Author Topic: RaspberryBASIC.org Forum  (Read 134572 times)

Offline John

  • Forum Support
  • Posts: 3600
Re: RaspberryBASIC.org Forum
« Reply #270 on: December 31, 2019, 02:27:55 PM »
I posted an updated ScriptBasic version on Raspbery BASIC that supports a database with encrypted (MD5) passwords.

AIR

  • Guest
Re: RaspberryBASIC.org Forum
« Reply #271 on: December 31, 2019, 05:35:39 PM »
Quote from: JaliH
It just needs to store username, randomly generated hash and encrypted password for user.

The encrypted password is supposed to be created using the randomly generated hash to 'salt' the password generation AND the resulting check, with the hash being retrieved along with the encrypted password from the DB in order to perform the verification.

The Scriptbasic version is missing this....

AIR.

Offline John

  • Forum Support
  • Posts: 3600
Re: RaspberryBASIC.org Forum
« Reply #272 on: December 31, 2019, 06:50:54 PM »
I've already gone after extra points with the DB addition.

Isn't MD5 encryption enough for a login GUI example?
« Last Edit: December 31, 2019, 06:57:24 PM by John »

AIR

  • Guest
Re: RaspberryBASIC.org Forum
« Reply #273 on: December 31, 2019, 07:27:37 PM »
You're not salting the md5 with a hash, and you're not generating and storing the hash or retrieving the hash to perform the verification.

The hash has to be unique for each account too.

AIR.

Offline John

  • Forum Support
  • Posts: 3600
Re: RaspberryBASIC.org Forum
« Reply #274 on: December 31, 2019, 09:01:20 PM »
I'm not storing the Password. I'm storing a 16 byte MD5 hash of it. Login will be successful if the user entered MD5 hashed password matches the MD5 version of it in the database. A 1/2 mil solar power converter I wrote BACnet interface for used MD5 as it's API encryption method to control it externally.

I added duplicate UserID checking / error reporting and fixed the MD5 HEX string to be a fixed 32 byte length.

Happy New Year!

jalih

  • Guest
Re: RaspberryBASIC.org Forum
« Reply #275 on: January 01, 2020, 03:46:31 AM »
You're not salting the md5 with a hash, and you're not generating and storing the hash or retrieving the hash to perform the verification.

The hash has to be unique for each account too.

I currently generate 32 byte random buffer from the cryptographically strong random source and convert it to hex string for the salt. Key for user chosen password is generated with PBKDF2 algorithm using previously randomly generated salt and 10000 iterations as parameters. Username, key and salt is then stored into database.

« Last Edit: January 01, 2020, 03:51:38 AM by jalih »

Offline John

  • Forum Support
  • Posts: 3600
Re: RaspberryBASIC.org Forum
« Reply #276 on: January 01, 2020, 09:34:06 AM »
The method I'm using is how this forum software encrypts passwords. I don't use salt but known to use sugar from time to time.  :)

Offline John

  • Forum Support
  • Posts: 3600
Re: RaspberryBASIC.org Forum
« Reply #277 on: January 01, 2020, 12:58:54 PM »
It seems I have everything I need to enhance the Nim IUP version to match what I did in ScriptBasic.

Hope to have something soon,

I was hoping someone would  take a shot at upgrading the Python initial example to bring it to current challenge specs.


Offline John

  • Forum Support
  • Posts: 3600
Re: RaspberryBASIC.org Forum
« Reply #278 on: January 01, 2020, 02:24:52 PM »
I really miss UltraEdit on the RPi.

Here is the Nim login.nim example on my Laptop Ubuntu 64. My guess is Unity is a slightly different desktop than what is installed with a standard Ubuntu desktop install.

« Last Edit: January 01, 2020, 02:40:18 PM by John »

Offline John

  • Forum Support
  • Posts: 3600
Re: RaspberryBASIC.org Forum
« Reply #279 on: January 02, 2020, 07:25:38 PM »
I updated the Nim submission to match the ScriptBasic latest version.

I surely learned a few things about Nim along the way.  :o

Q. How do you convert a cstring for a function that requires a Nim string?

That one took some digging.  :-[
« Last Edit: January 02, 2020, 07:31:01 PM by John »

AIR

  • Guest
Re: RaspberryBASIC.org Forum
« Reply #280 on: January 04, 2020, 12:16:15 PM »
Updated C submission.

The libc 'crypt' function is configured to use a SHA-512 hashed password, which was generated using the default 5000 hash iterations.

Full source with arm64 binary, required png grahpic, sqlite3 database, and sql dump attached.

EDIT:  the password for both the 'guest' and 'admin' accounts is...'password'.

