huayan889
-
Posts
99 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by huayan889
-
-
20 minutes ago, Tokay said:
It's strange... Maybe a bug?
possible
-
43 minutes ago, Tokay said:
You can switch the SSL/TLS selectors:
After setting, no effect。
-
On 5/1/2021 at 4:12 PM, irigsoft said:
this is with javascript md5 hash :
hi,irigsoft,This solution is not invalid in the mobile version, the button does not have a click. Replacing click with tap does not work
-
Sslvtlsv1.2 has been set in uniservermodule. How to disable TLS 1.0 and 1.1?
-
5 hours ago, irigsoft said:
this is with javascript md5 hash :
Thank . It has been tested and solved.
-
27 minutes ago, irigsoft said:
I see the problem.
thank . If we can solve this problem, we can use unigui to develop applications
-
I don't know if unigui has a similar solution.
-
-
-
Just using IntraWeb, we found that using iwbutton 1Click will also appear plaintext, but this problem is solved when iwbutton 1asyncclick is used.
Just using IntraWeb, we found that using iwbutton 1Click will also appear plaintext, but this problem is solved when iwbutton 1asyncclick is used.
-
The same problem still exists with the new demo test just now
-
28 minutes ago, irigsoft said:
Hello and happy holidays.
I found solution for this problem, can You test with third party software ?
Project1.zip 1.65 MB · 1 download
Solution is based on this topic:
and there are the results:
1. uniButton1.OnClick event get on client side values from uniEditUser and uniEditPass and store them to local variables FuKey and FpKey.
2. Replace uniEditUser and UniEditPass text values with '123' and
3. Show values of localvariables
there is a result in Google console:
-
4 minutes ago, irigsoft said:
OK, and do You use : procedure TUniServerModule.UniGUIServerModuleHTTPCommand ?
yes
-
-
Login form code;
unit Login;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Soap.EncdDecd,
Controls, Forms, uniGUITypes, uniGUIAbstractClasses,
AuthenticodeGenerate, uniImage, Vcl.ExtCtrls, cl_crypt32,
uniGUIClasses, uniGUIRegClasses, uniGUIForm, uniButton, uniEdit,
uniGUIBaseClasses, uniGroupBox, Data.DB, MemDS, DBAccess, Uni,
uniPanel, uniStatusBar, uniTimer, uniLabel,uniGUIJSUtils, HTTPApp;type
TUniLoginFrm = class(TUniLoginForm)
admin_pass: TUniEdit;
LoginBut: TUniButton;
admin_id: TUniEdit;
UniEdit1: TUniEdit;
UniQuery1: TUniQuery;
UniPanel1: TUniPanel;
UniImage1: TUniImage;
UniEdit3: TUniEdit;
UniButton2: TUniButton;
UniTimer1: TUniTimer;
UniPanel2: TUniPanel;
UniPanel3: TUniPanel;
UniPanel4: TUniPanel;
UniPanel5: TUniPanel;
procedure UniButton2Click(Sender: TObject);
procedure UniImage1Click(Sender: TObject);
procedure LoginButClick(Sender: TObject);
procedure UniLoginFormCreate(Sender: TObject);
procedure UniTimer1Timer(Sender: TObject);
procedure UniLoginFormActivate(Sender: TObject);
procedure UniEdit3KeyPress(Sender: TObject; var Key: Char);
procedure UniLoginFormReady(Sender: TObject);
procedure LoginButAjaxEvent(Sender: TComponent; EventName: string; Params: TUniStrings);
private
{ Private declarations }
Authenticode: string;
public
{ Public declarations }
ps: string;
end;function UniLoginFrm: TUniLoginFrm;
implementation
{$R *.dfm}
uses
uniGUIVars, MainModule, uniGUIApplication, IdHashMessageDigest, Main, ServerModule;function UniLoginFrm: TUniLoginFrm;
