Jump to content

irigsoft

uniGUI Subscriber
 View Profile  See their activity

  • Posts

    1376

  • Joined

  • Last visited

  • Days Won

    22

 Content Type 

Everything posted by irigsoft

  1. irigsoft
    Did you try to replace the "_fp_" parameters in an Ajax event?
  2. irigsoft
    So, if You use Digest auth, plain text is not appear ? Or if You use my methods , plain text is not appear .
  3. irigsoft
    Hello, I see in my tests, when numbers like: 1 or 02 are used, then an internal error occurs. Perhaps in your test, this causes the plain text to appear as it is. This error does not occur when characters are used.
  4. irigsoft
    Do you know if it will work if we apply Digest authentication?
  5. irigsoft
    What values do You see in third party results '123' or username/password ? Can You send printscreen of results ?
  6. irigsoft
    This is with loginform: Project1_LoginForm.zip
  7. irigsoft
    Project1.zip Simple, without login form just replace values in uniEditUser.text and uniEditPass.Text with '123' Click to button must show results in (replaced) text fields Please try It without login form and return feedback.
  8. irigsoft
    I will try.
  9. irigsoft
    do You have components with names username and userpassword ?
  10. irigsoft
    I don't know the correct name of the Edit field for a username in the login form. I see in your sql code, you gave as an example that you use to enter username uniEdit1. In my code I use uniEditUser as my username (not with that name in your login form). So take the correct name of your login form and use it in this procedure to replace uniEditUser and uniEditpass with the correct component name. If you component name for username is uniEdit1 and for pass is uniEdit2 This code will be correct: procedure TUniLoginFrm.UniLoginFormReady(Sender: TObject); begin // Add Components for encryption in Application Layer if UniServerModule.ProtectDataList.IndexOfName(UniEdit1.Name) <= 0 then UniServerModule.ProtectDataList.Add(UniEdit1.Name + '=' + UniEdit1.JSName) // add JSName of Element for UserName else UniServerModule.ProtectDataList.Values[UniEdit1.Name] := UniEdit1.JSName; if UniServerModule.ProtectDataList.IndexOfName(UniEdit2.Name) <= 0 then UniServerModule.ProtectDataList.Add(UniEdit2.Name + '=' + UniEdit2.JSName) // add JSName of Element for UserPass else UniServerModule.ProtectDataList.Values[UniEdit2.Name] := UniEdit2.JSName; end;
  11. irigsoft
    Sorry for this confusion: You need to replace uniEditUser with uniEdi1 and uniEditPass with uniEdit2 . This code is correct after replace them: procedure TUniLoginFrm.UniLoginFormReady(Sender: TObject); begin // Add Components for encryption in Application Layer if UniServerModule.ProtectDataList.IndexOfName(UniEdit1.Name) <= 0 then UniServerModule.ProtectDataList.Add(UniEdit1.Name + '=' + UniEdit1.JSName) // add JSName of Element for UserName else UniServerModule.ProtectDataList.Values[UniEdit1.Name] := UniEdit1.JSName; if UniServerModule.ProtectDataList.IndexOfName(UniEdit2.Name) <= 0 then UniServerModule.ProtectDataList.Add(UniEdit2.Name + '=' + UniEdit2.JSName) // add JSName of Element for UserPass else UniServerModule.ProtectDataList.Values[UniEdit2.Name] := UniEdit2.JSName; end;
  12. irigsoft
