Alpha Software Mobile Development Tools:   Alpha Anywhere    |   Alpha TransForm subscribe to our YouTube Channel  Follow Us on LinkedIn  Follow Us on Twitter  Follow Us on Facebook
Devcon 2020 Goes Virtual! LEARN MORE >

Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

MD5

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    MD5

    Using the MD5() function to create a hash is straight forward.

    Anyone know how to convert the hash created by the MD5() function back into the text that the hash was created from?

    Yes, I could use ENCRYPT_STRING() and then DECRYPT_STRING() but the encrypted strings can be very, very long.

    MD5() produces a nice short and clean hash so it would be preferred if it can be converted back to text.

    Possible in A5 or not?
    Tags: None
    #2
    Re: MD5

    Apparently not possible to do at all without using MD5 dictionaries containing millions of hashes. Decrypting it sort of defeats its purpose.

    https://benramsey.com/projects/md5/
    Finian

    Comment

      #3
      Re: MD5

      As pointed out by Finian, MD5 is a one-way hash by design. This is not a limitation of Alpha and it is a desirable outcome of the intended use of MD5. It cannot be directly decrypted, but it is possible to create "collisions" from source strings which may or may not be the actual original content.

      a5_encrypt_string() and a5_decrypt_string() should be used if you want reversible encryption.

      Lenny Forziati
      Vice President, Internet Products and Technical Services
      Alpha Software Corporation

      Comment

        #4
        Re: MD5

        What I am trying to do is create a registration system for my apps. I currently use AIMS Registration routines from Cal Locklin and while his system works great, there are a few issues with it. The main one is the way the end user must request their registration number.

        Using AIMS the end user must open a form that contains a computer code that AIMS generates from the users computer name. They must send me this code in order to get a registration number that will work on their computer.

        Problem is, they must have already setup Alpha to send emails or hand copy the code into an email or screen shot the pop-up with the code as there is no way to copy and paste it. Most of my customers have a hard time even figuring out how to setup Alpha to send via gmail so they are left with hand copying or the screen shot method.

        I was hoping there was a way to grab their computer code into a variable that I could then just have a script using send_mail() to email me that along with a few other things and all the end user would need to do is click a button the request their registration number.

        Problem is I cannot get any response from Cal. I have emailed him and even called and left a voice message but no response in almost a month of trying.

        I would like to build my own registration request function that would still use the AIMS routines but also allow them to include purchase information so I could more easily verify that they actually purchased my app but without a way to grab the computer code that the AIMS generates it only leaves me one other option and that is to build my own registration routines from scratch. I can do this without too much trouble but the registration information I can generate using a5_encrypt_string() can be very long. The AIMS routines generate a clean and simple registration number like 8362-0639-6547-3680-4008, I just do not know how to encode and then decode numbers with a format similar to that in Alpha.

        Comment

          #5
          Re: MD5

          I built a whole "registration server" years ago for my Web App Framework sales. If you purchase anything on alphatogo.com or iadn.com, the purchase goes in the Registration Server. In the case of the Framework it also waits for them to register their product, and delivers back a registration code that is tied to their Computer Name plus an encrypted algorithm. The product will not completely work until it is registered. Their app sends the Computer Name via HTTP POST and I send back the registration code. The code goes in the database, looks like ABCD-1234-ABCD-1234, etc. A user-defined function decrypts the registration code and compares it to the Computer Name, if they match, the product is "registered".
          Steve Wood
          See my profile on IADN

          Comment

            #6
            Re: MD5

            Originally posted by Steve Wood View Post
            looks like ABCD-1234-ABCD-1234, etc. A user-defined function decrypts the registration code and compares it to the Computer Name, if they match, the product is "registered".
            Care to share how you generated the ABCD-1234-ABCD-1234 format and then also decode it back? I would be looking to include a bit more info then just the computer name like if I wanted to extend their trial for a week or so.

            Comment

              #7
              Re: MD5

              Sure, and I left an important part out. Upon purchase they get a License Number. That license goes in the registration table at the time of purchase. So when they register from the application, it sends both the license number plus their computer name. The license is just a unique value looking like "123456789ABCD". When they register, it first determines if their license number is valid, aborting if not. It also checks if the product is "already registered on a different computer" and tells them they cannot register until they deactivate the other computer, etc. If it passes those preliminary steps, my registration server (which is really just xbasic on an A5W web page) takes the License Number + Computer Name, concatenates the values, and then goes through a series of steps to "obscure" the value so they are totally unrecognizable from their original values. And then as a final step, creates the "hash" value for the Registration Key (called NewKey below).

              newkey = upper(md5(mykey))

              Summary:

              --> Customer's copy of the Framework sends: "MyComputerName" + "123456789ABCD" to my registration server (an A5W web page)
              --> I check that the license is valid
              --> I send back an MD5() value based on the Computer Name + License Number PLUS a bunch of stuff done to obscure the values
              --> The Framework stores what I send back and periodically compares the value against the Computer Name + License Number using the exact opposite algorithm.
              Steve Wood
              See my profile on IADN

