1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

xfCheck [Deleted]

Discussion in 'Add-on Releases' started by Mythotical, May 27, 2013.

  1. Mythotical

    Mythotical Well-Known Member

    Mythotical submitted a new resource:

    xfCheck - License validation storing encrypted tokens.

    Read more about this resource...
     
  2. The Forum Heroes

    The Forum Heroes Well-Known Member

    How about adding the token and domain fields to the registering page, if it fails, it prevents registering for the forum
     
    Shelley likes this.
  3. Allan

    Allan Well-Known Member

    Thank you :)

    But, what is the difference with this add-on?
     
  4. tyteen4a03

    tyteen4a03 Well-Known Member

    This addon stores your tokens while KK's addon does not.

    You didn't post your actual encrypted content. Cheating :p
     
    Allan likes this.
  5. Mythotical

    Mythotical Well-Known Member

    Good idea, that would require me to do another part where it can be enabled for current users and upon registration do the check or just registration or after registration using cron.

    tyteen4a03 is correct. Reading the description of KK's and mine you will see the significant difference.

    Here is the code when I download my blob and open with a text editor: Äs ?ûN∫t=K ¿ÌNÅxú∂äÒ>ÄÅ◊_`Ÿ˘

    Figure that code out. LOL
     
  6. Sheratan

    Sheratan Well-Known Member

    Can this add-on prevent different user using same token and domain?
     
  7. Mythotical

    Mythotical Well-Known Member

    The thing about that is no user should have the same token and if so they have been hacked and need to check on that.
     
  8. Sheratan

    Sheratan Well-Known Member

    I mean, if user A validating himself with his token and domain, can user B validating himself with user A token and domain?
     
  9. Mythotical

    Mythotical Well-Known Member

    Yes but the only way that can even be possible is for User B to hack User A and grab a token hence User A can change their password on the XenForo site and generate a new token making the token User B has invalid. So more or less it is yes and no.
     
  10. The Forum Heroes

    The Forum Heroes Well-Known Member

    I think what he means is, make the field in the database unique, so if a valid token gets distributed though a warez site, 50 people all can't verify using the same token.
     
    Sheratan likes this.
  11. Shelley

    Shelley Well-Known Member

    Damn good suggestion Mike one I was considering in going to make but was unsure whether it was possible. +1 and Liked Suggestion
     
    The Forum Heroes likes this.
  12. The Forum Heroes

    The Forum Heroes Well-Known Member

    Yeap, would love to see my idea added. If not in the full form. Maybe as 1st step, sort of like how vB uses enter your age to continue. Once you validate your domain and token, it takes you to step 2. Also would like to have the domain used saved to database as custom user title.
     
    Shelley likes this.
  13. Lisa

    Lisa Well-Known Member

    If people change their token after validating it a) 50 people can't verify using the same token and b) saving the token via the addon is pointless.
     
    Forsaken likes this.
  14. Mythotical

    Mythotical Well-Known Member

    I can see where Mike is coming from because my addon grabs the permanent token and holds it in encrypted form. That way it could be unique, the thing is that with encryption I'm not sure I could make the field unique. I would have to include a system that reports to admins duplicate tokens then let the admin handle it.
     
  15. Lisa

    Lisa Well-Known Member

    Yes but if someone uses a token to validate somewhere using your addon and then changes their token straight after validation takes place.. then the existing token no longer exists... so what's the point in keeping it on record?
     
    Bob, Shelley and Jeremy like this.
  16. Shelley

    Shelley Well-Known Member

    Good point.

    I think just a easy means of confirming they are legit and that is the end of that. I don't think records are needed and keeping the simplicity is probably the better step to take without it making it overly complicated.
     
    Jeremy and Bob like this.
  17. Forsaken

    Forsaken Well-Known Member

    I thought the same thing.
     
    Jeremy likes this.
  18. Sheratan

    Sheratan Well-Known Member


    That's what I'm thinking. Thank you Mike. I was bad in english since it was not my native language.
     
    The Forum Heroes likes this.
  19. Mythotical

    Mythotical Well-Known Member

    The record that is stored is the returned license_token, the generated token is replaced by that which is a permanent token. I did it that way for future validation if site owners need to have yearly validations or whatever then the user would generate a new token, if the license token returned matches what is in the database then the validation is successful otherwise it is failed and the user is unvalidated at that time. Permanent license tokens are unique in that they can be returned when validating but that is it. The purpose I'm implementing for them is to keep things unique as Mike stated above in turn I will set a cron to run daily and to check returned license tokens against current entries then upon registration reject if there is a match and if some one slips by then the admin is notified.

    As I stated in the original post, this does not save the generated token, it saves the returned permanent token that no one will know or have access to unless you are the license owner.
     
  20. Mythotical

    Mythotical Well-Known Member

    One more update once XF1.2 is release then xfCheck will reach EOF as I don't see it being used too often but I will leave the current version for those who may wish to use it. I will update it as well to work with any XF that is released and it breaks.

    If you wish to use a version that does not store anything you can use @King Kovifor [XI] License Validation
     

Share This Page