    Try to replace in this procedure uniEditUser and uniEditPass with component for User and Pass from loginform procedure TUniLoginFrm.UniLoginFormReady(Sender: TObject); begin // Add Components for encryption in Application Layer if UniServerModule.ProtectDataList.IndexOfName(UniEditUser.Name) <= 0 then UniServerModule.ProtectDataList.Add(UniEditUser.Name + '=' + UniEditUser.JSName) // add JSName of Element for UserName else UniServerModule.ProtectDataList.Values[UniEditUser.Name] := UniEditUser.JSName; if UniServerModule.ProtectDataList.IndexOfName(UniEditPass.Name) <= 0 then UniServerModule.ProtectDataList.Add(UniEditPass.Name + '=' + UniEditPass.JSName) // add JSName of Element for UserPass else UniServerModule.ProtectDataList.Values[UniEditPass.Name] := UniEditPass.JSName; end; In Your SQL code You use UniEdit1 and UniEdit2 "UniQuery1.Active := false; UniQuery1.SQL.Text := 'select * from ss_customer_info where (customer_id=' + chr(39) + UniEdit1.Text + chr(39) + ') and (admin_id =' + chr(39) + UniEdit2.Text + chr(39) + ') and (admin_pass=' + chr(39) + MD5(cl_decrypt(uniedit2.text)) + chr(39) + ')'; UniQuery1.Open;"
  13. irigsoft
    Hi, I see that in Your code, You use UniEditUser for Username, but that is not right in LoginForm. Maybe You must replace UniEditUser with correct component. I make test with empty uniGui project and just add this uniEdit field: UniEditUser and UniEditPass, they are not user name and password from loginform. This is possible reason ! Try to replace in this procedure uniEditUser and uniEditPass with component for User and Pass from loginform procedure TUniLoginFrm.UniLoginFormReady(Sender: TObject); begin // Add Components for encryption in Application Layer if UniServerModule.ProtectDataList.IndexOfName(UniEditUser.Name) <= 0 then UniServerModule.ProtectDataList.Add(UniEditUser.Name + '=' + UniEditUser.JSName) // add JSName of Element for UserName else UniServerModule.ProtectDataList.Values[UniEditUser.Name] := UniEditUser.JSName; if UniServerModule.ProtectDataList.IndexOfName(UniEditPass.Name) <= 0 then UniServerModule.ProtectDataList.Add(UniEditPass.Name + '=' + UniEditPass.JSName) // add JSName of Element for UserPass else UniServerModule.ProtectDataList.Values[UniEditPass.Name] := UniEditPass.JSName; end; In Your SQL code You use UniEdit1 and UniEdit2 "UniQuery1.Active := false; UniQuery1.SQL.Text := 'select * from ss_customer_info where (customer_id=' + chr(39) + UniEdit1.Text + chr(39) + ') and (admin_id =' + chr(39) + UniEdit2.Text + chr(39) + ') and (admin_pass=' + chr(39) + MD5(cl_decrypt(uniedit2.text)) + chr(39) + ')'; UniQuery1.Open;"
  14. irigsoft
    .
  15. irigsoft
    Yes, that's all and it's right. If there is no effect, it may be better for @Sherzod or another member of the uniGui team to help with this I see in the Google chrome console, the file in which the function for filling in the values is performed and maybe something needs to be changed in the file.
  16. irigsoft
    this is all : All procedure move from TUniServerModule.UniGUIServerModuleHTTPCommand to TUniMainModule.UniGUIMainModuleHandleRequest uses uniGUIJSUtils , HTTPApp; procedure TUniMainModule.UniGUIMainModuleHandleRequest(ASession: TObject; var Handled: Boolean); var sUser, sPass, fpName,fpValue, fpCompName, s : String; I,J : Integer; sAjaxValues, sRefererValues : TStringList; REQ : TIdHTTPRequestInfo; // uIdCustomHTTPServer begin Try //replace ARequestInfo with TUniGUISession(ASession).ARequest //If (sSessionID <> '') If (POS ('_fp_',TUniGUISession(ASession).ARequest.UnparsedParams)> 0) AND (UniServerModule.ProtectDataList.Count > 0) then begin sAjaxValues := TStringList.Create; sAjaxValues.Delimiter := '&'; sAjaxValues.StrictDelimiter := True; sAjaxValues.DelimitedText := uniGUIJSUtils.URIDecode(TUniGUISession(ASession).ARequest.UnparsedParams); TRY if (sAjaxValues.IndexOfName ('_fp_') > 0) then begin for J := 0 to UniServerModule.ProtectDataList.Count - 1 do begin fpCompName := UniServerModule.ProtectDataList.ValueFromIndex [J]; fpName := sAjaxValues.Values[fpCompName]; fpValue := ''; if fpName <> '' then begin for I := Length (fpName) downto 1 do begin case fpName [I] of '%' : begin delete (fpValue,1,2); break; end else fpValue := fpName [I] + fpValue; end; end;//for I sAjaxValues.Values[fpCompName] := StringReplace (sAjaxValues.Values[fpCompName],fpValue,'123',[]); TUniGUISession(ASession).ARequest.Params.Values ['_fp_'] := '&' + sAjaxValues [sAjaxValues.IndexOfName(fpCompName)]; sAjaxValues.Values ['_fp_'] := HTTPEncode ('&' + sAjaxValues [sAjaxValues.IndexOfName(fpCompName)]); sAjaxValues.Delete (sAjaxValues.IndexOfName (fpCompName)); TUniGUISession(ASession).ARequest.UnparsedParams := sAjaxValues.DelimitedText; TUniGUISession(ASession).ARequest.FormParams := sAjaxValues.DelimitedText; end;//If end;//for J end;//If sAjaxValues.Clear; sAjaxValues.Free; EXCEPT END; end;
  17. irigsoft
    Please try with other maner: will use TUniMainModule.UniGUIMainModuleHandleRequest procedure TUniMainModule.UniGUIMainModuleHandleRequest(ASession: TObject; var Handled: Boolean); var sUser, sPass, fpName,fpValue, fpCompName, s : String; I,J : Integer; sAjaxValues, sRefererValues : TStringList; REQ : TIdHTTPRequestInfo; // uIdCustomHTTPServer begin Try //replace ARequestInfo with TUniGUISession(ASession).ARequest //If (sSessionID <> '') If (POS ('_fp_',TUniGUISession(ASession).ARequest.UnparsedParams)> 0) AND (UniServerModule.ProtectDataList.Count > 0) then begin sAjaxValues := TStringList.Create; sAjaxValues.Delimiter := '&'; sAjaxValues.StrictDelimiter := True; sAjaxValues.DelimitedText := uniGUIJSUtils.URIDecode(TUniGUISession(ASession).ARequest.UnparsedParams); TRY if (sAjaxValues.IndexOfName ('_fp_') > 0) then begin for J := 0 to UniServerModule.ProtectDataList.Count - 1 do begin fpCompName := UniServerModule.ProtectDataList.ValueFromIndex [J]; fpName := sAjaxValues.Values[fpCompName]; fpValue := ''; if fpName <> '' then begin for I := Length (fpName) downto 1 do begin case fpName [I] of '%' : begin delete (fpValue,1,2); break; end else fpValue := fpName [I] + fpValue; end; end;//for I sAjaxValues.Values[fpCompName] := StringReplace (sAjaxValues.Values[fpCompName],fpValue,'123',[]); TUniGUISession(ASession).ARequest.Params.Values ['_fp_'] := '&' + sAjaxValues [sAjaxValues.IndexOfName(fpCompName)]; sAjaxValues.Values ['_fp_'] := HTTPEncode ('&' + sAjaxValues [sAjaxValues.IndexOfName(fpCompName)]); sAjaxValues.Delete (sAjaxValues.IndexOfName (fpCompName)); TUniGUISession(ASession).ARequest.UnparsedParams := sAjaxValues.DelimitedText; TUniGUISession(ASession).ARequest.FormParams := sAjaxValues.DelimitedText; end;//If end;//for J end;//If sAjaxValues.Clear; sAjaxValues.Free; EXCEPT END; end; I test this two functions in Google chrome console and make memory snapshot. when I use UniGUIServerModuleHTTPCommand, then console show me test value like submittedvalue when i use UniGUIMainModuleHandleRequest , then console show me test value like lastvalue So there are some differenses , and maybe last one funcions will giv You the solution.
