you can send a getUser with the hash of authenticateIve gone through most of the posts here on this thread now looking for a solution to my problem. I cant seem to figure out a way to check if a user is logged in or not? I have a feeling its not that simple but if someone could point me in the right direction it would be greatly appreciated.
My goal is after I get the hash, to check if it's correct. Like if someone tries to redirect the link to the api and fakes a hash, how can I check that the hash I get as a response from the api is a valid one?
sAddress = "https://hitsparkinteractive.com/api.php" addrParams = "action=authenticate" addrParams = addrParams & "&username=" & Username addrParams = addrParams & "&password=" & Password Set HTTP = New WinHttpRequest HTTP.Open "GET", sAddress & "?" & addrParams, False HTTP.SetTimeouts 250, 250, 250, 3000 HTTP.Send
sAddress = "https://hitsparkinteractive.com/api.php" addrParams = "action=getUser" addrParams = addrParams & "&hash=" & Username & ":" & TempPlayer(index).Hash Set HTTP = New WinHttpRequest HTTP.Open "GET", sAddress & "?" & addrParams, False HTTP.SetTimeouts 250, 250, 250, 1000 HTTP.Send retJSON = HTTP.ResponseText Set HTTP = Nothing
You seem to not understanding me. I require username and pass and I successfully get the hash. My problem is checking if the hash is correct.
The HASH is unique and not something you need to verify.
That's what I needed. I'm aware that I don't need additional checks of the hash, but let's say someone manages to reroute the api address to somewhere else that returns a random hash. That's why I need an additional check