Re: Tutorial for Livecode Server log in system
As an aside, I do store passwords, but I encrypt them first using a method only I know about. However I am not using a web portal, so there’s that. Bob S On Mar 27, 2024, at 3:44 PM, Tim Selander via use-livecode wrote: Dear Alex and Pere Thank you both for your code and and the time you took to help! I'm am working through the code you sent, studying out how it works. Great learning experience. Also, Alex, your point of not using password log ins is a philosophical re-frame in my thinking! Thank you! Tim ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: Tutorial for Livecode Server log in system
Dear Alex and Pere Thank you both for your code and and the time you took to help! I'm am working through the code you sent, studying out how it works. Great learning experience. Also, Alex, your point of not using password log ins is a philosophical re-frame in my thinking! Thank you! Tim On 2024/03/27 2:36, Alex Tweedly via use-livecode wrote: Hi Tim, I guess my first response would be - don't. Specifically, don't store or use passwords. Users have a bad habit of re-using the same passwords, so even if your site has no personal or valuable info about your users, the fact that passwords get re-used means you are storing valuable info, and so you're taking on a moral responsibility to keep it very safe. If you do have passwords, then you need to have a recovery mechanism for when users forget their pssword. 99% of the time, that involves emailing them a recovery link, or temp password, or ... So in effect the password has the same (or less) security than their email account - so you might as well just use the email account. Nowadays I always use this style of password-free accounts. I would have sent a copy of the known, tested, etc. code - but it's all embedded in lots of my libraries, etc. and was tricky to unravel. So I've sent a very bare-bones version; tested but not all corner cases (e.g. I didn't wait a week to ensure time-outs happened properly :-). Overview: The user asks for a code to login with, that gets emailed to them, and then they type that code in to the next screen. Once that's successfully done, you set up a cookie in their browser, valid for some reasonable length of time such as 7 days, and you're done. Any script that wants to can take the getCurrentUser() code to check that they are logged in properly. Internally, it's done by creating a temporary code (6 digits, which is recorded along with their email and expires within 15 minutes), and once they have verified that code, you give them a new code which is a UUID (so essentially un-guessable) which lasts for the 7 days. Other than that, I hope it's reasonably straightforward . Alex. simplelogin.lc tExpires then return empty else return item 2 of line -1 of tCodes end if end getCurrentUser function shellEscape pText -- keep this at the end because it messes up Coda colouring repeat for each char tChar in "\`!$" & quote replace tChar with "\" & tChar in pText end repeat return pText end shellEscape function wrapQ pText return quote & pText & quote end wrapQ on askforemail put "" put " My email is " put " " put " Submit my email " put "" end askforemail on askforcode put "" put " My code is " put " " put " Submit my code " put "" end askforcode on askforlogout put "" put " " put " Log me out now" put "" end askforlogout -- real code start here put getCurrentUser() into tUser if $_POST["logout"] AND tUser is not empty then put $_COOKIE["myusercookie"] into tCode put tCode & comma & tUser & comma & (the seconds-1) after \ URL ("file:codes.txt") put "Successfully logged out." exit to top end if if tUser is not empty then -- ask them if they want to log out put "Already logged in as " & tUser askforlogout exit to top end if put $_POST["code"] into tCode if tCode is not empty then -- we need to compare this code with what is pending put URL ("file:codes.txt") into tPending put ( tCode & comma & "*") into tFilter filter tPending with tFilter put line -1 of tPending into tPending if the seconds <= item 3 of tPending then -- found a match pending put item 2 of tPending into tEmail put uuid("random") into tCode put tCode & comma & tEmail & comma & (the seconds+60*60*24*7) after \ URL ("file:codes.txt") put cookie "myusercookie" with tCode until (the seconds + 60 * 60 * 24 * 7) put "Successfully logged in" exit to top end if -- no match for the code put "Code not matched. Please try again or give different email address." askforcode else put $_POST["email"] into tEmail end if if tEmail is not empty then -- have email address - generate a code and ask user for it put random(99) into tSix put format("%06d", tSix) into tSix -- put this following line in for quick and easy testing !! -- be sure to take it out later !!! put "should email" && tSix && "to you." -- build the message header, adding the from, to and subject details -- we also put any cc addresses in here, but not bcc (bcc addresses hidden) put "i...@kilmelford.com" into pFrom -- CHANGE KILMELFORD.COM put tEmail into pTo put "From:" && pFrom & return & \ "To:" && tEmail & return & \ "Subject: Login code for kilmelford.com" & \ return into tMsg put "Content-Type: text/plain;" & return & return after tMsg put "Your
