Re: Tutorial for Livecode Server log in system
As an aside, I do store passwords, but I encrypt them first using a method only I know about. However I am not using a web portal, so there’s that. Bob S On Mar 27, 2024, at 3:44 PM, Tim Selander via use-livecode wrote: Dear Alex and Pere Thank you both for your code and and the time you took to help! I'm am working through the code you sent, studying out how it works. Great learning experience. Also, Alex, your point of not using password log ins is a philosophical re-frame in my thinking! Thank you! Tim ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: Tutorial for Livecode Server log in system
Dear Alex and Pere
Thank you both for your code and and the time you took to help!
I'm am working through the code you sent, studying out how it
works. Great learning experience.
Also, Alex, your point of not using password log ins is a
philosophical re-frame in my thinking! Thank you!
Tim
On 2024/03/27 2:36, Alex Tweedly via use-livecode wrote:
Hi Tim,
I guess my first response would be - don't.
Specifically, don't store or use passwords. Users have a bad
habit of re-using the same passwords, so even if your site has no
personal or valuable info about your users, the fact that
passwords get re-used means you are storing valuable info, and so
you're taking on a moral responsibility to keep it very safe.
If you do have passwords, then you need to have a recovery
mechanism for when users forget their pssword. 99% of the time,
that involves emailing them a recovery link, or temp password, or
... So in effect the password has the same (or less) security
than their email account - so you might as well just use the
email account.
Nowadays I always use this style of password-free accounts. I
would have sent a copy of the known, tested, etc. code - but it's
all embedded in lots of my libraries, etc. and was tricky to
unravel. So I've sent a very bare-bones version; tested but not
all corner cases (e.g. I didn't wait a week to ensure time-outs
happened properly :-).
Overview: The user asks for a code to login with, that gets
emailed to them, and then they type that code in to the next
screen. Once that's successfully done, you set up a cookie in
their browser, valid for some reasonable length of time such as 7
days, and you're done. Any script that wants to can take the
getCurrentUser() code to check that they are logged in properly.
Internally, it's done by creating a temporary code (6 digits,
which is recorded along with their email and expires within 15
minutes), and once they have verified that code, you give them a
new code which is a UUID (so essentially un-guessable) which
lasts for the 7 days.
Other than that, I hope it's reasonably straightforward .
Alex.
simplelogin.lc
tExpires then
return empty
else
return item 2 of line -1 of tCodes
end if
end getCurrentUser
function shellEscape pText
-- keep this at the end because it messes up Coda colouring
repeat for each char tChar in "\`!$" & quote
replace tChar with "\" & tChar in pText
end repeat
return pText
end shellEscape
function wrapQ pText
return quote & pText & quote
end wrapQ
on askforemail
put ""
put " My email is "
put " "
put " Submit my
email "
put ""
end askforemail
on askforcode
put ""
put " My code is "
put " "
put " Submit my code
"
put ""
end askforcode
on askforlogout
put ""
put " "
put " Log me out
now"
put ""
end askforlogout
-- real code start here
put getCurrentUser() into tUser
if $_POST["logout"] AND tUser is not empty then
put $_COOKIE["myusercookie"] into tCode
put tCode & comma & tUser & comma & (the seconds-1) after \
URL ("file:codes.txt")
put "Successfully logged out."
exit to top
end if
if tUser is not empty then -- ask them if they want to log out
put "Already logged in as " & tUser
askforlogout
exit to top
end if
put $_POST["code"] into tCode
if tCode is not empty then
-- we need to compare this code with what is pending
put URL ("file:codes.txt") into tPending
put ( tCode & comma & "*") into tFilter
filter tPending with tFilter
put line -1 of tPending into tPending
if the seconds <= item 3 of tPending then -- found a match
pending
put item 2 of tPending into tEmail
put uuid("random") into tCode
put tCode & comma & tEmail & comma & (the
seconds+60*60*24*7) after \
URL ("file:codes.txt")
put cookie "myusercookie" with tCode until (the seconds +
60 * 60 * 24 * 7)
put "Successfully logged in"
exit to top
end if
-- no match for the code
put "Code not matched. Please try again or give different
email address."
askforcode
else
put $_POST["email"] into tEmail
end if
if tEmail is not empty then
-- have email address - generate a code and ask user for it
put random(99) into tSix
put format("%06d", tSix) into tSix
-- put this following line in for quick and easy testing !!
-- be sure to take it out later !!!
put "should email" && tSix && "to you."
-- build the message header, adding the from, to and subject
details
-- we also put any cc addresses in here, but not bcc (bcc
addresses hidden)
put "i...@kilmelford.com" into pFrom -- CHANGE KILMELFORD.COM
put tEmail into pTo
put "From:" && pFrom & return & \
"To:" && tEmail & return & \
"Subject: Login code for kilmelford.com" & \
return into tMsg
put "Content-Type: text/plain;" & return & return after tMsg
put "Your
Re: Tutorial for Livecode Server log in system
Hi Tim,
I guess my first response would be - don't.
