Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 50

Thread: OSDash server authentication is here!

  1. #21
    Antenna Engineer
    Auto Apps:loading...
    optikalefx's Avatar
    Join Date
    Apr 2009
    Location
    Baltimore, Maryland, United States
    Posts
    837
    Blog Entries
    86
    Can I just give you a new cURL that given a username and password returns false or the userid ?

  2. #22
    Raw Wave
    Auto Apps:loading...
    justchat_1's Avatar
    Join Date
    Jul 2008
    Location
    Boston, Ma or NY,NY
    Posts
    1,783
    Quote Originally Posted by Nextabyte_Matt View Post
    Ok guys, lets get the ball rolling on this. Ive had alot of time thinking about services and this is what ive come up with.

    There will be a service handling all auths for several different methods. We will call this the auth service. The service will handle the following auth types:
    1. Converting username and password into a key (aka session key)
    2. Converting session key into MP3Car user id (from mp3car DB)
    3. Returning a modified user id from MP3Car id (aka user key)

    Here is how the service should work
    1. User on MP3Car wants to use online services and signs up for it. The website then generates a session key
    2. User takes this session key and puts it into the client or front end software that is MP3Car services aware
    3. Client then connect to the services and auth to the auth service using this session key
    4. Auth service returns a modded user id (user key)
    5. Service uses this user key to store user specific information

    This way, no service or client or anything else other than the auth service stores non-modded user specific information. We do not need api or application security, what we needed/wanted was user security and I think this method does it easily and simply.

    I have this ready to go, but I either need direct access to your forum user DB, or provide a local only service that sends me a straight user ID when I send forum username and password.
    Yup thats what was laid out in the original plan. And the second auth type is an internal only one, the client should never see the raw username.

  3. #23
    fka - Nextabyte_Matt ioi8's Avatar
    Join Date
    Apr 2006
    Location
    Cleveland
    Posts
    125
    Quote Originally Posted by optikalefx View Post
    Can I just give you a new cURL that given a username and password returns false or the userid ?
    Yes, that is what im asking for. For right now lets make this public so I can test, but eventually we want to make this private that only my auth service should have access to. Then the auth service will be available to the public.

  4. #24
    fka - Nextabyte_Matt ioi8's Avatar
    Join Date
    Apr 2006
    Location
    Cleveland
    Posts
    125
    Quote Originally Posted by optikalefx View Post
    Can I just give you a new cURL that given a username and password returns false or the userid ?
    Any update to this?

  5. #25
    Antenna Engineer
    Auto Apps:loading...
    optikalefx's Avatar
    Join Date
    Apr 2009
    Location
    Baltimore, Maryland, United States
    Posts
    837
    Blog Entries
    86
    sorry, i was waiting on a response it never gave me an email. Yea I'll do this in just a second... will post again

  6. #26
    Antenna Engineer
    Auto Apps:loading...
    optikalefx's Avatar
    Join Date
    Apr 2009
    Location
    Baltimore, Maryland, United States
    Posts
    837
    Blog Entries
    86
    Code:
    <?php
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL,"http://www.mp3car.com/vbulletin/authid.php" );
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_POST, 1);
    $nvp .= "&vb_login_md5password=".md5("{password}");
    $nvp .= "&vb_login_username={username}";
    curl_setopt($ch, CURLOPT_POSTFIELDS, $nvp);
    echo curl_exec($ch);
    ?>
    will return the userid or 0

  7. #27
    fka - Nextabyte_Matt ioi8's Avatar
    Join Date
    Apr 2006
    Location
    Cleveland
    Posts
    125
    Quote Originally Posted by optikalefx View Post
    -- reading more --

    I could let you pass all the parameters in the URL to the file, but i really don't think that's a secure method. that's why im using cURL and not GET.
    What is the correct URI if we did this method? I am not able to parse this correctly in C# to successfully connect from the auth app using your methods.

  8. #28
    Antenna Engineer
    Auto Apps:loading...
    optikalefx's Avatar
    Join Date
    Apr 2009
    Location
    Baltimore, Maryland, United States
    Posts
    837
    Blog Entries
    86
    If we did it the get method. It would be auth.php?u=user&p=pass
    but that's not secure or setup at the moment

    do you have the curl
    libraries in c#?

  9. #29
    Raw Wave
    Auto Apps:loading...
    justchat_1's Avatar
    Join Date
    Jul 2008
    Location
    Boston, Ma or NY,NY
    Posts
    1,783
    The current method isn't secure either...the whole thing should be over https.

  10. #30
    Antenna Engineer
    Auto Apps:loading...
    optikalefx's Avatar
    Join Date
    Apr 2009
    Location
    Baltimore, Maryland, United States
    Posts
    837
    Blog Entries
    86
    Quote Originally Posted by justchat_1 View Post
    The current method isn't secure either...the whole thing should be over https.
    Well yea, we are working on getting an SSL cert. But even if its SSL sending it via GET is then a waste of money.

Page 3 of 5 FirstFirst 12345 LastLast

Similar Threads

  1. GPSTracker on home server
    By lambosprit in forum GPS
    Replies: 319
    Last Post: 07-12-2012, 06:35 PM
  2. Lilliput screen on Ubuntu
    By yam125 in forum Linux
    Replies: 13
    Last Post: 06-13-2011, 11:19 AM
  3. OSDash Web Interface Definition
    By Bugbyte in forum OSDash - Web Interface
    Replies: 19
    Last Post: 12-31-2009, 02:32 PM
  4. OSDash - Client definition
    By Bugbyte in forum OSDash - Client
    Replies: 9
    Last Post: 12-23-2009, 12:34 AM
  5. Windows Server
    By Quattro in forum Off Topic
    Replies: 11
    Last Post: 04-18-2006, 12:22 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •