This example shows how to use a php script hosted on any web server supporting PHP to allow/deny access to your application. This is a very simple way to add some non-government-grade security to your app. :)

Skills Used:
HTTP actions, Crypto Actions, PHP.

thanx nice sample, any other samples working with php classes? or php scripts?

There's an example on how to build applications which can parse PHP over here:

http://indigorose.com/forums/showthread.php?t=12837&highlight=php

Hi Desmond,

I like to see your example on user validation

But I get this error when i open your attached file

Error: couldn't load: .....\PHP User Pass Validation-1.apz

Pls upload it again

Thanks

Hello,

The project opens fine here. Just to be sure, you are trying to open it in AutoPlay Media Studio 6.0 (and not 5.0), correct?

If so, please try downloading it again.

Thanks!

Corey, thanks for this link... demond, thanks too ^^". I need go, bye! I don't have net, i'm house of my grandmother, 30 kbps .... pqp :o .... thanks....

Sorry to bring up a older topic, but I just wanted to know if this could work if the user was checked agaisnt a file that was stored on the actual CD/DVD itself. Incase there wasnt a internet connection available.

Our projects are client based, so I would only need it to store a max of 5 usernames and passwords.

Yes, you could do this -- though the benefit to using the internet is that you can add / remove passwords without changing your CD's. So, you could have 1000 identical CD's out there, have one bad user, and nuke their credentials.

If you want to check a file on the CD, don't use PHP (As you'd need a PHP parser) -- just read from a file, and compare (encrypt for added security).

Desmond.

so I could use a .txt file then?

I'm fairly new to this software, and after downloading the demo and building our first project, my boss loved it and bought it, so the more I can show him, the more impressed he will be.

Sure, you could use a Text File. But remember, if the file is stored on the CD, it can be viewed by the person using the CD.

Very good point.

My ultimate goal with is to it make it into a Company / Serial number thing.

Were is the person we give it to has to enter his company and a serial number we have already disignated.

I've tired the other options with Serial Number Generator project and I cant seem to figure out how to get it work correctly. I'm sure this is just because I dont have much knowledge in the software yet.

At this point, I am just trying different methods to protect our software from someone else using it.

Is server with check_user.php file need globals register on?

Yes. I believe you can get around that by declaring local variables first:

$username_posted = $_POST['username_md5'];
$password_md5_posted = $_POST['password_md5'];

... And then adjust your if statement accordingly.

Desmond.

Thanks Desmond, thats a real nice example

I have tried this example using a couple of different web-servers for the php-script, but when I run the attached AMS example, I keep getting the following error message:

That user/pass combo is invalid

I'm entering the passwords as specified in the PHP script. (ie. John Doe = JohnnyBoy, Billy Nest = Billy Password, & Jane Smith = Firetruck)

and

I've made sure the URL in the apz.code has been changed to the relevant url for my server.

I've even checked that the php-script can be reached, by loading it via a browser, and get the expected result (ie. No post data found), so I know I've got that part right.

... so what's going on here???

Has anyone actually trialled this example and managed to get it to work? I know the orginal-post is quite old, but I'd really like to get this to work, as it seems like a really good script.

works for me, double check your address and your user/pass combo

Okay, I've tripled-checked my address and password combo. I've ensured the php-script has been set to execute (via chmod-755), and have even tried FTPing in both ascii (text) & binary mode.

What the friggin' firetruck, man???

I'm including my server-settings here (it's just a free test-site ... no security-issues), in the event that anyone would like to check this out for me.

Website URL: http://blacknet.phpnet.us/check_user.php
FTP Server: ftp.phpnet.us
FTP Username (FTP/SQL): pn_2542241
FTP Password (FTP/SQL): sassas

ControlPanel URL : http://cpanel.phpnet.us
ControlPanel Username (FTP/SQL): pn_2542241
ControlPanel Password (FTP/SQL): sassas

I'd really like some feedback, if anyone has the time?

Are you passing the data from your autoplay application as GET or POST data?

If you're using GET, try POST.

Desmond.

it dont work, theres something amiss with your free server

try the script at this address and it will work

http://www.dnet-software.com/check_user.php

edit, ill remove this script in a few days

Are you passing the data from your autoplay application as GET or POST data?

If you're using GET, try POST.

Desmond.