Re: Tutorial for Livecode Server log in system
Hi Tim, I guess my first response would be - don't. Specifically, don't store or use passwords. Users have a bad habit of re-using the same passwords, so even if your site has no personal or valuable info about your users, the fact that passwords get re-used means you are storing valuable info, and so you're taking on a moral responsibility to keep it very safe. If you do have passwords, then you need to have a recovery mechanism for when users forget their pssword. 99% of the time, that involves emailing them a recovery link, or temp password, or ... So in effect the password has the same (or less) security than their email account - so you might as well just use the email account. Nowadays I always use this style of password-free accounts. I would have sent a copy of the known, tested, etc. code - but it's all embedded in lots of my libraries, etc. and was tricky to unravel. So I've sent a very bare-bones version; tested but not all corner cases (e.g. I didn't wait a week to ensure time-outs happened properly :-). Overview: The user asks for a code to login with, that gets emailed to them, and then they type that code in to the next screen. Once that's successfully done, you set up a cookie in their browser, valid for some reasonable length of time such as 7 days, and you're done. Any script that wants to can take the getCurrentUser() code to check that they are logged in properly. Internally, it's done by creating a temporary code (6 digits, which is recorded along with their email and expires within 15 minutes), and once they have verified that code, you give them a new code which is a UUID (so essentially un-guessable) which lasts for the 7 days. Other than that, I hope it's reasonably straightforward . Alex. simplelogin.lc tExpires then return empty else return item 2 of line -1 of tCodes end if end getCurrentUser function shellEscape pText -- keep this at the end because it messes up Coda colouring repeat for each char tChar in "\`!$" & quote replace tChar with "\" & tChar in pText end repeat return pText end shellEscape function wrapQ pText return quote & pText & quote end wrapQ on askforemail put "" put " My email is " put " " put " Submit my email " put "" end askforemail on askforcode put "" put " My code is " put " " put " Submit my code " put "" end askforcode on askforlogout put "" put " " put " Log me out now" put "" end askforlogout -- real code start here put getCurrentUser() into tUser if $_POST["logout"] AND tUser is not empty then put $_COOKIE["myusercookie"] into tCode put tCode & comma & tUser & comma & (the seconds-1) after \ URL ("file:codes.txt") put "Successfully logged out." exit to top end if if tUser is not empty then -- ask them if they want to log out put "Already logged in as " & tUser askforlogout exit to top end if put $_POST["code"] into tCode if tCode is not empty then -- we need to compare this code with what is pending put URL ("file:codes.txt") into tPending put ( tCode & comma & "*") into tFilter filter tPending with tFilter put line -1 of tPending into tPending if the seconds <= item 3 of tPending then -- found a match pending put item 2 of tPending into tEmail put uuid("random") into tCode put tCode & comma & tEmail & comma & (the seconds+60*60*24*7) after \ URL ("file:codes.txt") put cookie "myusercookie" with tCode until (the seconds + 60 * 60 * 24 * 7) put "Successfully logged in" exit to top end if -- no match for the code put "Code not matched. Please try again or give different email address." askforcode else put $_POST["email"] into tEmail end if if tEmail is not empty then -- have email address - generate a code and ask user for it put random(99) into tSix put format("%06d", tSix) into tSix -- put this following line in for quick and easy testing !! -- be sure to take it out later !!! put "should email" && tSix && "to you." -- build the message header, adding the from, to and subject details -- we also put any cc addresses in here, but not bcc (bcc addresses hidden) put "i...@kilmelford.com" into pFrom -- CHANGE KILMELFORD.COM put tEmail into pTo put "From:" && pFrom & return & \ "To:" && tEmail & return & \ "Subject: Login code for kilmelford.com" & \ return into tMsg put "Content-Type: text/plain;" & return & return after tMsg put "Your code is" && tSix && "and it will expire in 15 minutes" after tMsg -- send the mail by piping the message we have just built to the sendmail command get shell("echo" && wrapQ(shellEscape(tMsg)) && "| /usr/sbin/sendmail" && \ wrapQ(shellEscape(pTo)) && "-f" && wrapQ(shellEscape(pFrom))) put the seconds into tEndTime add 15 * 60 to tEndTime put tSix & comma & tEmail & comma & tEndTime after \ URL
Re: Tutorial for Livecode Server log in system