Specifically, don't store or use passwords. Users have a bad habit of
re-using the same passwords, so even if your site has no personal or
valuable info about your users, the fact that passwords get re-used
means you are storing valuable info, and so you're taking on a moral
responsibility to keep it very safe.
If you do have passwords, then you need to have a recovery mechanism for
when users forget their pssword. 99% of the time, that involves emailing
them a recovery link, or temp password, or ... So in effect the password
has the same (or less) security than their email account - so you might
as well just use the email account.
Nowadays I always use this style of password-free accounts. I would have
sent a copy of the known, tested, etc. code - but it's all embedded in
lots of my libraries, etc. and was tricky to unravel. So I've sent a
very bare-bones version; tested but not all corner cases (e.g. I didn't
wait a week to ensure time-outs happened properly :-).
Overview: The user asks for a code to login with, that gets emailed to
them, and then they type that code in to the next screen. Once that's
successfully done, you set up a cookie in their browser, valid for some
reasonable length of time such as 7 days, and you're done. Any script
that wants to can take the getCurrentUser() code to check that they are
logged in properly.
Internally, it's done by creating a temporary code (6 digits, which is
recorded along with their email and expires within 15 minutes), and once
they have verified that code, you give them a new code which is a UUID
(so essentially un-guessable) which lasts for the 7 days.
Other than that, I hope it's reasonably straightforward .
Alex.
simplelogin.lc
tExpires then
return empty
else
return item 2 of line -1 of tCodes
end if
end getCurrentUser
function shellEscape pText
-- keep this at the end because it messes up Coda colouring
repeat for each char tChar in "\`!$" & quote
replace tChar with "\" & tChar in pText
end repeat
return pText
end shellEscape
function wrapQ pText
return quote & pText & quote
end wrapQ
on askforemail
put ""
put " My email is "
put " "
put " Submit my email
"
put ""
end askforemail
on askforcode
put ""
put " My code is "
put " "
put " Submit my code "
put ""
end askforcode
on askforlogout
put ""
put " "
put " Log me out now"
put ""
end askforlogout
-- real code start here
put getCurrentUser() into tUser
if $_POST["logout"] AND tUser is not empty then
put $_COOKIE["myusercookie"] into tCode
put tCode & comma & tUser & comma & (the seconds-1) after \
URL ("file:codes.txt")
put "Successfully logged out."
exit to top
end if
if tUser is not empty then -- ask them if they want to log out
put "Already logged in as " & tUser
askforlogout
exit to top
end if
put $_POST["code"] into tCode
if tCode is not empty then
-- we need to compare this code with what is pending
put URL ("file:codes.txt") into tPending
put ( tCode & comma & "*") into tFilter
filter tPending with tFilter
put line -1 of tPending into tPending
if the seconds <= item 3 of tPending then -- found a match pending
put item 2 of tPending into tEmail
put uuid("random") into tCode
put tCode & comma & tEmail & comma & (the seconds+60*60*24*7)
after \
URL ("file:codes.txt")
put cookie "myusercookie" with tCode until (the seconds + 60 * 60
* 24 * 7)
put "Successfully logged in"
exit to top
end if
-- no match for the code
put "Code not matched. Please try again or give different email
address."
askforcode
else
put $_POST["email"] into tEmail
end if
if tEmail is not empty then
-- have email address - generate a code and ask user for it
put random(99) into tSix
put format("%06d", tSix) into tSix
-- put this following line in for quick and easy testing !!
-- be sure to take it out later !!!
put "should email" && tSix && "to you."
-- build the message header, adding the from, to and subject details
-- we also put any cc addresses in here, but not bcc (bcc addresses
hidden)
put "i...@kilmelford.com" into pFrom -- CHANGE KILMELFORD.COM
put tEmail into pTo
put "From:" && pFrom & return & \
"To:" && tEmail & return & \
"Subject: Login code for kilmelford.com" & \
return into tMsg
put "Content-Type: text/plain;" & return & return after tMsg
put "Your code is" && tSix && "and it will expire in 15 minutes"
after tMsg
-- send the mail by piping the message we have just built to the
sendmail command
get shell("echo" && wrapQ(shellEscape(tMsg)) && "|
/usr/sbin/sendmail" && \
wrapQ(shellEscape(pTo)) && "-f" && wrapQ(shellEscape(pFrom)))
put the seconds into tEndTime
add 15 * 60 to tEndTime
put tSix & comma & tEmail & comma & tEndTime after \
URL
Re: Tutorial for Livecode Server log in system
cont ( make mistakes pushing tab on keyboard)
full scrip
"
put "window.location='index.html?_e=Error_sin_login';"
put ""
end if
retrive pass from database
put revOpenDatabase ("mysql",
"localhost:3363","reparacion","gsmmax","11*Endimion_grd") into gDbId
put "select pass,id,token from tecnicos where login='" & gUsr & "';" into
tSQL
put tSQL & ""
put revDataFromQuery(tab, return, gDbID, tSQL) into tRes
set itemdelimiter to tab
put item 1 of tRes into tPass
put item 2 of tRes into tCod
put item 3 of tRes into tToken
if tPass <> gPass then
-- error -
put ""
put "window.location='index.html?_e=Error Password';"
put ""
else
Pass oK continue
put ""
put "window.location='vrep.lc?token=" & tToken &"';"
put ""
end if
revCloseDatabase gDbId
?>
if someone want to try it:
https://mpibox.com/rep/
login:
user: test
pass: admin
if you need some help let me know.
P.D.
sorry for spelling mistakes. and other copy/paste
El mar, 26 mar 2024 a las 12:45, pere xavier Rossello ()
escribió:
> Hi.
>
> To make online log in is quit easy in livecode.
> first you need a webpage with a form asking username, email and password )
> and submit to a livecode script
> enctype="text/plain">
>placeholder="Usuario" required>
>required>
> Log in
>
> --- method can be to types get or post - normally I use Get
> this will send username and pass to tloging.lc script
>
> and the livecode code script
> -
> put $_SERVER["REQUEST_METHOD"] into gMetodo
> if gMetodo = "POST" then
> put $_POST["login"] into gUsr
> put $_POST["pass"] into gPass
> put $_POST["tipo"] into gTipo
>
> else
> put $_GET["login"] into gUsr
> put $_GET["pass"] into gPass
> put $_GET["tipo"] into gTipo
> end if
> if gPass = "print" and gUsr = "print" then
> put ""
> put "window.location='impr_pend.lc?t=impresion';"
> put ""
> end if
> if len(gUsr)<2 or len(gPass)<2 then
>
> put ""
> put "window.location='index.html?_e=Error_sin_login';"
> put ""
> end if
> put revOpenDatabase ("mysql",
> "localhost:3363","reparacion","gsmmax","11*Endimion_grd") into gDbId
>
> --put revdb_execute(gDbId, tSQL, "") into tResultado
> put "select pass,id,token from tecnicos where login='" & gUsr & "';" into
> tSQL
> put tSQL & ""
> put revDataFromQuery(tab, return, gDbID, tSQL) into tRes
>
> set itemdelimiter to tab
> put item 1 of tRes into tPass
> put item 2 of tRes into tCod
> put item 3 of tRes into tToken
>
>
>
>
>
>
>
> El mar, 26 mar 2024 a las 6:15, Tim Selander via use-livecode (<
> use-livecode@lists.runrev.com>) escribió:
>
>> Hi all.
>>
>> As a hobbiest/amateur I continue to plunk away with Livecode, mostly the
>> server product in my on-rev account.
>>
>> Can anyone point me to a tutorial or sample of an online log in system
>> (username, email and password) for a website using Livecode?
>>
>> I've found some php tutorials, and /think/ I could glean enough hints to
>> roll my own in LC server, but would greatly prefer to start with LC
>> itself!
>>
>> Any help appreciated!
>>
>> Tim Selander
>> Japan
>>
>> ___
>> use-livecode mailing list
>> use-livecode@lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>
>
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Re: Tutorial for Livecode Server log in system
Hi.
To make online log in is quit easy in livecode.
first you need a webpage with a form asking username, email and password )
and submit to a livecode script
Log in
--- method can be to types get or post - normally I use Get
this will send username and pass to tloging.lc script
and the livecode code script
-
"
put "window.location='impr_pend.lc?t=impresion';"
put ""
end if
if len(gUsr)<2 or len(gPass)<2 then
put ""
put "window.location='index.html?_e=Error_sin_login';"
put ""
end if
put revOpenDatabase ("mysql",
"localhost:3363","reparacion","gsmmax","11*Endimion_grd") into gDbId
--put revdb_execute(gDbId, tSQL, "") into tResultado
put "select pass,id,token from tecnicos where login='" & gUsr & "';" into
tSQL
put tSQL & ""
put revDataFromQuery(tab, return, gDbID, tSQL) into tRes
set itemdelimiter to tab
put item 1 of tRes into tPass
put item 2 of tRes into tCod
put item 3 of tRes into tToken
El mar, 26 mar 2024 a las 6:15, Tim Selander via use-livecode (<
use-livecode@lists.runrev.com>) escribió:
> Hi all.
>
> As a hobbiest/amateur I continue to plunk away with Livecode, mostly the
> server product in my on-rev account.
>
> Can anyone point me to a tutorial or sample of an online log in system
> (username, email and password) for a website using Livecode?
>
> I've found some php tutorials, and /think/ I could glean enough hints to
> roll my own in LC server, but would greatly prefer to start with LC itself!
>
> Any help appreciated!
>
> Tim Selander
> Japan
>
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Tutorial for Livecode Server log in system
Hi all. As a hobbiest/amateur I continue to plunk away with Livecode, mostly the server product in my on-rev account. Can anyone point me to a tutorial or sample of an online log in system (username, email and password) for a website using Livecode? I've found some php tutorials, and /think/ I could glean enough hints to roll my own in LC server, but would greatly prefer to start with LC itself! Any help appreciated! Tim Selander Japan ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
