Go Down

Topic: make webserver password protect (Read 2021 times) previous topic - next topic

dravid

i want to protect my web server for secure control


         
         
         
#include <SPI.h>
#include <Ethernet.h>




byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };   //physical mac address
byte ip[] = { 192, 168, 1, 170 };                      // ip in lan (that's what you need to use in your browser. ("192.168.1.178")
byte gateway[] = { 192, 168, 1, 1 };                   // internet access via router
byte subnet[] = { 255, 255, 255, 0 };                  //subnet mask
EthernetServer server(80);                             //server port     
String readString;

void setup() {
 // Open serial communications and wait for port to open:
  Serial.begin(9600);
   while (!Serial) {
    ; // wait for serial port to connect. Needed for Leonardo only
  }
  pinMode(4, OUTPUT);

  // start the Ethernet connection and the server:
  Ethernet.begin(mac, ip, gateway, subnet);
  server.begin();
  Serial.print("server is at ");
  Serial.println(Ethernet.localIP());
}


void loop() {
  // Create a client connection
  EthernetClient client = server.available();
  if (client) {
    while (client.connected()) {   
      if (client.available()) {
        char c = client.read();
     
        //read char by char HTTP request
        if (readString.length() < 100) {
          //store characters to string
          readString += c;
          //Serial.print(c);
         }

         //if HTTP request has ended
         if (c == '\n') {         
           Serial.println(readString); //print to serial monitor for debuging
     
           client.println("HTTP/1.1 200 OK"); //send new page
           client.println("Content-Type: text/html");
           client.println();   
                    client.println("<!DOCTYPE html>");
          client.println("<html>");
          client.println("<body>");
          client.println("</form>");
          client.println("USER NAME:<input type='text' name='firstname'><br>");
          client.println("PASSWORD:<input type='password' name='pwd'><br>");
          client.println("<input type='submit'>");
          client.println("</form>");

         if (readString.indexOf("firstname") =='rahul')
         if (readString.indexOf("pwd")=='rdr')
         {
 

           client.println("<H1>second year project  </H1>");
           client.println("<H1>survilance robo </H1>");
           client.println("<hr />");
           client.println("<br />"); 
           client.println("<H2>Arduino with Ethernet Shield</H2>");
           client.println("<br />"); 
           client.println("<a href=\"/?button1on\"\">Turn On LED</a>");
           client.println("<a href=\"/?button1off\"\">Turn Off LED</a><br />");   
           client.println("<br />");     
           client.println("<br />");
           client.println("<p>Created by Rahul . available at rdr.rahul7@gmail.com</p>"); 
           client.println("<br />");

         }
                   client.println("</BODY>");
           client.println("</HTML>");
           delay(1);
           //stopping client
           client.stop();
           //controls the Arduino if you press the buttons
           if (readString.indexOf("?button1on") >0){
               digitalWrite(4, HIGH);
           }
           if (readString.indexOf("?button1off") >0){
               digitalWrite(4, LOW);
           }
           
            //clearing string for next read
            readString=""; 
           
         }
       }
    }
}
}         


this is my code ,
help me with my look on it




and itz important that i am new to ethernet shield

PaulS

Regardless of what the client asked for, send back the login page. Why?

Robin2

I suggest you figure out how to do that with a PC based web server application and when you have figured it out you can transfer the concept to your Arduino project.

How secure do you want it to be? Web security is a complex subject - but Google will find a lot of info about it.

You will probably need cookies to maintain state between calls to your server - unless the client is required to authenticate every time.

...R
Two or three hours spent thinking and reading documentation solves most programming problems.

PaulS

Sending your password as clear text more or less defeats the purpose of having a login in page.

Go Up