T
T
TotTip2021-03-09 14:09:00
Delphi
TotTip, 2021-03-09 14:09:00

How to implement authorization at program startup?

Hello!
How to implement authorization in the program at startup?
At the first start, authorization is offered (a request to the site and adding an entry to the Windows registry)
At each subsequent launch (starts with Windows and immediately to the tray), the program will contact the registry (whether there was authorization before) and the site (check if this user is in database).
The program has already been written and is working, it remains to fasten this functionality.
How to do it right? I added an authorization form to the main program, but I don't quite understand how to tie it all together. Make the authorization form "main" so that it is the first one when the program starts and run the main form from it? Or is it implemented in some other way?
From the server side, everything is simple - a database (login, password, date of addition) and a simple admin panel for adding / deleting users.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
H
Hemul GM, 2021-03-09
@TotTip

It is not necessary to consider that there is a "basic form". You have many different forms/windows. The "main" window is the window that was created first, but this is just a formality.
Moreover, it must be created through the Application form constructor. And if you create windows in a simple way,
TFormAuth.Create(...)then it will not be considered the main one.
In total, in order to make the authorization window wisely, you need to go into the program code (not into the module code, but into the program code). Yes, there is such a place. Delphi hides it from newcomers. You can open it through the context menu of the project "View Source" or through the menu "Project" -> "View Source".
There you will see the code for launching the application, including the creation of forms. This code can and should be edited. There you must create an authorization window in order to perform a check and either launch the application or not launch it.
UPD. Example

program Temp;

uses
  Vcl.Forms,
  Vcl.Controls,
  Temp.Main in 'Temp.Main.pas' {FormMain},
  Temp.Auth in 'Temp.Auth.pas' {FormAuth};

{$R *.res}

begin
  Application.Initialize;
  Application.MainFormOnTaskbar := True;

  FormAuth := TFormAuth.Create(nil);
  if FormAuth.ShowModal = mrOk then
  begin
    Application.CreateForm(TFormMain, FormMain);
    Application.Run;
  end;
end.

As you can see, I removed the automatically generated line
Application.CreateForm(TFormAuth, FormAuth);
and created the form myself
FormAuth := TFormAuth.Create(nil);
. Next, I did a simple check, if the window was closed with mrOk (i.e., the OK button was pressed), then we continue, run the program, otherwise the program just ends.

R
rPman, 2021-03-09
@rPman

Authorization can look like this - the server issues a token (a certain number, secret, temporary, whose validity period can be extended when it is used), based on some client identification data (computer or application installation ID, network ip address, etc., this question is not easy and the answer to it will determine the severity of the check for the actions of an attacker who tries to steal this token).
Those. the application checks if there is a token in memory,
* if not, it opens the authorization form, and in the place with the data from it (more precisely, processed by some crypto-reliable hashing algorithm) sends the client identifier to the server, the server checks whether it is possible to give access, stops working previously issued tokens to the same client, and issues a new one.
* if there is a token, the application makes a request with this token and its identifiers (also hashed) to the server, and it, in turn, checks if the token has expired and returns either yes or no.
The authorization process can be perceived as the issuance of an activation key (for example, when buying your copy of the program).
You need to understand that this check can be bypassed by removing this request from the code in principle. It is more reliable to transfer part or all of the application’s functionality to the server side, in which case hacking will not work so easily, but the work may not be as comfortable due to lags, and the load on the server will become higher.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question