begin
Result := TUniLoginFrm(UniMainModule.GetFormInstance(TUniLoginFrm));
end;function MD5(const str: string): String;
var
AMD5: TIdHashMessageDigest5;
begin
try
AMD5 := TIdHashMessageDigest5.Create;
Result := AMD5.HashStringAsHex(str);
finally
AMD5.Free;
end;
end;procedure TUniLoginFrm.LoginButAjaxEvent(Sender: TComponent; EventName: string;
Params: TUniStrings);
var
s: String;
begin
if EventName = 'click' then
begin
If (POS('_fp_', Params.Text) > 0) then
Params.Clear;
end;
end;procedure TUniLoginFrm.LoginButClick(Sender: TObject);
var
org_names: string;
begin
org_names := '';
UniMainModule.login_name := '';
UniMainModule.fdmemTable1.Active := false;
UniQuery1.Active := false;
UniQuery1.SQL.Text := 'select * from ss_users where (customer_id=' + chr(39) + UniEdit1.Text +
chr(39) + ') and (user_account =' + chr(39) + admin_id.Text + chr(39) +
') and (user_pass=' + chr(39) + MD5(admin_pass.Text) + chr(39) + ')';
UniQuery1.Open;
if UniQuery1.RecordCount <> 0 then
begin
if LowerCase(UniEdit3.Text) = Authenticode.ToLower then // 校验码
begin
UniTimer1.Enabled := false;
UniMainModule.customer_id := UniEdit1.Text;
UniMainModule.org_name := org_names;
UniMainModule.login_name := admin_id.Text;
ModalResult := mrok;
MainForm.UniStatusBar1.Panels[0].Text := org_names;
end
else
begin
UniTimer1.Enabled := true;
UniPanel3.Caption := '校验码码不正确!请重新输入。';
UniImage1Click(self);
UniEdit1.SetFocus;
end;
end
else
begin
showmessageN('登录信息有误,请重新输入!');
UniImage1Click(self);
UniEdit1.SetFocus;
end;
end;procedure TUniLoginFrm.UniButton2Click(Sender: TObject);
begin
ModalResult := mrCancel;
end;procedure TUniLoginFrm.UniEdit3KeyPress(Sender: TObject; var Key: Char);
begin
if Key = #13 then
LoginButClick(self);
end;procedure TUniLoginFrm.UniImage1Click(Sender: TObject);
var
img1: TImage;
begin
img1 := TImage.Create(self);
try
img1.Height := UniImage1.Height;
img1.Width := UniImage1.Width;
Authenticode := GenerateAuthenticode(img1, 4);
UniImage1.Picture.Bitmap.Assign(img1.Picture.Bitmap);
finally
FreeAndNil(img1);
end;
end;procedure TUniLoginFrm.UniLoginFormActivate(Sender: TObject);
begin
UniTimer1.Enabled := true;
end;procedure TUniLoginFrm.UniLoginFormCreate(Sender: TObject);
var
ns, dwid: string;
begin
admin_pass.Text := cl_decrypt(UniApplication.Cookies.Values['pw']);
ns := cl_decrypt(UniApplication.Cookies.Values['UName']);
dwid := UniApplication.Cookies.Values['DWID'];
if ns <> '' then
admin_id.Text := ns;
if dwid <> '' then
UniEdit1.Text := dwid;
UniImage1Click(self);
end;procedure TUniLoginFrm.UniLoginFormReady(Sender: TObject);
beginif UniServerModule.ProtectDataList.IndexOfName(admin_id.Name) <= 0 then
UniServerModule.ProtectDataList.Add(admin_id.Name + '=' + admin_id.JSName)
// add JSName of Element for UserName
else
UniServerModule.ProtectDataList.Values[admin_id.Name] := admin_id.JSName;if UniServerModule.ProtectDataList.IndexOfName(admin_pass.Name) <= 0 then
UniServerModule.ProtectDataList.Add(admin_pass.Name + '=' + admin_pass.JSName)
// add JSName of Element for UserPass
else
UniServerModule.ProtectDataList.Values[admin_pass.Name] := admin_pass.JSName;end;
procedure TUniLoginFrm.UniTimer1Timer(Sender: TObject);
begin
UniImage1Click(self);
end;initialization
RegisterAppFormClass(TUniLoginFrm);
end.
