Basically what I want to do is allow the user to click a button and submit
their high scores to my web site so that the web site can store this data
and show it as that person's submission. This extract and submit bit seems
easy enough to do, but because this data will be displayed in the address
bar of their browser (after the '?' of the URL) it makes it easy for them to
edit and re-submit this data to how they want it to be. I don't want them
to do that I want to submit the real high score details.
In which case I need a method that will encrypt the following set of data so
that it can be posted as part of an ecrypted URL:
First Name (string)
Second Name (string)
Team Name (string)
Plyd (int)
Won (int
Drawn (int)
Lost (int)
For (int)
Against (int)
Pts (int)
It is always going to be in this format, but instead of me posting a clean
url of something like:
www.fred.com/score.asp?fname=bob&sname=boggins&team=Rangers&plyd=18&won=7
etc....
I want to encrpyt these details and then decrypt them at the web site end so
that I can post the true values into my on-line DB.
Can you help?
Thanks
Mac
Any form of basic encryption could be used for this purpose (ie: ROT-13
or even your own). Just remember to encode the result before sending it
to make sure its Web Safe.
The problem with your approach is that the encryption routine will have
to be client side in order to achieve your goals. So any determined
cheat only has to right click on your web page and "view source" in
order to get your encryption routine and hence make use of it.
In order to HIDE the data being passed from the URL in the clients
browser you simply have to POST the data back from a FORM (which could
be itself hidden on the page).
To further hinder the cheats, you could set a flag on the server that
the user has requested a submission and only accept the POST'ed data if
this flag was set first. This forces the user to go through more than
one page to make a submission and therefore helps prevent the single
page post back.
Kind Regards,
--
Andrew D. Newbould E-Mail: newsg...@NOSPAMzadsoft.com
ZAD Software Systems Web : www.zadsoft.com
Why not use POST instead of GET? The data will not be in the URL and will be
invisible to the user.
--
Peter Aitken
Remove the crap from my email address before using.
Thanks for the reply.
My understanding was that in order to POST data to a web site from a VB app,
I would have to add a control such as the inet one.
I didn't want to do this because of the additional hassle, eg registering
the ocx, distributing it, etc, and wanted to keep to the base VB objects.
With this in mind, I thought my only option was to use the shell command to
power up a browser and paste the required URL (plus GET/Querystring
parameters) into it.
Is this not the case? Can I post data using this method?
The client side validation problem wouldn't come into it, because the web
page I would be hitting would be an asp page and therefore all of my calcs
will be invisible to the user.
I'm pretty happy with the logistics of this part, its just the
encrypt/decrypt part that I can't get my head round.
Rgds Mac
"Peter Aitken" <pai...@CRAPnc.rr.com> wrote in message
news:%23UmG9V7...@TK2MSFTNGP14.phx.gbl...
Private Declare Function InternetOpen Lib "wininet.dll" _
Alias "InternetOpenA" _
(ByVal lpszCallerName As String, _
ByVal dwAccessType As Long, _
ByVal lpszProxyName As String, _
ByVal lpszProxyBypass As String, _
ByVal dwFlags As Long) As Long
Private Declare Function InternetConnect Lib "wininet.dll" _
Alias "InternetConnectA" _
(ByVal hInternetSession As Long, _
ByVal lpszServerName As String, _
ByVal nProxyPort As Integer, _
ByVal lpszUsername As String, _
ByVal lpszPassword As String, _
ByVal dwService As Long, _
ByVal dwFlags As Long, _
ByVal dwContext As Long) As Long
Private Declare Function HttpOpenRequest Lib "wininet.dll" _
Alias "HttpOpenRequestA" _
(ByVal hInternetSession As Long, _
ByVal lpszVerb As String, _
ByVal lpszObjectName As String, _
ByVal lpszVersion As String, _
ByVal lpszReferer As String, _
ByVal lpszAcceptTypes As Long, _
ByVal dwFlags As Long, _
ByVal dwContext As Long) As Long
Private Declare Function HttpSendRequest Lib "wininet.dll" _
Alias "HttpSendRequestA" _
(ByVal hHttpRequest As Long, _
ByVal sHeaders As String, _
ByVal lHeadersLength As Long, _
ByVal sOptional As String, _
ByVal lOptionalLength As Long) As Boolean
Private Declare Function InternetReadFile Lib "wininet.dll" _
(ByVal hHttpRequest As Long, _
ByVal lpBuffer As String, ByVal dwNumberOfBytesToRead As Long, _
ByRef lpdwNumberOfBytesRead As Long) As Long
Private Declare Function InternetCloseHandle Lib "wininet.dll" _
(ByVal hInternetHandle As Long) As Boolean
Private Const INTERNET_OPEN_TYPE_PRECONFIG = 0
Private Const INTERNET_FLAG_RELOAD = &H80000000
Private Const INTERNET_SERVICE_HTTP = 3
Private Const INTERNET_DEFAULT_HTTP_PORT = 80
Public Function SubmitHTMLForm(ByVal ServerName As String, _
ByVal URLPath As String, ByVal PostData As String, _
ByVal TheUser As String, ByVal ThePassword As String) As String
Dim hInternetOpen As Long
Dim hInternetConnect As Long
Dim hHttpOpenRequest As Long
Dim bRet As Boolean
Dim sPage As String
Dim sBuff As String
Dim lSize As Long
Dim sHeaders As String
PostData = Replace(PostData, " ", "+")
'Debug.Print "http://" & HTTPServer & URLPath & "?" & PostData
'Use registry access settings.