  18. irigsoft
    1. Can You try to replace ARequestInfo.UnparsedParams with ARequestInfo.Params.text or ARequestInfo.FormParams ? 2. Also You can try to encrypt ARequestInfo.Username and ARequestInfo.Password in TUniServerModule.UniGUIServerModuleHTTPCommand I add this code: //replace data sAjaxValues.Values[fpCompName] := StringReplace (sAjaxValues.Values[fpCompName],fpValue,'123',[]); //NEW Replace In ARequestInfo.Params ARequestInfo.Params.Values ['_fp_'] := '&' + sAjaxValues [sAjaxValues.IndexOfName(fpCompName)]; sAjaxValues.Values ['_fp_'] := HTTPEncode ('&' + sAjaxValues [sAjaxValues.IndexOfName(fpCompName)]); sAjaxValues.Delete (sAjaxValues.IndexOfName (fpCompName)); //Old code replace data in UnparsedParams ARequestInfo.UnparsedParams := sAjaxValues.DelimitedText; //NEW Replace in ARequestInfo.FormParams ARequestInfo.FormParams := sAjaxValues.DelimitedText;
  19. irigsoft
    Thanks, On the web i found many softwares for this purpose (encrypt data from browser), may be unigui can't make this by default.
  20. irigsoft
    "How do you deal with the problem of plaintext?" Replace uniEditValue's with custom javascript hash function on Client Side. Project1.zip and with md5 hash: Project1.zip
  21. irigsoft
    So, resolution is this: uses HTTPApp; // procedure TUniServerModule.UniGUIServerModuleBeforeInit(Sender: TObject); begin //create list with elements for encriptions ProtectDataList := TStringList.Create; //We can load all names from file with settings ProtectDataList.loadfromFile ('file with names of elements'); end; procedure TForm_General.UniFormReady(Sender: TObject); begin //Add Components for encryption in Application Layer if UniServerModule.ProtectDataList.IndexOfName (UniEditUser.Name) <= 0 then UniServerModule.ProtectDataList.Add (UniEditUser.Name + '=' + UniEditUser.JSName) //add JSName of Element for UserName else UniServerModule.ProtectDataList.Values [UniEditUser.Name] := UniEditUser.JSName; if UniServerModule.ProtectDataList.IndexOfName (UniEditPass.Name) <= 0 then UniServerModule.ProtectDataList.Add (UniEditPass.Name + '=' + UniEditPass.JSName) //add JSName of Element for UserPass else UniServerModule.ProtectDataList.Values [UniEditPass.Name] := UniEditPass.JSName; end; procedure TUniServerModule.UniGUIServerModuleHTTPCommand( ARequestInfo: TIdHTTPRequestInfo; AResponseInfo: TIdHTTPResponseInfo; var Handled: Boolean); var fpName,fpValue, fpCompName : String; sAjaxValues : TStringList; I,J : Integer; begin // if there is "_ft_" data on request, we will replace everything in it If (POS ('_fp_',ARequestInfo.UnparsedParams)> 0) AND (UniServerModule.ProtectDataList.Count > 0) then begin sAjaxValues := TStringList.Create; //create list with all values from request sAjaxValues.Delimiter := '&'; sAjaxValues.StrictDelimiter := True; sAjaxValues.DelimitedText := uniGUIJSUtils.URIDecode(ARequestInfo.UnparsedParams); //decode URL data from ARequestInfo TRY if (sAjaxValues.IndexOfName ('_fp_') > 0) then begin //for a list of items for which we want the data to be encrypted for J := 0 to UniServerModule.ProtectDataList.Count - 1 do begin fpCompName := UniServerModule.ProtectDataList.ValueFromIndex [J]; //get JSName of component in Request fpName := sAjaxValues.Values[fpCompName]; //find data for jsname in Request fpValue := ''; if fpName <> '' then begin for I := Length (fpName) downto 1 do begin case fpName [I] of '%' : begin delete (fpValue,1,2); //delete the last 2 characters, they were always% 02, so if% is found, delete 02 break; end else fpValue := fpName [I] + fpValue; end; end;//for I //replace value for component , 123 is new value of data. This can be replaced with MD5 (fpValue) sAjaxValues.Values[fpCompName] := StringReplace (sAjaxValues.Values[fpCompName],fpValue,'123',[]); sAjaxValues.Values ['_fp_'] := HTTPEncode ('&' + sAjaxValues [sAjaxValues.IndexOfName(fpCompName)]); //URL encoded all data for '_fp_' sAjaxValues.Delete (sAjaxValues.IndexOfName (fpCompName)); ARequestInfo.UnparsedParams := sAjaxValues.DelimitedText; //set new values end;//If end;//for J end;//If sAjaxValues.Clear; sAjaxValues.Free; EXCEPT END; end; end; This will replace in Request values in uniEditUser and uniEditPass with '123'. Please send me feedback with third party test results.
  22. irigsoft
    Please declare ProtectDataList as TStringList in Servermodule, public
  23. irigsoft
    Sorry, add to uses clause : uniGUIJSUtils
  24. irigsoft
    Please try it Hi, I make some code for testing. procedure TUniServerModule.UniGUIServerModuleHTTPCommand( ARequestInfo: TIdHTTPRequestInfo; AResponseInfo: TIdHTTPResponseInfo; var Handled: Boolean); var sSessionID : String; sAjaxValues : TStringList; begin sSessionID := ExtractSessionId(ARequestInfo.UnParsedParams); //get Active Session ID TRY If (sSessionID <> '') //UniServerModule.ProtectDataList.Values [sSessionID + 'User'] - use it to save user //UniServerModule.ProtectDataList.Values [sSessionID + 'Pass'] - use it to save pass (ProtectDataList=TStringList) then begin sAjaxValues := TStringList.Create; sAjaxValues.Delimiter := '&'; sAjaxValues.StrictDelimiter := True; sAjaxValues.DelimitedText := ARequestInfo.UnparsedParams; //save UnparsedParams - plaintext data TRY //if (POS (UniServerModule.ProtectDataList.Values [sSessionID + 'User'],sAjaxValues.Values ['_fp_']) > 0) //AND (TRIM (UniServerModule.ProtectDataList.Values [sSessionID + 'User']) <> '') if (sAjaxValues.IndexOfName ('_fp_') > 0) then begin sAjaxValues.Values ['_fp_'] := Stringreplace (sAjaxValues.Values ['_fp_'],UniServerModule.ProtectDataList.Values [sSessionID + 'Pass'], (MD5(UniServerModule.ProtectDataList.Values [sSessionID + 'Pass'],'123')),[rfReplaceAll,rfIgnoreCase]); ARequestInfo.UnparsedParams := sAjaxValues.DelimitedText; UniServerModule.ProtectDataList.Values [sSessionID + 'User'] := ''; end; //if (POS (UniServerModule.ProtectDataList.Values [sSessionID + 'Pass'],sAjaxValues.Values ['_fp_']) > 0) //AND (TRIM (UniServerModule.ProtectDataList.Values [sSessionID + 'Pass']) <> '') if (sAjaxValues.IndexOfName ('_fp_') > 0) then begin sAjaxValues.Values ['_fp_'] := Stringreplace (sAjaxValues.Values ['_fp_'],UniServerModule.ProtectDataList.Values [sSessionID + 'Pass'],(MD5(UniServerModule.ProtectDataList.Values [sSessionID + 'Pass'],'123')),[rfReplaceAll,rfIgnoreCase]); ARequestInfo.UnparsedParams := sAjaxValues.DelimitedText; UniServerModule.ProtectDataList.Values [sSessionID + 'Pass'] := ''; end; sAjaxValues.Clear; sAjaxValues.Free; EXCEPT END; end; end; This will replace values of user and passward in Raw. Please send me feedback with result.
  25. irigsoft
    .
×
×
  • Create New...