Code: C
  1. /* logon2.c
  2.  *
  3.  * version 1.4
  4.  *
  5.  * GUI Logon Screen Challenge Submission
  6.  * C version, using GTK3
  7.  *
  8.  * Written by Armando I. Rivera (AIR)
  9.  *
  10.  * Compile:  gcc logon2.c $(pkg-config --libs --cflags gtk+-3.0 sqlite3) -lcrypt -o logon2
  11. */
  12.  
  13. #define _GNU_SOURCE
  14. #include <gtk/gtk.h>
  15. #include <stdio.h>
  16. #include <crypt.h>
  17. #include <sqlite3.h>
  18.  
  19. GtkWidget *window, *layout, *image, *btnLogin, *chkBox;
  20. GtkWidget *lblUser, *lblPass, *txtUser, *txtPass,*err_label;
  21.  
  22. void chkBox_cb (GtkToggleButton *toggle_button, gpointer data) {
  23.       if (gtk_toggle_button_get_active (toggle_button)) {
  24.           g_object_set(data,"visibility",TRUE,NULL);
  25.       }else{
  26.           g_object_set(data,"visibility",FALSE,NULL);
  27.       }
  28. }
  29.  
  30. void txtPass_cb( GtkWidget *widget, gpointer data ) {
  31.     g_object_set(data,"label","",NULL);
  32. }
  33.  
  34. void txtUser_cb( GtkWidget *widget, gpointer data ) {
  35.     gtk_widget_grab_focus(data);
  36. }
  37.  
  38. int checkPassword(gchar *user, gchar *passwd) {
  39.     sqlite3_stmt *stmt = NULL;
  40.     sqlite3 *db;
  41.     gchar *zErrMsg = 0;
  42.     int rc;
  43.     gchar *sql,*stored_password=0,*stored_salt;
  44.     gchar *hashed_password;
  45.  
  46.     if (g_file_test("auth.db",G_FILE_TEST_EXISTS) == FALSE){
  47.       return(1);
  48.     }    
  49.  
  50.     if (rc = sqlite3_open("auth.db", &db)) {
  51.        return(2);
  52.     }
  53.     asprintf(&sql,"select username,password,salt from Users where username is '%s'",user);
  54.    
  55.     if (rc = sqlite3_prepare_v2(db, sql,-1,&stmt,0) != SQLITE_OK ) {
  56.         return(-1);
  57.     }
  58.  
  59.     free(sql);
  60.    
  61.     if (sqlite3_step(stmt) == SQLITE_ROW) {
  62.         stored_password = (gchar*)sqlite3_column_text(stmt,1);
  63.         stored_salt = (gchar*)sqlite3_column_text(stmt,2);
  64.         hashed_password= crypt(passwd,stored_salt);
  65.         return g_strcmp0 (hashed_password, stored_password);
  66.     }else{
  67.         return(3);
  68.     }
  69. }
  70.  
  71. void onClick( GtkWidget *widget, gpointer data ) {
  72.     gchar *user_name, *user_password;
  73.     int result;
  74.     g_object_get(txtUser,"text",&user_name,NULL);
  75.     g_object_get(txtPass,"text",&user_password,NULL);
  76.    
  77.     result = checkPassword(user_name, user_password);
  78.  
  79.     switch (result) {
  80.         case 0:
  81.             g_print("User '%s' now logged in!\n",user_name);
  82.             gtk_main_quit();
  83.             break;
  84.         case 1:
  85.             gtk_label_set_markup(GTK_LABEL(err_label), "<span color=\"red\" font_desc=\"16.0\">** Database Not Found **</span>");
  86.             g_print("'auth.db' database not found\n");
  87.             break;
  88.         case 2:
  89.             gtk_label_set_markup(GTK_LABEL(err_label), "<span color=\"red\" font_desc=\"16.0\">** Database Not Accessible**</span>");
  90.             g_print("Unable to read 'auth.db' database\n");
  91.             break;
  92.         case 3:
  93.             gtk_label_set_markup(GTK_LABEL(err_label), "<span color=\"red\" font_desc=\"16.0\">** Unknown User **</span>");
  94.             g_print("Unknown User Account for '%s'\n",user_name);
  95.             break;
  96.         default:
  97.             gtk_label_set_markup(GTK_LABEL(err_label), "<span color=\"red\" font_desc=\"16.0\">** Invalid Password **</span>");
  98.             g_print("Incorrect password for User '%s'!\n",user_name);
  99.     }
  100. }
  101.  
  102. int main( int argc, char *argv[])
  103. {
  104.  
  105.  
  106.     gtk_init(&argc, &argv);
  107.    
  108.     layout = gtk_layout_new(NULL, NULL);
  109.  
  110.     window = g_object_new(GTK_TYPE_WINDOW,
  111.                         "type",GTK_WINDOW_TOPLEVEL,
  112.                         "title","Login",
  113.                         "default-width",660,
  114.                         "default-height",370,
  115.                         "resizable",FALSE,
  116.                         "window-position",GTK_WIN_POS_CENTER,
  117.                         "child",layout,
  118.                         "decorated",0,
  119.                         NULL);
  120.  
  121.     image = g_object_new(GTK_TYPE_IMAGE,"file","logon.png",NULL);
  122.     g_object_set(layout,"child",image,"margin",10,NULL);
  123.    
  124.     lblUser = g_object_new(GTK_TYPE_LABEL,"use-markup",TRUE,"label","<span font_desc=\"16.0\">Username:</span>",NULL);
  125.     lblPass = g_object_new(GTK_TYPE_LABEL,"use-markup",TRUE,"label","<span font_desc=\"16.0\">Password:</span>",NULL);
  126.     err_label = g_object_new(GTK_TYPE_LABEL, "width-request", 270,NULL);
  127.  
  128.     txtUser = g_object_new(GTK_TYPE_ENTRY,NULL);
  129.     txtPass = g_object_new(GTK_TYPE_ENTRY,"visibility",FALSE,NULL);
  130.    
  131.     chkBox = g_object_new(GTK_TYPE_CHECK_BUTTON,"label","Show Password",NULL);
  132.  
  133.     btnLogin = g_object_new(GTK_TYPE_BUTTON,"label","Login","width-request",170,NULL);
  134.  
  135.     gtk_layout_put(GTK_LAYOUT(layout), lblUser, 330, 112-30);
  136.     gtk_layout_put(GTK_LAYOUT(layout), lblPass, 330, 162-30);
  137.     gtk_layout_put(GTK_LAYOUT(layout), txtUser, 460, 110-30);
  138.     gtk_layout_put(GTK_LAYOUT(layout), txtPass, 460, 160-30);
  139.     gtk_layout_put(GTK_LAYOUT(layout), chkBox, 460, 210-30);
  140.     gtk_layout_put(GTK_LAYOUT(layout), btnLogin, 460, 250-30);
  141.     gtk_layout_put(GTK_LAYOUT(layout), err_label, 300, 16);
  142.  
  143.     g_signal_connect (window, "destroy", G_CALLBACK (gtk_main_quit), NULL);
  144.     g_signal_connect (btnLogin, "clicked", G_CALLBACK (onClick), NULL);
  145.     g_signal_connect (chkBox, "toggled", G_CALLBACK (chkBox_cb), txtPass);
  146.     g_signal_connect (txtPass, "changed", G_CALLBACK (txtPass_cb), err_label);
  147.     g_signal_connect (txtPass, "activate", G_CALLBACK (onClick), txtPass);
  148.     g_signal_connect (txtUser, "activate", G_CALLBACK (txtUser_cb), txtPass);
  149.    
  150.     gtk_widget_show_all(window);
  151.  
  152.     gtk_main();
  153.  
  154.     return 0;
  155. }
  156.  
  157.  
  158.  

