LoginForm:
procedure TUniLoginFrm.UniLoginFormReady(Sender: TObject);
begin
// Add Components for encryption in Application Layer
if UniServerModule.ProtectDataList.IndexOfName(UniEditUser.Name) <= 0 then
UniServerModule.ProtectDataList.Add(UniEditUser.Name + '=' + UniEditUser.JSName)
// add JSName of Element for UserName
else
UniServerModule.ProtectDataList.Values[UniEditUser.Name] := UniEditUser.JSName;
if UniServerModule.ProtectDataList.IndexOfName(UniEditPass.Name) <= 0 then
UniServerModule.ProtectDataList.Add(UniEditPass.Name + '=' + UniEditPass.JSName)
// add JSName of Element for UserPass
else
UniServerModule.ProtectDataList.Values[UniEditPass.Name] := UniEditPass.JSName;
end;
UniMainModule:
procedure TUniMainModule.UniGUIMainModuleHandleRequest(ASession: TObject; var Handled: Boolean);
var
sUser, sPass, fpName, fpValue, fpCompName, s: String;
I, J: integer;
sAjaxValues, sRefererValues: TStringList;
REQ: TIdHTTPRequestInfo; // uIdCustomHTTPServer
begin
Try
// replace ARequestInfo with TUniGUISession(ASession).ARequest
// If (sSessionID <> '')
If (POS('_fp_', TUniGUISession(ASession).ARequest.UnparsedParams) > 0) AND
(UniServerModule.ProtectDataList.Count > 0) then
begin
sAjaxValues := TStringList.Create;
sAjaxValues.Delimiter := '&';
sAjaxValues.StrictDelimiter := true;
sAjaxValues.DelimitedText := uniGUIJSUtils.URIDecode(TUniGUISession(ASession)
.ARequest.UnparsedParams);
TRY
if (sAjaxValues.IndexOfName('_fp_') > 0) then
begin
for J := 0 to UniServerModule.ProtectDataList.Count - 1 do
begin
fpCompName := UniServerModule.ProtectDataList.ValueFromIndex[J];
fpName := sAjaxValues.Values[fpCompName];
fpValue := '';
if fpName <> '' then
begin
for I := Length(fpName) downto 1 do
begin
case fpName[I] of
'%':
begin
delete(fpValue, 1, 2);
break;
end
else
fpValue := fpName[I] + fpValue;
end;
end; // for I
sAjaxValues.Values[fpCompName] := StringReplace(sAjaxValues.Values[fpCompName],
fpValue, '123', []);
TUniGUISession(ASession).ARequest.Params.Values['_fp_'] :=
'&' + sAjaxValues[sAjaxValues.IndexOfName(fpCompName)];
sAjaxValues.Values['_fp_'] :=
HTTPEncode('&' + sAjaxValues[sAjaxValues.IndexOfName(fpCompName)]);
sAjaxValues.delete(sAjaxValues.IndexOfName(fpCompName));
TUniGUISession(ASession).ARequest.UnparsedParams := sAjaxValues.DelimitedText;
TUniGUISession(ASession).ARequest.FormParams := sAjaxValues.DelimitedText;
end; // If
end; // for J
end; // If
sAjaxValues.Clear;
sAjaxValues.Free;
EXCEPT
END;
end;
Finally
End;
end;
UniServerModule:
public
{ Public declarations }
ProtectDataList: TStringList;
end;
procedure TUniServerModule.UniGUIServerModuleBeforeInit(Sender: TObject);
begin
ProtectDataList := TStringList.Create;
end;
procedure TUniServerModule.UniGUIServerModuleBeforeShutdown(Sender: TObject);
begin
ProtectDataList.Clear;
ProtectDataList.Free;
end;