I'm using POST, just as it is in the original apz.script (only ever use POST anyway).


it dont work, theres something amiss with your free server

try the script at this address and it will work

http://www.dnet-software.com/check_user.php

edit, ill remove this script in a few days

RizlaUK, I retried the apz.script, using your server ... and you're right of course, it's works perfectly when the php-script is hosted there. Now, here's what I don't get:

The server that I'm using at http://phpnet.us supports PHP-5 (it's stated in their speil advertising free accounts). The same applies to the other server I tried at http://lycos.tripod.com, yet I have the same problem there. Surely, BOTH servers can't be the problem?

Which leads me to conclude, there must be something wrong with the way in which I'm transferring the php-script. So RizlaUK, I have to ask; when you uploaded the php-script to your server at d-net software, am I correct in assuming that you:

I. uploaded using ascii (text) mode? (I'm assuming that your server is unix)
II. set the file permissions to 755

If so, I'm confused ... because I'm already doing these things on my end. Which takes me back to my original question of:

What the friggin firetruck, man???

Any comments? (anyone???)

maybe the free servers do not allow you to exacute scripts remotely or they reject the ams POST headers (if thats possable),

i uploaded in ASCII mode, dident set permissions, just ran the script

your script is intact because when you load the URL you get the "No Post Data" message, it must be the server rejecting the connection!

Or...
http://www.indigorose.com/forums/showthread.php?t=22635&highlight=home

what about the free server adds and url redirections
does your server add advertisement banners to your pages
or silent navigations

if ($_POST)
{
// Loop through table
foreach($user_table as $username=>$password)
{
// Check if md5's of user/pass match passed values
if (($_POST['username_md5'] == md5($username)) AND ($_POST['password_md5'] == md5($password)))
{
// The user/pass combo matched
echo '1';
exit;
}
}
// The user/pass combox did not match
echo '0';
exit;

free server may add anything here (javascript,html....)
}

add
Dialog.Message("Notice", sResult, MB_OK, MB_ICONNONE);
after
sResult = HTTP.Submit(sCheckScriptURL, tValuesToPass, nSubmitMethod, nTimeout, nPort, tAuthData, tProxyData);

and see ,what your server was sent to you

it should be 0 or 1

i have used the url that you specified (http://blacknet.phpnet.us/check_user.php)
and tested it
there is a silent navigation that you can detect with only socket connection
like : HTTP.Submit();
a normal web browser can not detect this
let me show you the result before you test it

what about the free server adds and url redirections
does your server add advertisement banners to your pages
or silent navigations

if ($_POST)
{
// Loop through table
foreach($user_table as $username=>$password)
{
// Check if md5's of user/pass match passed values
if (($_POST['username_md5'] == md5($username)) AND ($_POST['password_md5'] == md5($password)))
{
// The user/pass combo matched
echo '1';
exit;
}
}
// The user/pass combox did not match
echo '0';
exit;

free server may add anything here (javascript,html....)
}

add
Dialog.Message("Notice", sResult, MB_OK, MB_ICONNONE);
after
sResult = HTTP.Submit(sCheckScriptURL, tValuesToPass, nSubmitMethod, nTimeout, nPort, tAuthData, tProxyData);

and see ,what your server was sent to you

it should be 0 or 1

i have used the url that you specified (http://blacknet.phpnet.us/check_user.php)
and tested it
there is a silent navigation that you can detect with only socket connection
like : HTTP.Submit();
a normal web browser can not detect this
let me show you the result before you test it

Okay ... but what does this mean? You have lost me!

Okay guys,

Thanks for the feedback ... but the point is now mute. I've set up an another free test-account at 000webhost.com who provide free-access with FULL PHP-support.

Now the script runs without any problems at all ... didn't even have to set the file permissions.

It would seem that my initial problem was that I didn't read the terms-of-service of the other freebie-hosts properly who (although offering free PHP support) placed certains restrictions on what exaxtly could be executed, etc...

Anyway, problem now solved.

Thanks everyone.

Thanks ! I'ts very cool !

Okay ... but what does this mean? You have lost me!

simlpified

Normal Web Server :

AMS >> HTTP.Submit() >> check_user.php

check_user.php returns 0 or 1

-----------------------------------------------------------------
Your Web Server :

AMS >> HTTP.Submit() >> advertisement.php >> check_user.php

advertisement.php returns its html source before check_user.php