Intercept LoginBox request

Everything about the SmartFoxBits UI Components for SmartFoxServer 2X. Post your questions, suggestions and bug reports.

Moderators: Bax, Lapo

Intercept LoginBox request

Postby psychopixel » 01 Mar 2011, 17:34

Hi,
I'm trying smartfoxbits and I've implemented a custom login with the extension. I just have a little problem with the password because we have MD5 hashed password in our database. So the problem is that I have to hash the password the user inputs before it's sent to the extension because then the password it is crypted and, on the extension side, I can't have it back in plain format to md5 it before check it against the db.
I quite resolved this intercepting the MouseEvent.MOUSE_DOWN of the loginButton in this way
Code: Select all
private function onLoginButtonMouseDown(evt:MouseEvent):void {
         evt.preventDefault();
         _sfs.send(new LoginRequest(_loginBox.usernameTextInput.text, MD5.hash(_loginBox.passwordTextInput.text)));
      }

but the problem remains when user press Enter on the keyboard...
Do you have any suggestion?
There is a way to prevent this problem?
Thank you
User avatar
psychopixel
 
Posts: 19
Joined: 14 Apr 2008, 08:44
Location: Italy

Postby Bax » 02 Mar 2011, 07:19

What about doing the same with the key press event on the two textinputs?
Which version of the Bits are you using? Flash or Flex?
Paolo Bax
The SmartFoxServer Team
User avatar
Bax
Site Admin
 
Posts: 3851
Joined: 29 Mar 2005, 09:50
Location: Italy

Postby psychopixel » 03 Mar 2011, 11:48

Hi, I'm using the flash version as3 for sfs2x.
I already tried the solution you suggest me but didn't works because I can't stop the default behavior. So there were two login attempt, first yours attempt fails and then my attempt that works.
This is the code I used...

Code: Select all
private function onKeydown(evt:KeyboardEvent):void {
      if (evt.keyCode == 13) {
         evt.preventDefault();
         _sfs.send(new LoginRequest(_loginBox.usernameTextInput.text, MD5.hash(_loginBox.passwordTextInput.text)));
      }
}


also tried with

Code: Select all
evt.stopPropagation();
evt.stopImmediatePropagation()


let me know if you can suggest me other ways
thanks
User avatar
psychopixel
 
Posts: 19
Joined: 14 Apr 2008, 08:44
Location: Italy

Postby Bax » 03 Mar 2011, 13:52

I don't know why you can't stop the propagation. Does the Adobe documentation helps on this? Maybe Keyboard events can't be stopped?
Paolo Bax
The SmartFoxServer Team
User avatar
Bax
Site Admin
 
Posts: 3851
Joined: 29 Mar 2005, 09:50
Location: Italy

Postby psychopixel » 04 Mar 2011, 08:38

Yes, I checked the flash documentation,
KEY_DOWN cancelable = true in AIR, false in Flash Player; in AIR, canceling this event prevents the character from being entered into a text field.
KEY_UP cancelable = false; there is no default behavior to cancel.

I also checked the TextEvent.TEXT_INPUT event but this one can't intercept enter, backspace and other keyboard commands...

I think that if you tell me which is the eventListener you use in the loginBox to intercept the keyboard events I can removeEventListener it and then add my handler...
Do you think this can be possible and accetable?
User avatar
psychopixel
 
Posts: 19
Joined: 14 Apr 2008, 08:44
Location: Italy

Postby Bax » 04 Mar 2011, 09:24

This is what we do in the createChildren() method of the component:
Code: Select all
ti_username.addEventListener(KeyboardEvent.KEY_DOWN, onEnterKeyPress);
ti_password.addEventListener(KeyboardEvent.KEY_DOWN, onEnterKeyPress);

The problem is that the onEnterKeyPress() method is private, so you won't be able to reference it in the removeEventListener.

It seems there's no way around this. What about creating your own LoginBox component, and use it together the other Bits provided by us? In fact you are not required to use all the Bits together. The only mandatory component is the Connector.
Paolo Bax
The SmartFoxServer Team
User avatar
Bax
Site Admin
 
Posts: 3851
Joined: 29 Mar 2005, 09:50
Location: Italy

Postby psychopixel » 04 Mar 2011, 10:27

I'll have to necessarily do so. But I think in your next release you should add a boolean to the loginbox to exclude the send of the login request so that we can make only our request or may be add a parameter of type function to be called before the sent so could be possible modify the username and password (like md5 the password). Personally I don't like the possibilities of calling a page on the server to make the password check before of the login attempt because having a similar page could have security problems (at least I suppose) and I would prefer to can do the check into the extension itself.

thank you for your time
User avatar
psychopixel
 
Posts: 19
Joined: 14 Apr 2008, 08:44
Location: Italy

Postby Bax » 04 Mar 2011, 10:29

Thank you for the suggestion. We will add it to the todo list.
Paolo Bax
The SmartFoxServer Team
User avatar
Bax
Site Admin
 
Posts: 3851
Joined: 29 Mar 2005, 09:50
Location: Italy

Postby Bax » 12 Apr 2011, 22:05

Feature added. Please check this post.
Paolo Bax
The SmartFoxServer Team
User avatar
Bax
Site Admin
 
Posts: 3851
Joined: 29 Mar 2005, 09:50
Location: Italy


Return to SmartFoxBits for SFS 2X

Who is online

Users browsing this forum: No registered users and 1 guest