hInternetOpen = InternetOpen("Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.0; COM+ 1.0.2204)", _
INTERNET_OPEN_TYPE_PRECONFIG, vbNullString, vbNullString, 0)
If hInternetOpen <> 0 Then
'Type of service to access.
If Len(TheUser) = 0 Or Len(ThePassword) = 0 Then
hInternetConnect = InternetConnect(hInternetOpen, ServerName, _
INTERNET_DEFAULT_HTTP_PORT, vbNullString, _
vbNullString, INTERNET_SERVICE_HTTP, 0, 0)
Else
hInternetConnect = InternetConnect(hInternetOpen, ServerName, _
INTERNET_DEFAULT_HTTP_PORT, TheUser, _
ThePassword, INTERNET_SERVICE_HTTP, 0, 0)
End If
If hInternetConnect <> 0 Then
'Brings the data across the wire even if it locally cached.
hHttpOpenRequest = HttpOpenRequest(hInternetConnect, _
"POST", URLPath, "HTTP/1.1", _
vbNullString, 0, INTERNET_FLAG_RELOAD, 0)
If hHttpOpenRequest <> 0 Then
sHeaders = "Accept: */*" & vbCrLf & "Accept-Language: en-us" &
vbCrLf & _
"Content-Type: application/x-www-form-urlencoded" & vbCrLf & _
"Accept-Encoding: gzip, deflate" & vbCrLf & _
"Connection: Keep-Alive" & vbCrLf
bRet = HttpSendRequest(hHttpOpenRequest, sHeaders, Len(sHeaders), _
PostData, Len(PostData))
If bRet Then
Do
sBuff = Space$(2048)
bRet = InternetReadFile(hHttpOpenRequest, sBuff, Len(sBuff),
lSize)
If bRet Then sPage = sPage & Left$(sBuff, lSize)
Loop Until bRet = False Or lSize = 0
Else
sPage = "ERROR sendrequest failed"
End If
bRet = InternetCloseHandle(hHttpOpenRequest)
Else
sPage = "ERROR openrequest failed"
End If
bRet = InternetCloseHandle(hInternetConnect)
Else
sPage = "ERROR internet connect open failed " & Err.LastDllError
End If
bRet = InternetCloseHandle(hInternetOpen)
Else
sPage = "ERROR internet open failed " & Err.LastDllError
End If
SubmitHTMLForm = sPage
End Function
OK, so our assumptions you were doing the job with an ounce of sense
were wrong :->
IMO to shell out and run a Browser like this is just plain ugly and
adding just one of three controls to do it cleanly would have been worth
it. Specially as you should be packaging your application anyway (you
can't rely on the VB runtimes being there on ANY platform - again really
bad idea).
However, if you must continue down this route then some of my earlier
comments still hold true. That said, I would suggest some approach
similar to this:
Your VB App:
1. Concatinate your fields together in a known pattern that suits your
purposes (ie: "userid;name;age;score;" etc).
2. Encode the string using what ever encryption suites yourself however
you must be able to decode it on the Server using ASP (unless you are
hosting this on your own server and can install the same libraries -
unlikely).
3. Make sure your encrypted string is WebSafe (ie: no %signs etc). This
can be done quickly by converting it to Hex pairs.
4. Request the URL as you are doing currently (ie:
"http://yourwebsite/yourpage.asp?Data=Encoded_String_Data").
Your ASP Page:
1. Extract the Data block from the URL recieved and decode it from its
WebSafe form.
2. Decrypt the data back into your concatinated string.
3. Split the string up as required and process it.
Just remember that posting data back via a URL as you are doing can't
exceed 1K in size (ie: 1024 bytes).