Example: PHP User/Password Validation

[Desmond]

This example shows how to use a php script hosted on any web server supporting PHP to allow/deny access to your application. This is a very simple way to add some non-government-grade security to your app.

Skills Used:
HTTP actions, Crypto Actions, PHP.

[Maggi]

thanx nice sample, any other samples working with php classes? or php scripts?

[Corey]

There's an example on how to build applications which can parse PHP over here:

http://indigorose.com/forums/showthr...&highlight=php

[sosuave]

Hi Desmond,

I like to see your example on user validation

But I get this error when i open your attached file

Error: couldn't load: .....\PHP User Pass Validation-1.apz

Pls upload it again

Thanks

[Desmond]

Hello,

The project opens fine here. Just to be sure, you are trying to open it in AutoPlay Media Studio 6.0 (and not 5.0), correct?

If so, please try downloading it again.

Thanks!

[xxmatagbxx]

Corey, thanks for this link... demond, thanks too ^^". I need go, bye! I don't have net, i'm house of my grandmother, 30 kbps .... pqp .... thanks....

[DKGlobal]

Sorry to bring up a older topic, but I just wanted to know if this could work if the user was checked agaisnt a file that was stored on the actual CD/DVD itself. Incase there wasnt a internet connection available.

Our projects are client based, so I would only need it to store a max of 5 usernames and passwords.

[Desmond]

Yes, you could do this -- though the benefit to using the internet is that you can add / remove passwords without changing your CD's. So, you could have 1000 identical CD's out there, have one bad user, and nuke their credentials.

If you want to check a file on the CD, don't use PHP (As you'd need a PHP parser) -- just read from a file, and compare (encrypt for added security).

Desmond.

[DKGlobal]

so I could use a .txt file then?

I'm fairly new to this software, and after downloading the demo and building our first project, my boss loved it and bought it, so the more I can show him, the more impressed he will be.

[Desmond]

Sure, you could use a Text File. But remember, if the file is stored on the CD, it can be viewed by the person using the CD.

[DKGlobal]

Very good point.

My ultimate goal with is to it make it into a Company / Serial number thing.

Were is the person we give it to has to enter his company and a serial number we have already disignated.

I've tired the other options with Serial Number Generator project and I cant seem to figure out how to get it work correctly. I'm sure this is just because I dont have much knowledge in the software yet.

At this point, I am just trying different methods to protect our software from someone else using it.

[piotrd]

Is server with check_user.php file need globals register on?

[Desmond]

Yes. I believe you can get around that by declaring local variables first:

$username_posted = $_POST['username_md5'];
$password_md5_posted = $_POST['password_md5'];

... And then adjust your if statement accordingly.

Desmond.

[foralgeria]

Thanks Desmond, thats a real nice example

[mystica]

I have tried this example using a couple of different web-servers for the php-script, but when I run the attached AMS example, I keep getting the following error message:

Code:

That user/pass combo is invalid

I'm entering the passwords as specified in the PHP script. (ie. John Doe = JohnnyBoy, Billy Nest = Billy Password, & Jane Smith = Firetruck)

and

I've made sure the URL in the apz.code has been changed to the relevant url for my server.

I've even checked that the php-script can be reached, by loading it via a browser, and get the expected result (ie. No post data found), so I know I've got that part right.

... so what's going on here???

Has anyone actually trialled this example and managed to get it to work? I know the orginal-post is quite old, but I'd really like to get this to work, as it seems like a really good script.