-
procedure TUniLoginFrm.LoginButAjaxEvent(Sender: TComponent; EventName: string;
Params: TUniStrings);
var
s: String;
begin
if EventName = 'click' then
begin
If (POS('_fp_', Params.Text) > 0) then
Params.Clear;
end;
end;
-
1 minute ago, irigsoft said:
Did you try to replace the "_fp_" parameters in an Ajax event?
I mean plaintext when the password is incorrect, and it doesn't work in Ajax event replacement.
-
-
On 4/27/2021 at 1:23 PM, irigsoft said:
Do you know if it will work if we apply Digest authentication?
There is a strange phenomenon: only when the login information is incorrect, the plaintext problem appears.
-
On 4/27/2021 at 1:23 PM, irigsoft said:
Do you know if it will work if we apply Digest authentication?
The method you provided has been used, but plaintext still appears in Ajax event.
-
When debugging today, I found that the message with clear text appeared in Ajax event:
'Ajax = 1' # $d # $a'isevent = 1 '# $d # $a'obj = O13' # $d # $a'evt = click '# $d # $a'this = O13' # $d # $a'_ S_ ID=N43zzWfc1U10823EF63'#$D#$A'_ fp_=% 26O27%3D%25020%2502%2502Sz! sctc%254020201'#$D#$A'_ seq_= 4'#$D#$A'_ uo_= O0'#$D#$ADuring debugging, it is found that 'Ajax = 1' # $d # $a'isevent = 1 '# $d # $a'obj = O13' # $d # $a'evt = click '# $d # $a'this = O13' # $d # $a '_ S_ ID=N43zzWfc1U10823EF63'#$D#$A'_ fp_=% 26O27%3D%25020%2502%2502Sz! sctc%254020201'#$D#$A'_ seq_= 4'#$D#$A'_ uo_= O0'#$D#$Aprocedure TUniLoginFrm.LoginButAjaxEvent(Sender: TComponent; EventName: string;
Params: TUniStrings);
begin
if EventName = 'click' then
begin
If (POS('_fp_', Params.Text) > 0) then
showmessageN(Params.Text);
end;
end; -
Just let the third party test, the results will also appear plaintext problems.
-
4 minutes ago, irigsoft said:
I will try.
thank
-
Can you write me a simple demo? thank
Unigui Mobile ClientEvents.ExtEvents.Values['tap'] have bugs?
in General
Posted
Debugging found unisession. Addjs ('alert ((document. Getelementsbyname ("'+ user_ Password. Jsname + ') [0]. Value))) <> fpkey
the code used is as follows:
procedure TUnimLoginForm1.UniButton1Click(Sender: TObject);
var
FpKey: string;
begin
UniSession.AddJS( 'alert((document.getElementsByName("' + user_password.JSName +'")[0].value))');
FpKey:=user_password.text;
//Debugging found unisession. Addjs ('alert ((document. Getelementsbyname ("'+ user_ Password. Jsname + ') [0]. Value))) Displayed value and FpKey:=user_password.text Obtained values are not the same
end;
procedure TUnimLoginForm1.UnimLoginFormCreate(Sender: TObject);
var
ns, dwid: string;
begin
UniButton1.ClientEvents.ExtEvents.Values['tap'] :=
'function tap(sender, e, eOpts)' +
'{'+
' document.getElementsByName("' + user_password.JSName+'")[0].value = MD5(document.getElementsByName("' +
user_password.JSName +'")[0].value);'+
'}';
end;