iOS Question How using the login/psw of my b4I app to update MYSQL datas ?

C

Charlotte

Member
Licensed User
Good afternoon.

I've got an B4I application made by another dev and I have to take it in charge.
I don't well understand how it is working yet.

I've successfully installed the app on the iPhone with all the tutorials and all the help of members of this forum.

Now, I'm facing another issue :

The application requires a login/psw. We mainly use it for scanning QR code created by our web app. The QRCode allow users to access to the web app in a specific location.
When we scan a QR code, the Login is neither the users' login of the mobile app nor the user'login of the web app anymore but the login of the another user who created the QRCode.

It's problematic as the datas are not updated with the good login. How can I force the scan of the QRCode to keep the users' login of the user logged on the mobile app ?

Best regards
 
Sort by date Sort by votes

aeric

Expert
Licensed User
Longtime User
You need to ask the original developer how it works.
I don't think any member can help you with the information you have mentioned.
If you don't understand one part of the code then try to post the section and ask about it.
 
Upvote 0
C

Charlotte

Member
Licensed User
Good morning,

Thanks for your answer.
The original developer is withholding information. We probably have to start a judicial procedure against him as he doesn't have the right to do so but we would prefer to find a cordial agreement. It's very long and we are discussing for many months already.

But we have to run the production so I need to correct what I can.

The QR code is created by the web application using this open source : https://sourceforge.net/projects/phpqrcode/support. Our code is Obfuscated on our server and he doesn't want to give us the access so I can't say what kind of modification he has done on it. We are working on this point too.

For the B4I application, I think that the procedure which is reading the QR code and sends the user to the web system is the following one :

Function for detecting QR code: 
Sub scanner_Detected(Codes As List)  
  For Each code As BarcodeCode In Codes
    Dim codeString As String = code
    If codeString.Contains(scanner.TYPE_QR) Then
      Dim l_jpJsonQRCode As JSONParser
      Dim l_mMapJson As Map
      l_jpJsonQRCode.Initialize(code.Value)
      l_mMapJson = l_jpJsonQRCode.NextObject

      Dim l_sResultURL As String = l_mMapJson.Get("url")
      Dim l_sFinalURL  As String = Main.G_StringUtils.DecodeUrl(l_sResultURL,"UTF-8") & "&notimeout=1"

      ShowWebSite(l_sFinalURL)

      scanner.Stop
      Exit
    End If
  Next  
End Sub

The l_sFinalURL has a token which contains the user and password, encrypted so. I don't know if it's possible to take only the url and put the user and login of the user of the mobile instead of the user an login of the QR code to ShowWebSite(l_sFinalURL) ?

Best regards
 
Upvote 0

aeric

Expert
Licensed User
Longtime User
I think there must be more elegant ways.

B4X: 
Dim l_sFinalURL As String
Dim newvalue As String = "59d48be55da43f812fdaa923070487e1"
Dim l_sResultURL As String = l_mMapJson.Get("url")
l_sResultURL = Main.G_StringUtils.DecodeUrl(l_sResultURL, "UTF8")
Dim pos As Int = l_sResultURL.IndexOf("token=")
If pos > -1 Then
    Dim urlparam As String = l_sResultURL.SubString(pos)
    Dim params() As String = Regex.Split("&", urlparam)
    For Each param As String In params
        If param.StartsWith("token") Then
            Dim token() As String = Regex.Split("=", param)
            l_sFinalURL = l_sResultURL.Replace(token(1), newvalue) & "&notimeout=1"
        End If
    Next
Else
    l_sFinalURL = l_sResultURL & IIf(l_sResultURL.Contains("?"), "&", "?") & "token=" & newvalue & "&notimeout=1"
End If
ShowWebSite(l_sFinalURL)
 
Upvote 0
C

Charlotte

Member
Licensed User
Thank you very much !
I've tried it but the results (I've compared the l_sFinalURL for each code with a msgbox) seems not good.
And we don't have only the user an psw in the token. We also have the page which is opened and the data consulted.
I wonder If it's possible to change it by this way
 
Upvote 0
C

Charlotte

Member
Licensed User
Thanks for your answer.
The result of l_sFinalURL, in the initial code, is as following :

https://[serveradress.com: port]/exts/pages/ajax/ajx_generic.php?keygp=[token_number]&qr=1&notimeout=1
 
Last edited:
Upvote 0
C

Charlotte

Member
Licensed User
We can login. The point is that we log as the user who made the QR(which can be the administrator), it doesn't take the present user /psw on the mobile device.
 
Upvote 0

Alexander Stolte

Expert
Licensed User
Longtime User
Try this:
B4X: 
Sub ExtractTokenNumber(url As String) As String
    Dim Pattern As String = "(?i)keygp=([^&]+)"
    Dim matcher As Matcher = Regex.Matcher(Pattern, url)
    If matcher.Find Then
        Return matcher.Group(1)
    Else
        Return ""
    End If
End Sub
B4X: 
Log(ExtractTokenNumber("https://[serveradress.com: port]/exts/pages/ajax/ajx_generic.php?keygp=59d48be55da43f812fdaa923070487e1&qr=1&notimeout=1"))
 
Upvote 0
C

Charlotte

Member
Licensed User
Thank you for your answer.
Sorry, I'm really noob and I don't understand how to use this function in my code. And, if I well understand, that allow to get the keygp token but I can't extract the data I need and replace the user/psw in this token I think that I have to find a way from the web app code, which is obfuscated
Thank you a lot for all your help
 
Upvote 0

aeric

Expert
Licensed User
Longtime User
Charlotte said:
Thank you for your answer, I'm sorry. I didn't understand what do you mean.
Click to expand...
You need to deal with the original developer.
 
Upvote 0

MrKim

Well-Known Member
Licensed User
Longtime User
It is quite possible that the page created that uses the QR code is only accessible by the user who created it. Without the server code, can't be sure.
One way to test it is read the QR code and change BOTH the token AND the web address. Change the web address to a page you know the user has rights to.
 
Upvote 0
C

Charlotte

Member
Licensed User
Thanks for your answer.
The QR code open the web app on the product page.
All the users have access to the products' page, and I can't change the token as I need the reference of the product which is on it.
 
Upvote 0

MrKim

Well-Known Member
Licensed User
Longtime User
Charlotte said:
Thanks for your answer.
The QR code open the web app on the product page.
All the users have access to the products' page, and I can't change the token as I need the reference of the product which is on it.
Click to expand...
I am guessing you were replying to me. In the future click the reply button so we know who you are replying to.
Back to your issue. Add a log statement for your l_sFinalURL copy that and edit it to a page that can be accessed by a regular user and then run that.
 
Upvote 0
You must log in or register to reply here.

Similar Threads

A
  • Question
iOS Question b4i LogCat
Replies
1
Views
469
Erel
C
  • Question
iOS Question [NEW User]
Replies
3
Views
745
aeric
  • Question
iOS Question B4i CustomListView library issue
Replies
2
Views
2K
walterf25
  • Question
iOS Question B4i Bridge App compiling error
Replies
10
Views
1K
bromie2008
  • Question
iOS Question Question Regarding Use of: #QueriesSchemes
Replies
4
Views
2K
Marroq Spoulinker
Menu
Log in
Register
Cookies are required to use this site. You must accept them to continue using the site. Learn more…