ESP8266 Community Forum

- Thu Jul 09, 2015 9:49 pm #22893 I don't mind if the program is written in the arduino environment as I have already installed it. Either nodemcu(lua) or arduino C is fine. I have played around with both platforms. Although I am keen on using those I am not keen on using the EspressIF SDK on linux. It seems pretty complicated to use and I don't really want to dive in at the deep end.

- Sat Jul 11, 2015 10:47 pm #23036 UPDATE:
Yesterday I managed to get HTTP AUTH to work. Here is my code:

Code: Select allwifi.setmode(wifi.SOFTAP)
  wifi.ap.config({ssid="TEST_AP",pwd="Test12345678"})
print(wifi.sta.getip())
led1 = 4
gpio.mode(led1, gpio.OUTPUT)
srv=net.createServer(net.TCP)
srv:listen(80,function(conn)
    conn:on("receive", function(client,request)
        local buf = "";
        local _, _, method, path, vars = string.find(request, "([A-Z]+) (.+)?(.+) HTTP");
        if(method == nil)then
            _, _, method, path = string.find(request, "([A-Z]+) (.+) HTTP");
        end
                  local _, _, auth = string.find(request, "%cAuthorization: Basic ([%w=\+\/]+)");--Authorization:
          if (auth == nil or auth ~= "dXNlcjoxMjM0")then --user:1234
               client:send("HTTP/1.0 401 Authorization Required\r\nWWW-Authenticate: Basic realm=\"ESP8266 Web Server\"\r\n\r\n<h1>Unauthorized Access</h1>");
               client:close();
               return;
          end
        local _GET = {}
        if (vars ~= nil)then
            for k, v in string.gmatch(vars, "(%w+)=(%w+)&*") do
                _GET[k] = v
            end
        end
        buf=buf.."<html><body>"
        buf = buf.."<h1> Control Web Server</h1>";
        buf=buf.."<p> Please Enter Your Password </p>"
           buf=buf.."<form method='get' action='/'>"
        buf=buf.."<p>Password: <input type=password name=pass </p> "
        buf = buf.."<p><button type=submit>Submit</button></p>";
        buf = buf.."</form></body></html>"
        local _on,_off = "",""
        if(_GET.pass == "test")then
              gpio.write(led1, gpio.HIGH);
        tmr.delay(2000);
     
        gpio.write(led1, gpio.LOW);
        end
       
        client:send(buf);
        client:close();
        collectgarbage();
    end)
end)


My code has 3 levels of authentication. These are the network itself, HTTP auth and a password sent through HTTP post. I am pretty happy with my code so far however there is one small problem. The password sent through HTTP Post is sent in plain text. Would it be possible to encrypt the password on the client side via html code and then decrypt it on the server side?
Could MD5 or SHA1 be used for this?
If so how could I implement this kind of encryption ?

- Mon Jan 18, 2016 12:49 pm #39162 Hi!
How did encrypting user/pwassword ?

if (auth == nil or auth ~= "dXNlcjpwYXNz")then --user:pass dXNlcjpwYXNz
client:send("HTTP/1.0 401 Authorization Required\r\nWWW-Authenticate: Basic realm=\"ESP8266 Web Server\"\r\n\r\n<h1>Unauthorized Access</h1>");
client:close();
return;
end

- Mon Aug 15, 2016 12:27 am #52970 Hello,
With the help of this page I could add a basic authentication to my ESP8266 web server. It works perfectly in every web browser. My only problem is once I am logged in through a browser it stays logged even after I reboot ESP8266 or I exit the browser. Is there any way to add a log out or a timer for automatic log out.

Thanks