cont ( make mistakes pushing tab on keyboard) full scrip " put "window.location='index.html?_e=Error_sin_login';" put "" end if retrive pass from database put revOpenDatabase ("mysql", "localhost:3363","reparacion","gsmmax","11*Endimion_grd") into gDbId put "select pass,id,token from tecnicos where login='" & gUsr & "';" into tSQL put tSQL & "" put revDataFromQuery(tab, return, gDbID, tSQL) into tRes set itemdelimiter to tab put item 1 of tRes into tPass put item 2 of tRes into tCod put item 3 of tRes into tToken if tPass <> gPass then -- error - put "" put "window.location='index.html?_e=Error Password';" put "" else Pass oK continue put "" put "window.location='vrep.lc?token=" & tToken &"';" put "" end if revCloseDatabase gDbId ?> if someone want to try it: https://mpibox.com/rep/ login: user: test pass: admin if you need some help let me know. P.D. sorry for spelling mistakes. and other copy/paste El mar, 26 mar 2024 a las 12:45, pere xavier Rossello () escribió: > Hi. > > To make online log in is quit easy in livecode. > first you need a webpage with a form asking username, email and password ) > and submit to a livecode script > enctype="text/plain"> >placeholder="Usuario" required> >required> > Log in > > --- method can be to types get or post - normally I use Get > this will send username and pass to tloging.lc script > > and the livecode code script > - > put $_SERVER["REQUEST_METHOD"] into gMetodo > if gMetodo = "POST" then > put $_POST["login"] into gUsr > put $_POST["pass"] into gPass > put $_POST["tipo"] into gTipo > > else > put $_GET["login"] into gUsr > put $_GET["pass"] into gPass > put $_GET["tipo"] into gTipo > end if > if gPass = "print" and gUsr = "print" then > put "" > put "window.location='impr_pend.lc?t=impresion';" > put "" > end if > if len(gUsr)<2 or len(gPass)<2 then > > put "" > put "window.location='index.html?_e=Error_sin_login';" > put "" > end if > put revOpenDatabase ("mysql", > "localhost:3363","reparacion","gsmmax","11*Endimion_grd") into gDbId > > --put revdb_execute(gDbId, tSQL, "") into tResultado > put "select pass,id,token from tecnicos where login='" & gUsr & "';" into > tSQL > put tSQL & "" > put revDataFromQuery(tab, return, gDbID, tSQL) into tRes > > set itemdelimiter to tab > put item 1 of tRes into tPass > put item 2 of tRes into tCod > put item 3 of tRes into tToken > > > > > > > > El mar, 26 mar 2024 a las 6:15, Tim Selander via use-livecode (< > use-livecode@lists.runrev.com>) escribió: > >> Hi all. >> >> As a hobbiest/amateur I continue to plunk away with Livecode, mostly the >> server product in my on-rev account. >> >> Can anyone point me to a tutorial or sample of an online log in system >> (username, email and password) for a website using Livecode? >> >> I've found some php tutorials, and /think/ I could glean enough hints to >> roll my own in LC server, but would greatly prefer to start with LC >> itself! >> >> Any help appreciated! >> >> Tim Selander >> Japan >> >> ___ >> use-livecode mailing list >> use-livecode@lists.runrev.com >> Please visit this url to subscribe, unsubscribe and manage your >> subscription preferences: >> http://lists.runrev.com/mailman/listinfo/use-livecode >> > ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: Tutorial for Livecode Server log in system
Hi. To make online log in is quit easy in livecode. first you need a webpage with a form asking username, email and password ) and submit to a livecode script Log in --- method can be to types get or post - normally I use Get this will send username and pass to tloging.lc script and the livecode code script - " put "window.location='impr_pend.lc?t=impresion';" put "" end if if len(gUsr)<2 or len(gPass)<2 then put "" put "window.location='index.html?_e=Error_sin_login';" put "" end if put revOpenDatabase ("mysql", "localhost:3363","reparacion","gsmmax","11*Endimion_grd") into gDbId --put revdb_execute(gDbId, tSQL, "") into tResultado put "select pass,id,token from tecnicos where login='" & gUsr & "';" into tSQL put tSQL & "" put revDataFromQuery(tab, return, gDbID, tSQL) into tRes set itemdelimiter to tab put item 1 of tRes into tPass put item 2 of tRes into tCod put item 3 of tRes into tToken El mar, 26 mar 2024 a las 6:15, Tim Selander via use-livecode (< use-livecode@lists.runrev.com>) escribió: > Hi all. > > As a hobbiest/amateur I continue to plunk away with Livecode, mostly the > server product in my on-rev account. > > Can anyone point me to a tutorial or sample of an online log in system > (username, email and password) for a website using Livecode? > > I've found some php tutorials, and /think/ I could glean enough hints to > roll my own in LC server, but would greatly prefer to start with LC itself! > > Any help appreciated! > > Tim Selander > Japan > > ___ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Tutorial for Livecode Server log in system
Hi all. As a hobbiest/amateur I continue to plunk away with Livecode, mostly the server product in my on-rev account. Can anyone point me to a tutorial or sample of an online log in system (username, email and password) for a website using Livecode? I've found some php tutorials, and /think/ I could glean enough hints to roll my own in LC server, but would greatly prefer to start with LC itself! Any help appreciated! Tim Selander Japan ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode