iOS Question How using the login/psw of my b4I app to update MYSQL datas ?

[Charlotte]

Good afternoon.

I've got an B4I application made by another dev and I have to take it in charge.
I don't well understand how it is working yet.

I've successfully installed the app on the iPhone with all the tutorials and all the help of members of this forum.

Now, I'm facing another issue :

The application requires a login/psw. We mainly use it for scanning QR code created by our web app. The QRCode allow users to access to the web app in a specific location.
When we scan a QR code, the Login is neither the users' login of the mobile app nor the user'login of the web app anymore but the login of the another user who created the QRCode.

It's problematic as the datas are not updated with the good login. How can I force the scan of the QRCode to keep the users' login of the user logged on the mobile app ?

Best regards

 

[aeric]

You need to ask the original developer how it works.
I don't think any member can help you with the information you have mentioned.
If you don't understand one part of the code then try to post the section and ask about it.

 

[Charlotte]

Good morning,

Thanks for your answer.
The original developer is withholding information. We probably have to start a judicial procedure against him as he doesn't have the right to do so but we would prefer to find a cordial agreement. It's very long and we are discussing for many months already.

But we have to run the production so I need to correct what I can.

The QR code is created by the web application using this open source : https://sourceforge.net/projects/phpqrcode/support. Our code is Obfuscated on our server and he doesn't want to give us the access so I can't say what kind of modification he has done on it. We are working on this point too.

For the B4I application, I think that the procedure which is reading the QR code and sends the user to the web system is the following one :

Sub scanner_Detected(Codes As List)  
  For Each code As BarcodeCode In Codes
    Dim codeString As String = code
    If codeString.Contains(scanner.TYPE_QR) Then
      Dim l_jpJsonQRCode As JSONParser
      Dim l_mMapJson As Map
      l_jpJsonQRCode.Initialize(code.Value)
      l_mMapJson = l_jpJsonQRCode.NextObject

      Dim l_sResultURL As String = l_mMapJson.Get("url")
      Dim l_sFinalURL  As String = Main.G_StringUtils.DecodeUrl(l_sResultURL,"UTF-8") & "&notimeout=1"

      ShowWebSite(l_sFinalURL)

      scanner.Stop
      Exit
    End If
  Next  
End Sub

The l_sFinalURL has a token which contains the user and password, encrypted so. I don't know if it's possible to take only the url and put the user and login of the user of the mobile instead of the user an login of the QR code to ShowWebSite(l_sFinalURL) ?

Best regards

 

[aeric]

If I understand correctly, you want to replace some of the values inside the url.
For example, the url is https://acme.com/example/system/login.php?token=unknwnrndm9en3rat3dt0k3n1dfrmbck3n45ys&notimeout=1
You want to replace the value between token= and &notimeout=1 to your own value?

 

[Charlotte]

Thanks for your answer.
Yes, it could be one of the solution. I'm not sure that it's possible ?
Best regards.

 

[aeric]

I think there must be more elegant ways.

Dim l_sFinalURL As String
Dim newvalue As String = "59d48be55da43f812fdaa923070487e1"
Dim l_sResultURL As String = l_mMapJson.Get("url")
l_sResultURL = Main.G_StringUtils.DecodeUrl(l_sResultURL, "UTF8")
Dim pos As Int = l_sResultURL.IndexOf("token=")
If pos > -1 Then
    Dim urlparam As String = l_sResultURL.SubString(pos)
    Dim params() As String = Regex.Split("&", urlparam)
    For Each param As String In params
        If param.StartsWith("token") Then
            Dim token() As String = Regex.Split("=", param)
            l_sFinalURL = l_sResultURL.Replace(token(1), newvalue) & "&notimeout=1"
        End If
    Next
Else
    l_sFinalURL = l_sResultURL & IIf(l_sResultURL.Contains("?"), "&", "?") & "token=" & newvalue & "&notimeout=1"
End If
ShowWebSite(l_sFinalURL)

 

[Charlotte]

Thank you very much !
I've tried it but the results (I've compared the l_sFinalURL for each code with a msgbox) seems not good.
And we don't have only the user an psw in the token. We also have the page which is opened and the data consulted.
I wonder If it's possible to change it by this way

 

[aeric]

It is easier for the members to help you if you post the url structure. For confidentiality, you can change the domain name like my example above.

 

[Charlotte]

Thanks for your answer.
The result of l_sFinalURL, in the initial code, is as following :

https://[serveradress.com: port]/exts/pages/ajax/ajx_generic.php?keygp=[token_number]&qr=1&notimeout=1

 

[aeric]

If you can't login with the token you specified then I think the token is not valid. You need to check what is the acceptable token for the target server.

 

[Charlotte]

We can login. The point is that we log as the user who made the QR(which can be the administrator), it doesn't take the present user /psw on the mobile device.

 

[Alexander Stolte]

Try this:

Sub ExtractTokenNumber(url As String) As String
    Dim Pattern As String = "(?i)keygp=([^&]+)"
    Dim matcher As Matcher = Regex.Matcher(Pattern, url)
    If matcher.Find Then
        Return matcher.Group(1)
    Else
        Return ""
    End If
End Sub

Log(ExtractTokenNumber("https://[serveradress.com: port]/exts/pages/ajax/ajx_generic.php?keygp=59d48be55da43f812fdaa923070487e1&qr=1&notimeout=1"))

 

[Charlotte]

Thank you for your answer.
Sorry, I'm really noob and I don't understand how to use this function in my code. And, if I well understand, that allow to get the keygp token but I can't extract the data I need and replace the user/psw in this token I think that I have to find a way from the web app code, which is obfuscated
Thank you a lot for all your help

 

[aeric]

which is obfuscated

Not much you can do about it.
If you pay the developer, sure he will provide you with support, unless the opposite is happening.

 

[Charlotte]

aerie said :
If you pay the developer, sure he will provide you with support, unless the opposite is happening.

Thank you for your answer, I'm sorry. I didn't understand what do you mean.

 

[aeric]

Thank you for your answer, I'm sorry. I didn't understand what do you mean.

The original developer is withholding information. We probably have to start a judicial procedure against him as he doesn't have the right to do so but we would prefer to find a cordial agreement. It's very long and we are discussing for many months already.

You need to deal with the original developer.

 

[Charlotte]

Thank you for your answer.