[Plugin] Ajax RSA

Post your completed addons to share with the community

Post » Fri Nov 21, 2014 6:50 pm

You are welcome.
If I understand your question : Yes, you can use this plugin to encrypt data which are already encrypted (sha-1, md5, etc...).

Ex:
MySQL Password = HelloWorld = 68e109f0f40ca72a15e05cc22786f8e6 (md5 encryption)

- With the Ajax-RSA plugin you call your URL :
Code: Select all
http://www.domain.com/ajax.php?login=root&password=68e109f0f40ca72a15e05cc22786f8e6&token=abc132...

- In the Chrome debug console you will see something like that :
Code: Select all
http://www.domain.com/ajax.php?d=sdf56gs1dg65aze4fqsd5g13fq65zef1qs5d1g564...

- In the PHP script, after decryption, you will get this :
Code: Select all
$arr_data["login"] = root
$arr_data["password"] = 68e109f0f40ca72a15e05cc22786f8e6
$arr_data["token"] = abc132...


I hope I have correctly answered your question. :)
Hey that reminds me that I need to test with JSON data too... :roll:
B
11
S
2
Posts: 7
Reputation: 1,218

Post » Sat Nov 22, 2014 11:13 pm

@Shakalu, looks like RSA.php is throwing a PHP Notice:

PHP Notice: Decryption error in /rsa/Crypt/RSA.php on line 2230
PHP Warning: array_search() expects parameter 2 to be array, null given in /rsa/ajax.php on line 64

It is online, so I'm not sure why it's throwing the errors. Any ideas?

Update: 5:29 PM CST.
I narrowed down the problem to this line

Code: Select all
if( ($k = array_search($arr_data['token'], $_SESSION['token'])) !== FALSE )


Specifically, $_SESSION['token'] does not hold a value. I couldn't find anywhere in any of the files where $_SESSION['token'] was assigned a value, thus the array_search wasn't matching anything. Also note, that array_search's second parameter must be the array, so it'd actually be array_search($_SESSION['token'], $arr_data['token']) for valid syntax. There is a value in $arr_data['token'], just none in $_SESSION['token'].
B
3
Posts: 9
Reputation: 568

Post » Sat Nov 22, 2014 11:50 pm

@Shakalu Merci beaucoup! I've been thinking about how I was going to handle this when I came across this plugin. Very much appreciated.
Image
B
9
S
3
G
1
Posts: 346
Reputation: 1,560

Post » Sun Nov 23, 2014 2:57 pm

Nice plugin, great work!
B
31
S
10
G
2
Posts: 310
Reputation: 5,516

Post » Tue Nov 25, 2014 5:37 pm

I must be the only one that has integrated this plugin and tested it thoroughly enough... :lol: I'm guessing nobody else found this error. I guess I'll try to debug it later.
B
3
Posts: 9
Reputation: 568

Post » Tue Nov 25, 2014 5:50 pm

bluebobbo wrote:I must be the only one that has integrated this plugin and tested it thoroughly enough... :lol: I'm guessing nobody else found this error. I guess I'll try to debug it later.


Yeah did not used it yet, but i got a project where this plugin is very useful.
B
31
S
10
G
2
Posts: 310
Reputation: 5,516

Post » Tue Nov 25, 2014 7:01 pm

@bluebobbo - thanks for the heads up. I'm planning on integrating this to my project some time next week, so your comments will come in handy.
Image
B
9
S
3
G
1
Posts: 346
Reputation: 1,560

Post » Wed Dec 10, 2014 10:05 am

Hi @Bluebobbo, i guess know why you have problem.
Bluebobbo wrote:Specifically, $_SESSION['token'] does not hold a value. I couldn't find anywhere in any of the files where $_SESSION['token'] was assigned a value, thus the array_search wasn't matching anything. Also note, that array_search's second parameter must be the array, so it'd actually be array_search($_SESSION['token'], $arr_data['token']) for valid syntax. There is a value in $arr_data['token'], just none in $_SESSION['token'].


Do you have generate your token in first ? To generate a new token (that is an element in $_SESSION['token']) you must call the PHP script without url data, like that :
Image
Then, you can get back this token in Construct2 with AJAXRSA.LastData and use it for next request to secure your data.

Silly question : Do you have a session_start(); at the top of your PHP Script ?

I hope you will resolve your problem with that. :)
B
11
S
2
Posts: 7
Reputation: 1,218

Post » Fri Dec 12, 2014 6:11 am

@Shakalu

Yes I have session_start() initiated.

Yes make the request for the token, first, then use that token to secure further actions.

shakalu.png
You do not have the required permissions to view the files attached to this post.
B
3
Posts: 9
Reputation: 568

Post » Fri Dec 12, 2014 8:49 am

Unfortunately, I do not see the source of your problem.

Here an online test : http://www.payondev.fr/projet/ajaxrsatest/index.html
Image

Here are the sources of this test (.capx format and the complete folder on ftp):
CAPX : http://www.payondev.fr/projet/ajaxrsatest/ajaxrsatest.capx
COMPLETE FOLDER : http://www.payondev.fr/projet/ajaxrsatest/ajaxrsatest.zip

I hope this will be useful to you. :)
Try this project, if it doesn't work maybe it is a problem from hosting configuration i don't know. :/

Note : Don't forget to modify URL at lines 35~36 in 'ajax.php' ;)
B
11
S
2
Posts: 7
Reputation: 1,218

PreviousNext

Return to Completed Addons

Who is online

Users browsing this forum: No registered users and 0 guests