Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Mobile Device IV Login Screen Setup
#1
I wanted to share with everyone on how to set up a pin code based login screen for use with your mobile device that will allow you to access your main mobile interface without having to pass your user name and password for the main interface over the query string.

1. Create an interface named "Login" or whatever you want to call it. Here is a mockup:

[Image: Screen-Shot-2020-01-16-at-11-39-14.jpg]

The ???? is a field called EntryFld

The "Enter your password" is a field called StatusText

For the login background (click on the blue part) of the interface set this as the action. This will allow the pin code to be obscured when the IV loads

PHP Code:
EntryFld::SetSecretMode

    P1
=True 

2. Create a Limited User with a complex password and assign the Login template to it. This will allow you to access the template via WebRIVA (and CTC CQC app):

http://IP_ADDRESS/CQSL/WebRIVA/index.html?user=USER&pw=PASSWORD

3. Create a field in the Variables driver for each user (eg, SecurityPinCodeUser1) of type String and assign the pin code (eg, 123456) as the persisted value

4. Here are the actions when you click the login button. Note, I have two users SecurityPinCodeUser1 and SecurityPinCodeUser2

PHP Code:
// set variable for entered pin code
EntryFld::GetText
    P1
=LVar:PINCode

// evaluate pin code entered against values in variables driver for each code
If 
System::Equals
    P1
=%(LVar:PINCode)
    P2=$(Variables.SecurityPinCodeUser1)
    P3=No Case

IntfViewer::LoadNewTemplate
    P1
=/User/iPhone/Main

Else

If 
System::Equals
    P1
=%(LVar:PINCode)
    P2=$(Variables.SecurityPinCodeUser2)
    P3=No Case

IntfViewer::LoadNewTemplate
    P1
=/User/iPhone/Main

Else

// display message
EntryFld::Clear

StatusText
::Clear

StatusText
::SetText
    P1
=Invalid login

// I have custom code here for sending me an SMS message when there is an invalid login and what invalid pin was
// attempted

End

End 

You can have as many users as you want with the nested if/thens

After a successful "login" the user is transferred to the Main template which has no user assigned to it which means someone could not try to load it via the WebRIVA URL (ie, http://IP_ADDRESS/CQSL/WebRIVA/index.html?user=USER&pw=PASSWORD). It's inaccessible unless you enter the correct pin code

Comments are welcome but this at least solves my concern about no SSL and passing login information for my entire house interface over the query string.

I am currently thinking of adding some code that will track login attempts and store the "count" in a variables driver field along with a lockout time if a number of login attempts is exceeded. Then I will update the action settings of the login interface itself to check the timeout and if still in a timeout then it will disable/enable the buttons. A successful login would reset the timer and counts.

Any way to collected the IP Address of the device accessing WebRIVA?
Reply
#2
I told it to leave a redirect in the original forum you posted in for 2 days but it didn't do that. I'm not sure if the WebRIVA clients sends that, but it could. There's a standard runtime value StdRTV:IPAddr, that is available. But it may currently be set to the server's IP. The WebRIVA client would have to send it over, and I don't think it does that.
Dean Roddey
Explorans limites defectum
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  How-To Setup SMTP with SSL using stunnel wuench 37 84,039 01-28-2014, 09:05 AM
Last Post: batwater
  How To - Android based device Voice control of CQC batwater 26 23,854 12-05-2013, 06:55 AM
Last Post: batwater
  How to setup the Weather Channel data feed driver. beelzerob 3 14,116 05-24-2010, 04:39 PM
Last Post: Dean Roddey

Forum Jump:


Users browsing this thread: 1 Guest(s)