              Comment

                #8
                Re: MD5

                <<Problem is, they must have already setup Alpha to send emails or hand copy the code into an email or screen shot the pop-up with the code as there is no way to copy and paste it. Most of my customers have a hard time even figuring out how to setup Alpha to send via gmail so they are left with hand copying or the screen shot method.>>

                I'm not sure if this is germane to your need or will just add confusion. However, using a gmail account set up for that purpose, for example, and a table containing the email setup information, you could populate the customer's Alpha email settings automatically during the database setup, then call that anywhere you needed to send an email. Learned this from Martin Cole and it really makes life easy.
                Finian

                Comment

                  #9
                  Re: MD5

                  Originally posted by Finian Lennon View Post
                  <<Problem is, they must have already setup Alpha to send emails or hand copy the code into an email or screen shot the pop-up with the code as there is no way to copy and paste it. Most of my customers have a hard time even figuring out how to setup Alpha to send via gmail so they are left with hand copying or the screen shot method.>>

                  I'm not sure if this is germane to your need or will just add confusion. However, using a gmail account set up for that purpose, for example, and a table containing the email setup information, you could populate the customer's Alpha email settings automatically during the database setup, then call that anywhere you needed to send an email. Learned this from Martin Cole and it really makes life easy.
                  Problem is I do not know their gmail email info or even if they use gmail. Some use gmail, some ymail, some hot mail and what every else is out there. Also some gmail accounts will not let a 3rd party app send email through it. Same with ymail.

                  Having an email account that I control hard coded to the "Request Registration" function would be the best way for me to go but again I cannot get the info I need from Cal to use the AIMS I have been using for years so I guess I am just going to have to figure out away to code my own registration system.
                  Last edited by preston2; 11-30-2015, 03:23 PM.

                  Comment

                    #10
                    Re: MD5

                    Originally posted by Steve Wood View Post
                    newkey = upper(md5(mykey))

                    Summary:

                    --> Customer's copy of the Framework sends: "MyComputerName" + "123456789ABCD" to my registration server (an A5W web page)
                    --> I check that the license is valid
                    --> I send back an MD5() value based on the Computer Name + License Number PLUS a bunch of stuff done to obscure the values
                    --> The Framework stores what I send back and periodically compares the value against the Computer Name + License Number using the exact opposite algorithm.
                    Yes, and that brings us back to "you cannot decode a MD5 hash" so there is no way to include expiration dates and such in the hash code as you cannot read them back out.

                    That said, I do use a function that reads a file on the web to see if I have deactivated their registration number (needed for those who buy, get a registration number and then tell their CC company they did not make the purchase (only had one ever do that but that was enough)). It reads an xml file for a matching registration number and then if found it deactivates the app. I also have a way to reactivate the app from the xml file. I guess I could add a trial expiration date and computer name to be read from the file.

                    Hmmm. You got me thinking here Steve.. I do not have a windows hosting account so I will not be able to use the appserver to run xbasic on the web but I can use files that can be read from the web.

                    Comment

                      #11
                      Re: MD5

                      What I'm suggesting is a process that takes the end user out of the "how do you send an email from the app setup" question. YOU create the gmail account with its username and password. Once it's established it can be used by anyone/anywhere with the necessary credentials. You supply a table containing the email setup parameters and run xbasic in the autoexec to establish the gmail account you created as the email settings for Alpha to use to send its emails. Admittedly that would open some privacy issues but you could wipe that table information after the necessary emails are sent and/or then give the users the option to fill in their own information later in the app setup. Just a thought/workaround.
                      Finian

                      Comment

                        #12
                        Re: MD5

                        Originally posted by Finian Lennon View Post
                        What I'm suggesting is a process that takes the end user out of the "how do you send an email from the app setup" question. YOU create the gmail account with its username and password. Once it's established it can be used by anyone/anywhere with the necessary credentials. You supply a table containing the email setup parameters and run xbasic in the autoexec to establish the gmail account you created as the email settings for Alpha to use to send its emails. Admittedly that would open some privacy issues but you could wipe that table information after the necessary emails are sent and/or then give the users the option to fill in their own information later in the app setup. Just a thought/workaround.

                        That is what I am doing. It is one of my gmail accounts but I am not going to let them use that email account for anything but to request their registration number. Also having it used for that one purpose only means no table setup needed and no need to wipe it out.

                        The problem is not with me getting an email to be sent even if they do not have any email setup. That is easy. But I cannot get the information I need from the AIMS registration routines to automatically fill in the computer code it generates.

                        I can see having a table to allow them to setup their email accounts easier.

                        Comment

                          #13
                          Re: MD5

                          This gets back to "how to embed an expiration time". I am working from a web perspective, so see if this still helps on the desktop side.

                          This generates a URL link including the datatime and their userid; it can be included in an email.

                          t = time("MM/dd/yyyy 0h:0m:0s AM",now())
                          app_url = "http://mywebsite.com"
                          link = app_url + "/mypage.a5w?u="+urlencode(base64encode("[email protected]"))
                          link = link + "&t="+urlencode(base64encode(t))
                          Then send an email with "link" embedded; it might look like this:

                          Click here: https://myweisbte.com/mypage.a5w?u=Y...oxMyBQTQ%3d%3d

                          Then on the receiving side (the mypage.a5w in the link). The link is valid for 15 minutes in this example:

                          if eval_valid("t")
                          t = request.variables.t
                          t = base64decode(urldecode(t))
                          ct = now()
                          if istime(t)
                          if ct - ctodt(t) > 600 ' 600 = 15 minutes
                          ?"This password reset link has expired. Click <a href=\"index.a5w\">here</a> to return to the home page."
                          end if
                          else
                          'Not a time value, shows same message as if expired, you can change this if desired
                          ?"This password reset link has expired. Click <a href=\"index.a5w\">here</a> to return to the home page."
                          end if
                          else
                          't is invalid, shows same message as if expired, you can change this if desired
                          ?"This password reset link has expired. Click <a href=\"index.a5w\">here</a> to return to the home page."
                          end if

                          'validate the u parameter
                          if eval_valid("u")
                          u = base64decode(urldecode(u))
                          'do what you need to do to validate the userid, and process whatever
                          end if
                          Steve Wood
                          See my profile on IADN

                          Comment

                            #14
                            Re: MD5

                            Thanks Steve

                            I may look more into that if I get around to trying to setup an online registration system.

                            Here is what I have come up with so far.

                            I will setup a one button registration request in my app that will ask the user to enter purchase info such as order number and email address. It will also get the computer name and then email all that info to me.

                            I will then generate an xml file with the registration info in it and ftp it to the web. I will make an app for me to use to do this. The xml file will be named with the "registration number.xml".

                            Code:
                            dim reginf as P
reginf = http_get("http://www.shopcalsoftware.com/regtest/9ADBE0B3033881F88EBD825BCF763B43.xml") 
if extract_string(reginf.body,"<item>","</item>",1,.t.) = "" then
    goto SKIP
else
    dim reg_item as C
        dim owner as c
        dim owneremail as c
	dim regno as c
	dim comp as c
	dim app as c
	dim expire as c
        reg_item = extract_string(reginf.body,"<item","</item>",1,.t.)
		owner = extract_string(reg_item,"<owner>","</owner>")
		owneremail = extract_string(reg_item,"<email>","</email>")
		regno = extract_string(reg_item,"<regno>","</regno>")
		comp = extract_string(reg_item,"<comp>","</comp>")
		app = extract_string(reg_item, "<app>", "</app>")
		expire = extract_string(reg_item, "<expire>", "</expire>")
end if
Goto VALIDATE
SKIP:  
'Put code here to count and increment failed attempts to get the file.  Write count to some obscure location in the registry then take some action after so many failed attempts.

VALIDATE:
'Put code here to validate the registration information retrieved from the xml file.


?owner
= "Preston"

?owneremail
= "Users email address"

?regno
= "9ADBE0B3033881F88EBD825BCF763B43"

?comp
= "Computer Name"

?app
= "AppName"

?expire
= "12/31/2065"

                            The app will run this as a function every time it starts. While not shown in the code above, if they have enter a registration number it will be stored in the registry. That number will be read and used to create the file name to look for on the web.

                            While this will not be fully automated as I will need to create the xml file and ftp it to the web, it is still way better than the process my customers have to go through to get a registration number using the AIMS registration routines. It also allows me to deactivate a registration number instantly if needed. I can also include # of seats using this method and even do the "Already registered on another machine" thing if I wanted.

                            The registration number will be generated with the MD5() function and using input_data created from the machine name and a few other things to scramble it up.

                            Also the "http://www.shopcalsoftware.com/regtest/9ADBE0B3033881F88EBD825BCF763B43.xml" file actually exist for now if anyone wants to play with the code above.

                            Here is the xml file format.
                            Code:
                            <item>
<owner>Preston</owner>
<email>Users email address</email>
<regno>9ADBE0B3033881F88EBD825BCF763B43</regno>
<comp>Computer Name</comp>
<app>AppName</app>
<expire>12/31/2065</expire>
</item>
                            Last edited by preston2; 12-01-2015, 01:26 PM. Reason: Added xml file format info

                            Comment

                              #15
                              Re: MD5

                              Preston, I believe that I have a working version of something which could be useful to you.
                              The application you deploy has an embedded routine which emails an encrypted string to your PC.
                              There is a receptor -using Alpha - which creates a unique code which will only work on the machine which requested it.
                              This stops the old "lift and shift" option.
                              This is sent to the user, and the full app is then available.

                              PM me if you want details and we can Skype the implementation off the RAD Chat group.
                              See our Hybrid Option here;
                              https://hybridapps.example-software.com/

                              Apologies to anyone I haven't managed to upset yet.
                              You are held in a queue and I will get to you soon.

                              Comment

                              Previous template Next
                              Working...
                              X