Using PHP and MySQL database to perform authentication in C# desktop app

Hosting Support
1

https://web.ebs-systems.epizy.com/

Error Message

<html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("d1be638bf35af86155de84766029d160");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="https://web.ebs-systems.epizy.com/login/login.php?i=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>

Other Information

I have a PHP and MySQL login system that already has a considerable number of users. These users will use a desktop app that is used to build encryption mechanisms. It is being developed using Windows Forms technology and developed in C#. To perform authentication, I created a PHP POST API to generate this authentication, based on the existing login system. When I tested it with Postman, this error was returned. When I tested it in the C# app, it also returned. Does anyone know how to help me?

Below is a portion of the API code

<?php
require "../php/crud.php";
$cls = new database();
session_start();

if (isset($_POST["user"]) && isset($_POST['pwd'])) {
    $user = $_POST['user'];
    $pwd = $_POST['pwd'];
    $redirect = htmlspecialchars($_GET['r']);
    $mysqli = $cls->GetLinkMySQLI();
    if (!empty($user) && !empty($pwd)) {
        $stmt = $mysqli->prepare("SELECT * FROM USER WHERE EMAIL_USER = ? OR ARROBA_USER = ?");
        $stmt->bind_param("ss", base64_encode($user), base64_encode(str_replace('@', '', $user)));
        $stmt->execute();
        $result = $stmt->get_result();

        if ($result->num_rows > 0) {
            while ($row = $result->fetch_assoc()) {
                if ($row['ATIVO_USER'] == 1) {
                    for ($i = 0; $i < 255; $i++) {
                        $pwd = sha1($pwd);
                    }
                    if ($pwd == $row['HASH_USER']) {
                        json_encode(["status" => "success", "message" => "Login bem-sucedido!"]);
                    } else {
                        echo json_encode(["status" => "error", "message" => "Usuário ou senha incorretos!"]);
                    }
                } else {
                    echo json_encode(["status" => "error", "message" => "Você não tem permissão para acessar o sistema!"]);
                }
            }
        } else {        
            echo json_encode(["status" => "error", "message" => "Usuário ou e-mail não encontrados!"]);
        }
    }
}
?>
2

The error generated:

<html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("d1be638bf35af86155de84766029d160");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="https://web.ebs-systems.epizy.com/login/login.php?i=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>

Results from this:

10 Likes
3

Ok, I understand the need to use this mechanism. But is there another way to access my system using PHP and pass the data to C#?

I intend to subscribe to a premium plan in the near future to solve this problem.

4

No. Free hosting is not an API service, requests like what you are trying to do are blocked.

Unless you install an entire web browser that can run JS as a part of your project, then you might be able to get it to work, but that’s a lot of hassle, especially since you are planning to upgrade anyways.

7 Likes