Go Back   FlashFXP Forums > > > >

! Other Scripts Support Support for all other scripts...

Reply
 
Thread Tools Rate Thread Display Modes
Old 01-21-2004, 11:53 PM   #1
Mouton
Posse Member
Ultimate Scripter
ioFTPD Administrator
 
Join Date: Dec 2002
Posts: 1,956
Default How to secure !invite

Not that good an idea to ask users to send plain-text passwords to a sitebot, especially on networks with no service... anybody can get your sitebot nick while it's down, and then, all your users will pm the evil guy all their passwords...
uncool, to say the least.

[FTP_Custom_Commands]
ircinvite = TCL ..\scripts\enc_pwd.itcl

enc_pwd.itcl:
Code:
proc encpwd {} {
    global args user
    set encpwd [sha1 $args]
    iputs "Use this to invite yourself from IRC:"
    iputs " /msg your_bot_name_here !invite $user $encpwd"
}
encpwd
Usage: Users log in FTP. SITE IRCINVITE <their_pwd> and they get the line they must use on IRC to invite themselves.

Example:
Quote:
[23:46:15] [L] site ircinvite ioFTPD
[23:46:16] [L] 200-Use this to invite yourself from IRC:
[23:46:16] [L] 200- /msg Botgbb !invite Mouton 6045b1757913f659b210fceb4f2746d74d4d6b32
[23:46:16] [L] 200 Command successful.
Your bot receive the encrypted password, and either open the userfile itself (bad idea cause shared db and other userfile modules wouldn't be compatible) or it exec an external script that fetch the pwd from ioFTPD shared memory and compare and return true or false.

So all that ur missing now is a .exe that would check a password from ioFTPD shmem: set status [catch { exec some.exe passwd $user $pass} result]
and sitebot would invite or not the user depending on the result.

I already added that in my branch of ioB. I can give code to Harm for next public ioB version, and to WarC if he wants to include a new 'passwd' option to ioA. Anyone who wants to code it himself, I'll be happy to answer any interrogation u might have on getting the pwd from shmem (datacopy.cpp included in ioFTPD packages is a very good start to open and fetch stuff from shmem userfiles).
Mouton is offline   Reply With Quote
Old 01-22-2004, 03:38 AM   #2
neoxed
Too much time...
FlashFXP Beta Tester
ioFTPD Scripter
 
Join Date: May 2003
Posts: 1,326
Default

Darkone added a TCL command for sha1 hashes (long time ago), [sha1 string], no need for the tcllib sha1 libraries.

set encpwd [::sha1::sha1 $args]

Becomes:

set encpwd [sha1 $args]

And remove the source...you get the idea.

neoxed is offline   Reply With Quote
Old 01-22-2004, 05:32 AM   #3
Harm
Too much time...
Ultimate Scripter
 
Join Date: Jul 2003
Posts: 1,430
Default

I have already added shared memory support to /msg !invite.
I'll change it to take hashed passwords instead of plain text ones and add this command to ioBanana.
Harm is offline   Reply With Quote
Old 01-22-2004, 07:45 AM   #4
Mouton
Posse Member
Ultimate Scripter
ioFTPD Administrator
 
Join Date: Dec 2002
Posts: 1,956
Default

Yes indeed Neoxed... Thx for the reminder. Changed 1st post.
Mouton is offline   Reply With Quote
Old 01-22-2004, 12:05 PM   #5
wooolF[RM]
Senior Member
ioFTPD Foundation User
 
Join Date: Oct 2003
Posts: 411
Default

Quote:
Originally posted by Harm
I have already added shared memory support to /msg !invite.
I'll change it to take hashed passwords instead of plain text ones and add this command to ioBanana.
mmmmm ioBanana :banana:
wooolF[RM] is offline   Reply With Quote
Old 02-09-2004, 03:31 PM   #6
Mouton
Posse Member
Ultimate Scripter
ioFTPD Administrator
 
Join Date: Dec 2002
Posts: 1,956
Default

ioHashChk.exe.rar in Fundations scripts...
You're on your own to use it though...
Mouton is offline   Reply With Quote
Reply

Tags
ftp, invite, ioftpd, sitebot, [l]

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
FXP : hanging by [01:54:30] [R] STOR lala.rar tacker General Discussion 9 01-02-2005 08:31 AM


All times are GMT -5. The time now is 10:01 AM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)