Android Code Snippet Register User example using HttpUtils2

Discussion in 'Code Snippets' started by aeric, Mar 27, 2015.

  1. aeric

    aeric Active Member Licensed User

    Due to many confusion of register.php in a line of code somewhere in signup.php script, I have reuploaded PHP.zip in the first post attachment. Sorry for the inconvenience.
     
    inakigarm likes this.
  2. Celso

    Celso Member Licensed User

  3. aeric

    aeric Active Member Licensed User

    Okay. Good you found the solution.
     
  4. Daniel-White

    Daniel-White Active Member Licensed User

    Aeric, nice one, Thanks for share it. :)
     
    aeric likes this.
  5. aeric

    aeric Active Member Licensed User

    I think it is because I use wordwrap to wrap long message and force new lines. Try to modify my php code to remove the wordwrap.
    PHP:
    $message 'Hi ' $user ',' "\r\n" 'Please click on this link to finish the registration process: http://kbase.herobo.com/signup.php?Action=Mail&Mail=' $email '&RegNo=' $randomnumber;
    $message wordwrap($message70"\r\n");
     
    ibra939 likes this.
  6. ibra939

    ibra939 Active Member Licensed User

  7. aeric

    aeric Active Member Licensed User

  8. ibra939

    ibra939 Active Member Licensed User

    Thanks Aeric , some this massage show but not issue some time in application
     
  9. ocalle

    ocalle Member Licensed User

    Sorry for reply an old post, i no found another example, i tryied it and works fine, but when i login see a message with user or pass wrong, i checked the table and the data exist.
     
  10. achtrade

    achtrade Active Member Licensed User

    definitively encrypting the password with salt is the best way to send a password through internet. I'm using this in my apps, I can share the code if someone is interested.
     
    G-ShadoW likes this.
  11. G-ShadoW

    G-ShadoW Active Member Licensed User

    Please share, someone will need it for sure.

    Regards
     
  12. achtrade

    achtrade Active Member Licensed User

    This is for create a new user

    Code:
    Sub InsertNewUser

        
    Dim bcon As ByteConverter
     
        
    Dim salt() As Byte = Utils.CalcSalt(etPassword.text) 'Calculate salt
        Dim hash() As Byte = Utils.CalcHash(etPassword.text, salt) 'calculate hash = password + salt
     
       
    'insert in a table the new user using RDC. The table has to store the EMAIL, HASH and the SALT. The plain password is not sent or stored in the table, we don't need it.
        Dim cmd As DBCommand
        cmd.Initialize
        cmd.Name = 
    "InsertNewDriver"
        cmd.Parameters = 
    Array As Object(etName.Text, etLastName.Text, etEmail.Text.Trim, bcon.HexFromBytes(hash), bcon.HexFromBytes(salt), etCel.Text, etZipCode.Text)
        reqManager.ExecuteQuery(cmd, 
    0, NEW_USER)
    End Sub

    Public Sub CalcSalt(Password As StringAs Byte()
        
    Dim salt(48As Byte
        
    Dim sr As SecureRandom
        sr.GetRandomBytes(salt)
        
    Return salt
    End Sub


    Public Sub CalcHash(Password As String, salt() As Byte) As Byte()
        
    Dim md As MessageDigest
        
    Dim spassword() As Byte = md.GetMessageDigest(Password.GetBytes("UTF8"), "SHA-512")
        
    Dim pbAndSalt(spassword.Length + salt.Length) As Byte
        
    Dim bc As ByteConverter
        bc.ArrayCopy(spassword, 
    0, pbAndSalt, 0, spassword.Length)
        bc.ArrayCopy(salt, 
    0, pbAndSalt, spassword.Length, salt.Length)
        
    Return md.GetMessageDigest(pbAndSalt, "SHA-512")
    End Sub
    this is for validate an existing user

    First we have to find the SALT for this user, recovering the SALT from the table.

    Code:
    Sub FindUserSalt

        
    Dim cmd As DBCommand
        cmd.Initialize
        cmd.Name = 
    "FindUserSalt"
        cmd.Parameters = 
    Array As Object(etUser.text)
        reqManager.ExecuteQuery(cmd, 
    0, FIND_USER_SALT)
    End Sub
    once we have the SALT we have to calculate the HASH with the given password + the recovered SALT and compare it with the HASH in the table, if they are equal, the password is valid.

    Code:
    Sub ValidateUser
        
    Dim bcon As ByteConverter
        
    Dim hash() As Byte = Utils.CalcHash(etPassword.text,bcon.HexToBytes(UserSalt))
     
        
    Dim cmd As DBCommand
        cmd.Initialize
        cmd.Name = 
    "ValidateUser"
        cmd.Parameters = 
    Array As Object(etUser.Text, bcon.HexFromBytes(hash))
        reqManager.ExecuteQuery(cmd, 
    0, VALIDATE_USER)
    End Sub
    in my case, i'm comparing the hash inside a stored procedure for easy maintenance. Just find the user in the table get its hash from the table and compare it with hash sent it, it they are equal I return the userid otherwise a return 0 and 0 means invalid user.

    this is my user table


    userid integer autoincrement
    email char(50)
    hash char(255)
    salt char(255)

    THAT'S ALL FOLKS !!
     
    Last edited: Oct 13, 2017
    jimmyF and G-ShadoW like this.
Loading...