Page 2 of 3

Re: [Plugin] Ajax RSA

PostPosted: Fri Nov 21, 2014 6:50 pm
by Shakalu
You are welcome.
If I understand your question : Yes, you can use this plugin to encrypt data which are already encrypted (sha-1, md5, etc...).

Ex:
MySQL Password = HelloWorld = 68e109f0f40ca72a15e05cc22786f8e6 (md5 encryption)

- With the Ajax-RSA plugin you call your URL :
Code: Select all
http://www.domain.com/ajax.php?login=root&password=68e109f0f40ca72a15e05cc22786f8e6&token=abc132...

- In the Chrome debug console you will see something like that :
Code: Select all
http://www.domain.com/ajax.php?d=sdf56gs1dg65aze4fqsd5g13fq65zef1qs5d1g564...

- In the PHP script, after decryption, you will get this :
Code: Select all
$arr_data["login"] = root
$arr_data["password"] = 68e109f0f40ca72a15e05cc22786f8e6
$arr_data["token"] = abc132...


I hope I have correctly answered your question. :)
Hey that reminds me that I need to test with JSON data too... :roll:

Re: [Plugin] Ajax RSA

PostPosted: Sat Nov 22, 2014 11:13 pm
by bluebobbo
@Shakalu, looks like RSA.php is throwing a PHP Notice:

PHP Notice: Decryption error in /rsa/Crypt/RSA.php on line 2230
PHP Warning: array_search() expects parameter 2 to be array, null given in /rsa/ajax.php on line 64

It is online, so I'm not sure why it's throwing the errors. Any ideas?

Update: 5:29 PM CST.
I narrowed down the problem to this line

Code: Select all
if( ($k = array_search($arr_data['token'], $_SESSION['token'])) !== FALSE )


Specifically, $_SESSION['token'] does not hold a value. I couldn't find anywhere in any of the files where $_SESSION['token'] was assigned a value, thus the array_search wasn't matching anything. Also note, that array_search's second parameter must be the array, so it'd actually be array_search($_SESSION['token'], $arr_data['token']) for valid syntax. There is a value in $arr_data['token'], just none in $_SESSION['token'].

Re: [Plugin] Ajax RSA

PostPosted: Sat Nov 22, 2014 11:50 pm
by hundredfold
@Shakalu Merci beaucoup! I've been thinking about how I was going to handle this when I came across this plugin. Very much appreciated.

Re: [Plugin] Ajax RSA

PostPosted: Sun Nov 23, 2014 2:57 pm
by stctr
Nice plugin, great work!

Re: [Plugin] Ajax RSA

PostPosted: Tue Nov 25, 2014 5:37 pm
by bluebobbo
I must be the only one that has integrated this plugin and tested it thoroughly enough... :lol: I'm guessing nobody else found this error. I guess I'll try to debug it later.

Re: [Plugin] Ajax RSA

PostPosted: Tue Nov 25, 2014 5:50 pm
by stctr
bluebobbo wrote:I must be the only one that has integrated this plugin and tested it thoroughly enough... :lol: I'm guessing nobody else found this error. I guess I'll try to debug it later.


Yeah did not used it yet, but i got a project where this plugin is very useful.

Re: [Plugin] Ajax RSA

PostPosted: Tue Nov 25, 2014 7:01 pm
by hundredfold
@bluebobbo - thanks for the heads up. I'm planning on integrating this to my project some time next week, so your comments will come in handy.

Re: [Plugin] Ajax RSA

PostPosted: Wed Dec 10, 2014 10:05 am
by Shakalu
Hi @Bluebobbo, i guess know why you have problem.
Bluebobbo wrote:Specifically, $_SESSION['token'] does not hold a value. I couldn't find anywhere in any of the files where $_SESSION['token'] was assigned a value, thus the array_search wasn't matching anything. Also note, that array_search's second parameter must be the array, so it'd actually be array_search($_SESSION['token'], $arr_data['token']) for valid syntax. There is a value in $arr_data['token'], just none in $_SESSION['token'].


Do you have generate your token in first ? To generate a new token (that is an element in $_SESSION['token']) you must call the PHP script without url data, like that :
Image
Then, you can get back this token in Construct2 with AJAXRSA.LastData and use it for next request to secure your data.

Silly question : Do you have a session_start(); at the top of your PHP Script ?

I hope you will resolve your problem with that. :)

Re: [Plugin] Ajax RSA

PostPosted: Fri Dec 12, 2014 6:11 am
by bluebobbo
@Shakalu

Yes I have session_start() initiated.

Yes make the request for the token, first, then use that token to secure further actions.

shakalu.png

Re: [Plugin] Ajax RSA

PostPosted: Fri Dec 12, 2014 8:49 am
by Shakalu
Unfortunately, I do not see the source of your problem.

Here an online test : http://www.payondev.fr/projet/ajaxrsatest/index.html
Image

Here are the sources of this test (.capx format and the complete folder on ftp):
CAPX : http://www.payondev.fr/projet/ajaxrsatest/ajaxrsatest.capx
COMPLETE FOLDER : http://www.payondev.fr/projet/ajaxrsatest/ajaxrsatest.zip

I hope this will be useful to you. :)
Try this project, if it doesn't work maybe it is a problem from hosting configuration i don't know. :/

Note : Don't forget to modify URL at lines 35~36 in 'ajax.php' ;)