Shakalu's Forum Posts

  • 7 posts
  • Hi all,

    I received a question in my personnal mailbox, I bring the answer here too, it can be useful.

    In PHP script, how choose between these 2 lines ?

    It depends how you wish to transfer the data: POST method (Post to URL) or GET method (Request URL)

    Regards.

  • Unfortunately, I do not see the source of your problem.

    Here an online test : http://www.payondev.fr/projet/ajaxrsatest/index.html

    Here are the sources of this test (.capx format and the complete folder on ftp):

    CAPX : http://www.payondev.fr/projet/ajaxrsatest/ajaxrsatest.capx

    COMPLETE FOLDER : http://www.payondev.fr/projet/ajaxrsatest/ajaxrsatest.zip

    I hope this will be useful to you.

    Try this project, if it doesn't work maybe it is a problem from hosting configuration i don't know. :/

    Note : Don't forget to modify URL at lines 35~36 in 'ajax.php'

  • Hi bluebobbo, i guess know why you have problem.

    Specifically, $_SESSION['token'] does not hold a value. I couldn't find anywhere in any of the files where $_SESSION['token'] was assigned a value, thus the array_search wasn't matching anything. Also note, that array_search's second parameter must be the array, so it'd actually be array_search($_SESSION['token'], $arr_data['token']) for valid syntax. There is a value in $arr_data['token'], just none in $_SESSION['token'].

    Do you have generate your token in first ? To generate a new token (that is an element in $_SESSION['token']) you must call the PHP script without url data, like that :

    Then, you can get back this token in Construct2 with AJAXRSA.LastData and use it for next request to secure your data.

    Silly question : Do you have a session_start(); at the top of your PHP Script ?

    I hope you will resolve your problem with that.

  • You are welcome.

    If I understand your question : Yes, you can use this plugin to encrypt data which are already encrypted (sha-1, md5, etc...).

    Ex:

    MySQL Password = HelloWorld = 68e109f0f40ca72a15e05cc22786f8e6 (md5 encryption)

    • With the Ajax-RSA plugin you call your URL :
    http://www.domain.com/ajax.php?login=root&password=68e109f0f40ca72a15e05cc22786f8e6&token=abc132...[/code:1q4n1zvf]
    [ul]
    	[li]In the Chrome debug console you will see something like that :[/li]
    [/ul][code:1q4n1zvf]http://www.domain.com/ajax.php?d=sdf56gs1dg65aze4fqsd5g13fq65zef1qs5d1g564...[/code:1q4n1zvf]
    [ul]
    	[li]In the PHP script, after decryption, you will get this :[/li]
    [/ul][code:1q4n1zvf]$arr_data["login"] = root
    $arr_data["password"] = 68e109f0f40ca72a15e05cc22786f8e6
    $arr_data["token"] = abc132...[/code:1q4n1zvf]
    
    I hope I have correctly answered your question. 
    Hey that reminds me that I need to test with JSON data too...
  • I'm not sure I understand. ^^

    It is necessary to create a new token for each request.

    If you want only one token for all your queries (not recommended but possible), just change the following lines in your PHP code:

    // Remove current token (expired or not)
    unset($_SESSION['token'][$k]);
    
    $expiration = explode("_", $arr_data['token']); 
    $delayToken = time() - $expiration[1];
    [/code:rz8q533q]become...
    [code:rz8q533q]
    // Remove current token (expired or not)
    //unset($_SESSION['token'][$k]);
    
    //$expiration = explode("_", $arr_data['token']); 
    $delayToken = 0;
    [/code:rz8q533q]
    Then you can do it :
    [url=http://image.noelshack.com/fichiers/2014/46/1416137703-sans-titre-1.jpg][img="http://image.noelshack.com/fichiers/2014/46/1416137703-sans-titre-1.jpg"][/url]
    However, the interest of the token becomes much less interesting
  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • Thanks a lot guys. I hope this is helpful in your projects.

    Plugin updated and tested !

    Works on release 184

    Local test doesn't work due to an issue with the PHP Session. Project need to be uploaded to test.

    Manual update (for older version than 20 Oct. 2014)

    Need only remove 1 line in file Construct 2\exporters\html5\plugins\ajaxrsa\runtime.js

    remove line 116 :

    console.log(data_);[/code:3srh47ay]This line can cause a javascript crash with IE9 and older versions.
    
    Download link remains the same : [url=http://www.payondev.fr/projet/ajaxrsa/index.html]http://www.payondev.fr/projet/ajaxrsa/index.html[/url]
  • Hi,

    (First, sorry for the spelling, I do not speak English fluently).

    This is my first plugin Construct 2: Ajax RSA

    The purpose of this plugin is to encrypt the data flowing between Ajax (encryption) and PHP (decryption).

    Unfortunately, This plugin Does not Provide a foolproof method against hacks but tries to approach.

    What is RSA ?

    RSA is a cryptosystem (Public-key cryptography), also known as asymmetric cryptography, refers to a cryptographic algorithm which requires two separate keys, one of which is secret (or private) and one of which is public.

    20 Oct. 2014: tested on Release 184

    Guide page: http://www.payondev.fr/projet/ajaxrsa/index.html

    Demonstration: http://www.payondev.fr/projet/ajaxrsa/demonstration/index.html

    I hope this plugin will be useful for some "constructors".

    Bonne journée.

  • 7 posts