huayan889

Debugging found unisession. Addjs ('alert ((document. Getelementsbyname ("'+ user_ Password. Jsname + ') [0]. Value))) Displayed value and FpKey:=user_password.text Obtained values are not the same

Debugging found unisession. Addjs ('alert ((document. Getelementsbyname ("'+ user_ Password. Jsname + ') [0]. Value))) <> fpkey the code used is as follows: procedure TUnimLoginForm1.UniButton1Click(Sender: TObject); var FpKey: string; begin UniSession.AddJS( 'alert((document.getElementsByName("' + user_password.JSName +'")[0].value))'); FpKey:=user_password.text; //Debugging found unisession. Addjs ('alert ((document. Getelementsbyname ("'+ user_ Password. Jsname + ') [0]. Value))) Displayed value and FpKey:=user_password.text Obtained values are not the same end; procedure TUnimLoginForm1.UnimLoginFormCreate(Sender: TObject); var ns, dwid: string; begin UniButton1.ClientEvents.ExtEvents.Values['tap'] := 'function tap(sender, e, eOpts)' + '{'+ ' document.getElementsByName("' + user_password.JSName+'")[0].value = MD5(document.getElementsByName("' + user_password.JSName +'")[0].value);'+ '}'; end;

possible

After setting, no effect。

hi，irigsoft，This solution is not invalid in the mobile version, the button does not have a click. Replacing click with tap does not work

Sslvtlsv1.2 has been set in uniservermodule. How to disable TLS 1.0 and 1.1?

Thank . It has been tested and solved.

thank . If we can solve this problem, we can use unigui to develop applications

I don't know if unigui has a similar solution.

procedure TIWForm54.IWButton1Click(Sender: TObject); begin IWLabel1.Text:= md5(iwedit1.Text); end;

procedure TIWForm54.IWButton1AsyncClick(Sender: TObject; EventParams: TStringList); begin IWLabel1.Text:= md5(iwedit1.Text); end;

Just using IntraWeb, we found that using iwbutton 1Click will also appear plaintext, but this problem is solved when iwbutton 1asyncclick is used. Just using IntraWeb, we found that using iwbutton 1Click will also appear plaintext, but this problem is solved when iwbutton 1asyncclick is used.

