UserPass=doe"

where auth.exe is your Purebasic CGI exe.
and the UserName and UserPass are CGI-BIN lib parameters.

And search the forum regarding opening a connection on port 80 and requesting with GET/POST, there are many examples.

good luck.

Posted: Mon Jul 17, 2006 8:35 am
by Kaiser
Thanks a lot!!! :D :D :D that really, really helped me LOTS :D :D :D

I solved it ^^. I'm not going to post my entire auth system (security reasons :P) but this one is a really basic example that works like hell :)

CGITEST.EXE (To be placed in the cgi-bin folder)

Code: Select all

CGI_In() 
Key.s=CGI_Val("KEY")
If Key.s="123456"
  CGI_Header()
  CGI_Out("Yes")
Else 
  CGI_Header()
  CGI_Out("No")
EndIf
EXAMPLE.PB (Example program. Thanks to Karbon for this one :))

Code: Select all

  ; 
  ; All stuff for the WinInet lib. 
  ; 
  #INTERNET_OPEN_TYPE_DIRECT = 1 
  #HTTP_ADDREQ_FLAG_ADD = $20000000 
  #HTTP_ADDREQ_FLAG_REPLACE = $80000000 
  #INTERNET_FLAG_SECURE = 0
  ; 
  ; Type of connection (could be FTP Gopher etc). HTTPS is done as HTTP too. 
  ; 
  #INTERNET_SERVICE_HTTP = 3 
  ; 
  ; HTTP port is 80, HTTPS (SSL) port is 443. 
  ; 
  #INTERNET_DEFAULT_HTTP_PORT = 80 
Procedure.s do_post() 
    ; 
    ; Do NOT include http:// or any other protocol indicator here 
    ; 
    host.s = "localhost" 
    ; 
    ; Everything after the hostname of the server 
    ; 
    get_url.s = "/cgi-bin/cgitest.exe" 
    ; 
    ; Holds the result from the CGI/page 
    ; 
    result.s = "" 
    ; 
    ; All from the wininet DLL 
    ; 
    ; Be sure your Internet Explorer is up to date! 
    ; 
    open_handle = InternetOpen_("User Agent Info Goes Here",#INTERNET_OPEN_TYPE_DIRECT,"","",0) 
    connect_handle = InternetConnect_(open_handle,host,#INTERNET_DEFAULT_HTTP_PORT,"","",#INTERNET_SERVICE_HTTP,0,0) 
    request_handle = HttpOpenRequest_(connect_handle,"POST",get_url,"","",0,#INTERNET_FLAG_SECURE,0) 
    headers.s = "Content-Type: application/x-www-form-urlencoded" +Chr(13)+Chr(10)  
    HttpAddRequestHeaders_(request_handle,headers,Len(headers), #HTTP_ADDREQ_FLAG_REPLACE | #HTTP_ADDREQ_FLAG_ADD) 

    ;*******
    ;Change this to "123456" and you shall see it work :)
    ;*******
    post_data.s = "KEY=456789" 

    post_data_len = Len(post_data) 
    send_handle = HttpSendRequest_(request_handle,"",0,post_data,post_data_len) 
    buffer.s = Space(1024) 
    bytes_read.l 
    total_read.l 
    total_read = 0 
    ; 
    ; Read until we can't read anymore.. 
    ; The string "result" will hold what ever the server pushed at us. 
    ; 
    Repeat 
      InternetReadFile_(request_handle,@buffer,1024,@bytes_read) 
      result + Left(buffer,bytes_read) 
      buffer = Space(1024) 
    Until bytes_read=0 
    ProcedureReturn result
EndProcedure
  
Debug do_post()

;This returns "No". Change the post_data.s to "123456" and it should say "Yes" :)
YAY! :D

Posted: Wed Jul 19, 2006 8:31 pm
by Pantcho!!
:wink:
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited