News:

Server address: server.convoytrucking.net
Get SA-MP 0.3.7 here: Click Here to download SA-MP 0.3.7

Main Menu

H3lp

Started by TheFoxman, December 03, 2016, 11:47

Ethan

Quote from: TheFoxman on December 07, 2016, 10:44
If viky can make a signature that shows 17/17 will be great :3
for people who actually have 17/17, sure, itd be great.... but since you dont, why ask for it?

TheFoxman

Quote from: Ethan on December 07, 2016, 16:37
Quote from: TheFoxman on December 07, 2016, 10:44
If viky can make a signature that shows 17/17 will be great :3
for people who actually have 17/17, sure, itd be great.... but since you dont, why ask for it?
Well u dont have 17 or 57 but it shows that u have 57 so i want only 17 :)





Deff

Thanks for the explanation Joshy :D
Fixed that way.

TheFoxman

Quote from: Deff on December 08, 2016, 22:45
Thanks for the explanation Joshy :D
Fixed that way.
Not surprised :D





Ethan

yeah, for some odd reason my profile picture I chose changed to some random thing.. I had to change it... maybe becasue of Viky updated it?

Deff

Quote from: Ethan on December 09, 2016, 01:29
yeah, for some odd reason my profile picture I chose changed to some random thing.. I had to change it... maybe becasue of Viky updated it?

Oh its public, anyone can make signature for anyone. But I have disabled it now. Those who have already made, it will work for them, no one can make/edit signatures now, this can't be authenticated as of now, hence disabled.

Joshy

#21
Quote from: Deff on December 09, 2016, 06:23
Quote from: Ethan on December 09, 2016, 01:29
yeah, for some odd reason my profile picture I chose changed to some random thing.. I had to change it... maybe becasue of Viky updated it?

Oh its public, anyone can make signature for anyone. But I have disabled it now. Those who have already made, it will work for them, no one can make/edit signatures now, this can't be authenticated as of now, hence disabled.
That's quite unfortunate, it was good to see the API being used by someone other than Mick (CT Android app).

You should suggest API authentication (OAuth2 or something), Django REST framework probably has it built in.

As a short term workaround you could send people unique URLs that only work for their profile via PM, that way in order to make a signature they'll have to PM you and then you make them a URL / token for their account. Idk if it's worth the effort though.


edit: here's how I would do this in PHP (it's been a while since I wrote any PHP, C# ftw) (also this is totally untested) (it's probably not bulletproof and/or cryptographically secure but who cares lol ¯\_(ツ)_/¯):

const SECRET_KEY "some secret constant string here";

function 
generate_token($username) {
   return 
hash_hmac("sha256"$usernameSECRET_KEY);
}

// function which is able to verify a MAC for a given username
function verify_token($username$token) {
    
// basically you re-create the MAC for a given username and then verify it against the passed in MAC
    
return hash_equals(generate_mac($username), $token); // interesting fact: hash_equals isn't susceptible to timing attacks, however "==" is
}

// to verify a URL
$username = isset($_GET["username"]) ? $_GET["username"] : NULL;
$token = isset($_GET["token"]) ? $_GET["token"] : NULL;

if (empty(
$username) || empty($token)) {
    echo 
"kek nice try...";
    return;
}

$isActuallyTheUser verify_token($username$token);

if (
$isActuallyTheUser) {
    
// Do signature stuff
} else {
    
// Firewall the user's IP address into oblivion
}

////////////////

// for giving out URLs (put this behind a password or something)
const BASE_URI "http://cvt.is-great.net/signature/";
// URL generation
function generate_url_with_token($username) {
    
$token generate_token($username);
    return 
BASE_URI "?" http_build_query(array("username" => $username"token" => $token));
}

$username = isset($_GET["username"]) ? $_GET["username"] : NULL;
if (empty(
$username)) {
    echo 
"Good joke viky... srsly";
    return;
}
echo 
generate_url_with_token($username);


The result I got with that "secret" key and my username is http://cvt.is-great.net/signature/?username=Joshy&token=44939cf6f335a44a6a7acdc09566691d7c5f7bec3c1b321f13dc6f9e64d80ea2

You can use the code at https://repl.it/EmJm/3 to test your environment to make sure it works properly (some web hosting disable hash_hmac for "security" - klol).
[comment]test[/comment]
LAST SEEN
TOTAL TIME ON SERVER
SCORE
TRUCK LOADS
CONVOY SCORE
ACHIEVEMENTS
ARTIC
DUMPER
VAN
FUEL
CEMENT
ARRESTS
CARS STOLEN
COACH
PLANE
HELICOPTER
TOW TRUCK
LIMO
TRASH
ARMORED VAN
BURGLARIES
ARMORED VANS STOLEN
MISSIONS FAILED
OVERLOADED
FINES PAID
TOTAL SPENT ON FUEL
INTEREST EARNED
DISTANCE TRAVELLED
TIME IN JAIL
LAST MISSION
Generated using Azure Functions & CloudFlare Workers using the Convoy Trucking API. Updates every around 5 minutes. See the original SVG image. View source code (not updated with function yet)




Deff

Thanks alot joshy! Did it that way.
Now everyone will have a unique URL for editing/making the signature. To get this, they will need to PM me on forum.

TheFoxman

Quote from: Joshy on December 09, 2016, 19:36
Quote from: Deff on December 09, 2016, 06:23
Quote from: Ethan on December 09, 2016, 01:29
yeah, for some odd reason my profile picture I chose changed to some random thing.. I had to change it... maybe becasue of Viky updated it?

Oh its public, anyone can make signature for anyone. But I have disabled it now. Those who have already made, it will work for them, no one can make/edit signatures now, this can't be authenticated as of now, hence disabled.
That's quite unfortunate, it was good to see the API being used by someone other than Mick (CT Android app).

You should suggest API authentication (OAuth2 or something), Django REST framework probably has it built in.

As a short term workaround you could send people unique URLs that only work for their profile via PM, that way in order to make a signature they'll have to PM you and then you make them a URL / token for their account. Idk if it's worth the effort though.


edit: here's how I would do this in PHP (it's been a while since I wrote any PHP, C# ftw) (also this is totally untested) (it's probably not bulletproof and/or cryptographically secure but who cares lol ¯\_(ツ)_/¯):

const SECRET_KEY "some secret constant string here";

function 
generate_token($username) {
   return 
hash_hmac("sha256"$usernameSECRET_KEY);
}

// function which is able to verify a MAC for a given username
function verify_token($username$token) {
    
// basically you re-create the MAC for a given username and then verify it against the passed in MAC
    
return hash_equals(generate_mac($username), $token); // interesting fact: hash_equals isn't susceptible to timing attacks, however "==" is
}

// to verify a URL
$username = isset($_GET["username"]) ? $_GET["username"] : NULL;
$token = isset($_GET["token"]) ? $_GET["token"] : NULL;

if (empty(
$username) || empty($token)) {
    echo 
"kek nice try...";
    return;
}

$isActuallyTheUser verify_token($username$token);

if (
$isActuallyTheUser) {
    
// Do signature stuff
} else {
    
// Firewall the user's IP address into oblivion
}

////////////////

// for giving out URLs (put this behind a password or something)
const BASE_URI "http://cvt.is-great.net/signature/";
// URL generation
function generate_url_with_token($username) {
    
$token generate_token($username);
    return 
BASE_URI "?" http_build_query(array("username" => $username"token" => $token));
}

$username = isset($_GET["username"]) ? $_GET["username"] : NULL;
if (empty(
$username)) {
    echo 
"Good joke viky... srsly";
    return;
}
echo 
generate_url_with_token($username);


The result I got with that "secret" key and my username is http://cvt.is-great.net/signature/?username=Joshy&token=44939cf6f335a44a6a7acdc09566691d7c5f7bec3c1b321f13dc6f9e64d80ea2

You can use the code at https://repl.it/EmJm/3 to test your environment to make sure it works properly (some web hosting disable hash_hmac for "security" - klol).

Still dont know who created the coding that doesnt make sence at all :)