The same problem still exists with the new demo test just now

yes

you Demo

Login form code; unit Login; interface uses Windows, Messages, SysUtils, Variants, Classes, Graphics, Soap.EncdDecd, Controls, Forms, uniGUITypes, uniGUIAbstractClasses, AuthenticodeGenerate, uniImage, Vcl.ExtCtrls, cl_crypt32, uniGUIClasses, uniGUIRegClasses, uniGUIForm, uniButton, uniEdit, uniGUIBaseClasses, uniGroupBox, Data.DB, MemDS, DBAccess, Uni, uniPanel, uniStatusBar, uniTimer, uniLabel,uniGUIJSUtils, HTTPApp; type TUniLoginFrm = class(TUniLoginForm) admin_pass: TUniEdit; LoginBut: TUniButton; admin_id: TUniEdit; UniEdit1: TUniEdit; UniQuery1: TUniQuery; UniPanel1: TUniPanel; UniImage1: TUniImage; UniEdit3: TUniEdit; UniButton2: TUniButton; UniTimer1: TUniTimer; UniPanel2: TUniPanel; UniPanel3: TUniPanel; UniPanel4: TUniPanel; UniPanel5: TUniPanel; procedure UniButton2Click(Sender: TObject); procedure UniImage1Click(Sender: TObject); procedure LoginButClick(Sender: TObject); procedure UniLoginFormCreate(Sender: TObject); procedure UniTimer1Timer(Sender: TObject); procedure UniLoginFormActivate(Sender: TObject); procedure UniEdit3KeyPress(Sender: TObject; var Key: Char); procedure UniLoginFormReady(Sender: TObject); procedure LoginButAjaxEvent(Sender: TComponent; EventName: string; Params: TUniStrings); private { Private declarations } Authenticode: string; public { Public declarations } ps: string; end; function UniLoginFrm: TUniLoginFrm; implementation {$R *.dfm} uses uniGUIVars, MainModule, uniGUIApplication, IdHashMessageDigest, Main, ServerModule; function UniLoginFrm: TUniLoginFrm; begin Result := TUniLoginFrm(UniMainModule.GetFormInstance(TUniLoginFrm)); end; function MD5(const str: string): String; var AMD5: TIdHashMessageDigest5; begin try AMD5 := TIdHashMessageDigest5.Create; Result := AMD5.HashStringAsHex(str); finally AMD5.Free; end; end; procedure TUniLoginFrm.LoginButAjaxEvent(Sender: TComponent; EventName: string; Params: TUniStrings); var s: String; begin if EventName = 'click' then begin If (POS('_fp_', Params.Text) > 0) then Params.Clear; end; end; procedure TUniLoginFrm.LoginButClick(Sender: TObject); var org_names: string; begin org_names := ''; UniMainModule.login_name := ''; UniMainModule.fdmemTable1.Active := false; UniQuery1.Active := false; UniQuery1.SQL.Text := 'select * from ss_users where (customer_id=' + chr(39) + UniEdit1.Text + chr(39) + ') and (user_account =' + chr(39) + admin_id.Text + chr(39) + ') and (user_pass=' + chr(39) + MD5(admin_pass.Text) + chr(39) + ')'; UniQuery1.Open; if UniQuery1.RecordCount <> 0 then begin if LowerCase(UniEdit3.Text) = Authenticode.ToLower then // 校验码 begin UniTimer1.Enabled := false; UniMainModule.customer_id := UniEdit1.Text; UniMainModule.org_name := org_names; UniMainModule.login_name := admin_id.Text; ModalResult := mrok; MainForm.UniStatusBar1.Panels[0].Text := org_names; end else begin UniTimer1.Enabled := true; UniPanel3.Caption := '校验码码不正确！请重新输入。'; UniImage1Click(self); UniEdit1.SetFocus; end; end else begin showmessageN('登录信息有误，请重新输入！'); UniImage1Click(self); UniEdit1.SetFocus; end; end; procedure TUniLoginFrm.UniButton2Click(Sender: TObject); begin ModalResult := mrCancel; end; procedure TUniLoginFrm.UniEdit3KeyPress(Sender: TObject; var Key: Char); begin if Key = #13 then LoginButClick(self); end; procedure TUniLoginFrm.UniImage1Click(Sender: TObject); var img1: TImage; begin img1 := TImage.Create(self); try img1.Height := UniImage1.Height; img1.Width := UniImage1.Width; Authenticode := GenerateAuthenticode(img1, 4); UniImage1.Picture.Bitmap.Assign(img1.Picture.Bitmap); finally FreeAndNil(img1); end; end; procedure TUniLoginFrm.UniLoginFormActivate(Sender: TObject); begin UniTimer1.Enabled := true; end; procedure TUniLoginFrm.UniLoginFormCreate(Sender: TObject); var ns, dwid: string; begin admin_pass.Text := cl_decrypt(UniApplication.Cookies.Values['pw']); ns := cl_decrypt(UniApplication.Cookies.Values['UName']); dwid := UniApplication.Cookies.Values['DWID']; if ns <> '' then admin_id.Text := ns; if dwid <> '' then UniEdit1.Text := dwid; UniImage1Click(self); end; procedure TUniLoginFrm.UniLoginFormReady(Sender: TObject); begin if UniServerModule.ProtectDataList.IndexOfName(admin_id.Name) <= 0 then UniServerModule.ProtectDataList.Add(admin_id.Name + '=' + admin_id.JSName) // add JSName of Element for UserName else UniServerModule.ProtectDataList.Values[admin_id.Name] := admin_id.JSName; if UniServerModule.ProtectDataList.IndexOfName(admin_pass.Name) <= 0 then UniServerModule.ProtectDataList.Add(admin_pass.Name + '=' + admin_pass.JSName) // add JSName of Element for UserPass else UniServerModule.ProtectDataList.Values[admin_pass.Name] := admin_pass.JSName; end; procedure TUniLoginFrm.UniTimer1Timer(Sender: TObject); begin UniImage1Click(self); end; initialization RegisterAppFormClass(TUniLoginFrm); end.

procedure TUniLoginFrm.LoginButAjaxEvent(Sender: TComponent; EventName: string; Params: TUniStrings); var s: String; begin if EventName = 'click' then begin If (POS('_fp_', Params.Text) > 0) then Params.Clear; end; end;

I mean plaintext when the password is incorrect, and it doesn't work in Ajax event replacement.

There is a strange phenomenon: only when the login information is incorrect, the plaintext problem appears.

The method you provided has been used, but plaintext still appears in Ajax event.

When debugging today, I found that the message with clear text appeared in Ajax event: 'Ajax = 1' # $d # $a'isevent = 1 '# $d # $a'obj = O13' # $d # $a'evt = click '# $d # $a'this = O13' # $d # $a'_ S_ ID=N43zzWfc1U10823EF63'#$D#$A'_ fp_=% 26O27%3D%25020%2502%2502Sz! sctc%254020201'#$D#$A'_ seq_= 4'#$D#$A'_ uo_= O0'#$D#$ADuring debugging, it is found that 'Ajax = 1' # $d # $a'isevent = 1 '# $d # $a'obj = O13' # $d # $a'evt = click '# $d # $a'this = O13' # $d # $a '_ S_ ID=N43zzWfc1U10823EF63'#$D#$A'_ fp_=% 26O27%3D%25020%2502%2502Sz! sctc%254020201'#$D#$A'_ seq_= 4'#$D#$A'_ uo_= O0'#$D#$A procedure TUniLoginFrm.LoginButAjaxEvent(Sender: TComponent; EventName: string; Params: TUniStrings); begin if EventName = 'click' then begin If (POS('_fp_', Params.Text) > 0) then showmessageN(Params.Text); end; end;

Just let the third party test, the results will also appear plaintext problems.

thank