AIR.
« Last Edit: January 04, 2020, 12:30:49 PM by AIR »

Offline John

  • Forum Support
  • Posts: 3600
Re: RaspberryBASIC.org Forum
« Reply #281 on: January 04, 2020, 12:32:58 PM »
Will you be posting this to Raspberry BASIC with some screenshots?

Offline John

  • Forum Support
  • Posts: 3600
Re: RaspberryBASIC.org Forum
« Reply #282 on: January 08, 2020, 06:50:36 AM »
AIR,

A response from Antonio.

Quote
Hi,

  I just committed some of the changes to tecmake.mak in IUP SVN.

Best,

Scuri

BTW, other changes should be set on the user environment. Like:

USE_LUA53=YES
USE_PKGCONFIG=YES
USE_GTK3=YES
LUA51=$(TECTOOLS_HOME)/lua51
LUA_SFX=51



« Last Edit: January 08, 2020, 09:03:22 AM by John »

paulwratt

  • Guest
Re: RaspberryBASIC.org Forum
« Reply #283 on: April 14, 2020, 02:37:22 AM »
Quote
I really miss UltraEdit on the RPi.

you can use the SSH, SFTP, FTP options

Offline John

  • Forum Support
  • Posts: 3600
Re: RaspberryBASIC.org Forum
« Reply #284 on: April 14, 2020, 03:21:37 AM »
Great idea!