Password protected addon frame..

Hello all,

Is there any way to do this? Basically, I'd want someone to click on "Admin" on the addon, and when clicked, maybe another frame or a prompt comes up asking for a password. If the password is wrong, they are either returned an error or nothing happens, but if the password is right, they are forwarded to the corresponding frame.

I have an idea in my head on how the code would be, id just need someone to write it out so I can get it done right.

A basic string would be like "Frame:Textbox/If "password" typed in textbox, on click=success-openProtectedFrame, if "invalid password":do nothing"

I have the idea in my head, and I THINK you can do it, but I'm not too certain. I would also probably need a way to encrypt that part of the code so no "Savvy" person would be able to open it up and pull the password out OR have another addon run the OnClick protectedframe:show(); command.

Thanks ahead if anyone can shed some light on if it is even possible.

I think another thing that makes me believe its possible is the option to make an "editbox" use "password" characters instead of regular characters. Hmm.|||It's entirely possible to do the in-game part.

But this isn't going to be practical for the simple reason that addon code (Lua) isn't compiled. Anyone can open your code and read and/or edit it. Even if the password was somehow encrypted they could just delete the entire block of code and call the function directly.

A similar example, there used to be a mod that would link the items you could get from handing in the tokens in ZG and AQ20. The author made it so that only raid-promoted people could do it. Took me ~30sec to fix that so I could always do it.

This is going to be the case with any kind of restriction or protection you put on an addon.|||http://www.carboniteaddon.com/

Protected code and is even locked to a server, so I'd say its possible. (in a way)

(weather the code can easily unprotected or not I don't know)|||... I dislike sites like that, where you pay for "forum access" so that you can download the "full" addon. But whatever, people can do whatever they want :) I'm sure if I had access to the full version code of carbonite, the lua can be modified in 10-30 seconds and it will work for anyone who wants it. It's just a text file, so easily unprotected :)

The only way I can think of where it would be "mostly" protected is if you have to run a program in the background (for carbonite) and it would detect WOW starting up and install the real addon information to the addon folders (before this happens, all files are empty, as placeholders, so WOW recognizes them). Then, the files are updated to the real files and the user logs in and uses them. After the login, the files are removed and replaced with the false ones again. Still, doing so would allow the files to exist for a quick second or two and all you would need to do is create an addon that would "freeze" wow during the loading process (infinite loop or something like that) and look at the files in the folder, copy them, and you're good to go.

Back to the original topic, I don't think you'll be able to do what you want. A savvy person can bypass any and all safeguards to put in place. If you have an encrypted password, the user just needs to run the "decrypt password" function in your addon and bingo, password found.

Only one way I can think of where it WOULD work, which is to have the password stored on another character who's logged in (like a guild leader) and if the password is sent via whisper or addon whisper and confirmed to be real, the addon would continue and execute the "admin" code ... but still, this code could be accessed with a simple bypass of the password check. *shrug*

Oh, just looked at the source code for the "free" version and it's encrypted inside the code with some code to decrypt it and load the decrypted code. A simple code change will allow you to see all of the code and save it as well for later use. It's pretty hard to protect something in lua in WOW.

Edit: I should mention that I did not decrypt the file but, with simple code changes, one could.|||Agree with everything Moongaze said.|||Well, thanks for all the input.

So, can anyone show me the script to do a whisper and have a frame activated? or even just what I was asking earlier?

I'm not too worried about the content inside. It's really a safeguard..but a few steps to make something "PROTECTED" in wow would be to just release built versions of your addon WITH a protected area, and send public versions to basic members of a guild. This way, they don't even KNOW it exists, let alone be able to try to break into it.

Thanks for all your input!|||This thread got me thinking about something I came across a couple months ago called code obfuscating. Basically it's a way to hide things in plain site. Of course I'm not sure if there are any code obfuscators for lua, or how well lua lends itself to the obfuscation process but it might be worth giving a few minute of thought to.



http://en.wikipedia.org/wiki/Obfuscated_code

For example: This code is a completely compilable C code that prints the 12 verses of "The 12 days of Christmas."

#include <stdio.h>

main(t,_,a)char *a;{return!0<t?t<3?main(-79,-13,a+main(-87,1-_,

main(-86,0,a+1)+a)):1,t<_?main(t+1,_,a):3,main(-94,-27+t,a)&&t==2?_<13?

main(2,_+1,"%s %d %d\n"):9:16:t<0?t<-72?main(_,t,

"@n'+,#'/*{}w+/w#cdnr/+,{}r/*de}+,/*{*+,/w{%+,/w#q#n+,/#{l,+,/n{n+,/+#n+,/#\

;#q#n+,/+k#;*+,/'r :'d*'3,}{w+K w'K:'+}e#';dq#'l \

q#'+d'K#!/+k#;q#'r}eKK#}w'r}eKK{nl]'/#;#q#n'){)#}w'){){nl]'/+#n';d}rw' i;# \

){nl]!/n{n#'; r{#w'r nc{nl]'/#{l,+'K {rw' iK{;[{nl]'/w#q#n'wk nw' \

iwk{KK{nl]!/w{%'l##w#' i; :{nl]'/*{q#'ld;r'}{nlwb!/*de}'c \

;;{nl'-{}rw]'/+,}##'*}#nc,',#nw]'/+kd'+e}+;#'rdq#w! nr'/ ') }+}{rl#'{n' ')# \

}'+}##(!!/")

:t<-50?_==*a?putchar(31[a]):main(-65,_,a+1):main((*a=='/')+t,_,a+1)

:0<t?main(2,2,"%s"):*a=='/'||main(0,main(-61,*a,

"!ek;dc i@bK'(q)-[w]*%n+r3#l,{}:\nuwloca-O;m .vpbks,fxntdCeghiry"),a+1);}

Yes, someone could reverse engineer it, but it'd be extremely difficult.|||Quote:




This thread got me thinking about something I came across a couple months ago called code obfuscating.




Yes, this is how Carbonite works.|||So it's charted territory.

Keep in mind that if you go this route, a determined programmer would be able to figure out your password. But the time-consuming nature of reverse engineering obfuscated code would deter most.|||Carbonite also, from what I noticed, took quite a few seconds to load because of the string parsing and replacement of the 1.4 megs of code. Loading that addon was like World of Warcraft was making a sandwich before actually showing you the game :)