AquaticTechTank.net

A forum dedicated to design and program aquatic tanks
It is currently Thu Sep 21, 2017 7:47 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Ardunio web server login
PostPosted: Tue Jun 03, 2014 10:25 am 
Offline
Site Admin

Joined: Fri Nov 30, 2012 1:54 pm
Posts: 275
Tip of the day:
How to create a secure ardunio web server login by using a session variable.



I want to clarify what wasn't in the video. The cookie's life span you create is a temporary one, as long as the window is open. You can specify an expiration date. Also the Browser automatically sends the cookie info back to the sever every time you make a call (as long it's the same domain of course).

Oh, and this is a one user session only. If you want multiple users, you'd have to create a session array on your server and cycle through it to see who is who.


Top
 Profile  
 
PostPosted: Mon Feb 23, 2015 5:44 pm 
Offline
Site Admin

Joined: Fri Nov 30, 2012 1:54 pm
Posts: 275
Because using session cookies is a bit complicated, you can use a simple built in HTTP Authorization. Remember this is not where the user/pass are encrypted, so be careful where you login. It can be intercepted and decoded in a public network by savvy hackers.

Note that I'm using a String object for ease in the code. Only use it it you have the memory. It does use quite a bit. Use the basic C char arrays and functions where you can.



Code:
/*
 Web Server
 with
 http auth mod by Minh Truong
 5-18-215
 */

#include <SPI.h>
#include <Ethernet.h>

// Enter a MAC address and IP address for your controller below.
// The IP address will be dependent on your local network:
byte mac[] = {
  0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED
};
IPAddress ip(192, 168, 1, 177);

// Initialize the Ethernet server library
// with the IP address and port you want to use
// (port 80 is default for HTTP):
EthernetServer server(80);
//char userPass[200];
//char header[500];
String header;
//int bufferSize = 0;

void setup() {
  // Open serial communications and wait for port to open:
  Serial.begin(9600);

  // start the Ethernet connection and the server:
  Ethernet.begin(mac, ip);
  server.begin();
  Serial.print("server is at ");
  Serial.println(Ethernet.localIP());
}


void loop() {
  // listen for incoming clients
  EthernetClient client = server.available();
  if (client) {
    Serial.println("new client");
    // an http request ends with a blank line
    boolean currentLineIsBlank = true;
   
    while (client.connected()) {
      if (client.available()) {
        char c = client.read();
        header += c;
 
        if (c == '\n' && currentLineIsBlank) {

          //parse headers
          //bWluaDp0ZXN0 = 'minh:test' (user:password) base64 encode
   
          Serial.print(header);
         
          // Simpler just to find the credential string
          // send a standard http response header
          if(header.indexOf("bWluaDp0ZXN0") >= 0) {
            //successful login
            client.println("HTTP/1.1 200 OK");
            client.println("Content-Type: text/html");
            client.println("Connection: close");  // the connection will be closed after completion of the response
            //client.println("Refresh: 5");  // refresh the page automatically every 5 sec
            client.println();
              if(header.indexOf("GET / HTTP/1.1") >= 0) {
                client.println("<!DOCTYPE HTML>");
                client.println("<html>");
                client.println("index");
                client.println("</html>");
              } else {
                client.println("<!DOCTYPE HTML>");
                client.println("<html>");
                client.println("hello world!");
                client.println("</html>");
              }
           
          } else {
           
            // wrong user/pass
            //client.println("HTTP/1.0 401 Authorization Required");
            client.println("HTTP/1.1 401 Unauthorized");
            client.println("WWW-Authenticate: Basic realm=\"Secure\"");
            client.println("Content-Type: text/html");
            client.println();
            client.println("<html>Text to send if user hits Cancel button</html>"); // really need this for the popup!

          }
         
          header = "";
          break;
        }
        if (c == '\n') {
          // you're starting a new line
          currentLineIsBlank = true;
        }
        else if (c != '\r') {
          // you've gotten a character on the current line
          currentLineIsBlank = false;
        }
      }
    }
    // give the web browser time to receive the data
    delay(1);
    // close the connection:
    client.stop();
    Serial.println("client disconnected");
  }
}




Top
 Profile  
 
PostPosted: Sat May 16, 2015 2:53 pm 
Offline
Site Admin

Joined: Fri Nov 30, 2012 1:54 pm
Posts: 275
HTTP Basic Auth using char string

Code:
/*
 Web Server
 with
 http auth mod by Minh Truong
 2-20-215
 */

#include <SPI.h>
#include <Ethernet.h>

// Enter a MAC address and IP address for your controller below.
// The IP address will be dependent on your local network:
byte mac[] = {
  0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED
};
IPAddress ip(192, 168, 1, 177);

// Initialize the Ethernet server library
// with the IP address and port you want to use
// (port 80 is default for HTTP):
EthernetServer server(80);

char header[500];
int bufferSize = 0;

void setup() {
  // Open serial communications and wait for port to open:
  Serial.begin(9600);

  // start the Ethernet connection and the server:
  Ethernet.begin(mac, ip);
  server.begin();
  Serial.print("server is at ");
  Serial.println(Ethernet.localIP());
}


void loop() {
  // listen for incoming clients
  EthernetClient client = server.available();
  if (client) {
    Serial.println("new client");
    // an http request ends with a blank line
    boolean currentLineIsBlank = true;
    while (client.connected()) {
      if (client.available()) {
        char c = client.read();
        if(bufferSize < 500) header[bufferSize++] = c;
       
 
        if (c == '\n' && currentLineIsBlank) {

          //parse headers
          //bWluaDp0ZXN0 = 'minh:test' (user:password) base64 encode
         
          Serial.println(header);
         
   
          // send a standard http response header
          if(strstr(header, "bWluaDp0ZXN0") != NULL) {
            client.println("HTTP/1.1 200 OK");
            client.println("Content-Type: text/html");
            client.println("Connection: close");  // the connection will be closed after completion of the response

            client.println();
            if(strstr(header, "GET / HTTP/1.1")) {
              client.println("<!DOCTYPE HTML>");
              client.println("<html>");
              client.println("index");
              client.println("</html>");
            } else {
              client.println("<!DOCTYPE HTML>");
              client.println("<html>");
              client.println("some other page");
              client.println("</html>");
            }
           
          } else {
            // wrong user/pass
            client.println("HTTP/1.1 401 Unauthorized");
            //client.println("HTTP/1.1 401 Authorization Required");
            client.println("WWW-Authenticate: Basic realm=\"Secure\"");
            client.println("Content-Type: text/html");
            client.println();
            client.println("<html>Text to send if user hits Cancel button</html>"); // really need this for the popup!
           
           
          }
         
          bufferSize = 0;
          StrClear(header, 500);
               
          break;
         
        }
        if (c == '\n') {
          // you're starting a new line
          currentLineIsBlank = true;
        }
        else if (c != '\r') {
          // you've gotten a character on the current line
          currentLineIsBlank = false;
        }
      }
    }
    // give the web browser time to receive the data
    delay(1);
    // close the connection:
    client.stop();
    Serial.println("client disconnected");
  }
}


// sets every element of str to 0 (clears array)
void StrClear(char *str, char length)
{
    for (int i = 0; i < length; i++) {
        str[i] = 0;
    }
}



Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group
Copyright 2noodles LLC 2012