Simple app communication with server

[trags3]

I want to run a LC server stack that accepts data from an app I have written.
I have a single card with a field named "holding" to save the incoming data. I will do some processing of this data ie email it to 2 email addresses in the data and to myself.
The code for the card (so far) is:
on openCard
accept connections on port 2082 with message "clientConnected" -- port 2082 is TCP port
end openCard

on clientConnected pSocket
read from socket pSocket until cr with message "messageReceived"
end clientConnected

on messageReceived
put it into fld "holding"
end messageReceived

The data I expect will be comma separated variables (about 10) and can have different numbers of characters but will always end with a cr.
Nothing on my site is visible. It is only used for this single purpose at this point.

I have three questions.

1. How can I reject incoming data from unwanted sources?
2. Should I set the maximum number of characters I expect?
3. I assume LC Server needs to be resident on the site but I am not quite sure do I want to run in the command line mode or CGI mode?
I lied there are 4 questions
4. Is it possible to save this stack as a standalone and run it on the server?

I am sure I'll have more questions but I think these will give me a good start.
I hope I'm at least on the right track
Thanks for the help.

Tom

[bangkok]

I don't really understand. It seems you mix up several items : LiveCode Server, web app, client / server with socket, standalone, stacks, local, remote etc.

You should explain to us what exactly do you want to achieve, the framework. The "how" could come later.

To take one of your question : you seem to worry about "unwanted source". Are you talking about an open web server, on the internet. Or a local network ? Where will be the "server" and who/where will be the "clients" ?

Here are a few ideas.

WEB APPS
-you have a regular web server (port 80), with LiveCode Server installed on it, and a few scripts (or stacks)
-you have desktop apps that can communicate with this web server, through POST or GET queries (calls to a SQL database for instance).
-add some authorization / encryption schemes, and you can a rock solid solution.

LOCAL NETWORK SCHEME
-you have a stack, or a standalone, listening to a socket, acting as a small server on your local network
-your desktop apps will call this server, through socket, within the local network

DUAL SCHEME
-you have a local network (your company for instance) with a local server. It runs a LiveCode standalone listening to a certain socket
-your firewall/routers accepts and forwards incoming data only from an authorized IP : a web server running LiveCode Server (or PHP)
-your apps will send queries to the LiveCode Server (through POST / GET), the server will process the queries, sanitize them, decrypt them and forward them to the local network, then to the local server

Actually, many different ways are possible.

[trags3]

I don't really understand. It seems you mix up several items : LiveCode Server, web app, client / server with socket, standalone, stacks, local, remote etc.

You should explain to us what exactly do you want to achieve, the framework. The "how" could come later.

To take one of your question : you seem to worry about "unwanted source". Are you talking about an open web server, on the internet. Or a local network ? Where will be the "server" and who/where will be the "clients" ?

Here are a few ideas.

WEB APPS
-you have a regular web server (port 80), with LiveCode Server installed on it, and a few scripts (or stacks)
-you have desktop apps that can communicate with this web server, through POST or GET queries (calls to a SQL database for instance).
-add some authorization / encryption schemes, and you can a rock solid solution.

LOCAL NETWORK SCHEME
-you have a stack, or a standalone, listening to a socket, acting as a small server on your local network
-your desktop apps will call this server, through socket, within the local network

DUAL SCHEME
-you have a local network (your company for instance) with a local server. It runs a LiveCode standalone listening to a certain socket
-your firewall/routers accepts and forwards incoming data only from an authorized IP : a web server running LiveCode Server (or PHP)
-your apps will send queries to the LiveCode Server (through POST / GET), the server will process the queries, sanitize them, decrypt them and forward them to the local network, then to the local server

Actually, many different ways are possible.

I have a mobile app. Data is input on the mobile device when the user meets with a client.
I have the app send some identifying information letting my client know that their client (the app user) has used the app.
The identifying information is sent to an open web server that I have with Godaddy. The server in turn will send me and my client the uploaded data via email.
The communication is initiated when the user clicks a button to send their client an email with other data in it. Because they can delete my clients email from their email program My client wants to know whenever someone uses the app.

The only purpose of the server is to receive this data and relay it.There is nothing else on the server and nothing can be seen by any app user.

Is this clear? I really appreciate the help.

[bangkok]

Is this clear? I really appreciate the help.

Much clearer !


So no need to bother with socket, standalone.

-install LiveCode Server on your web hosted by Go Daddy (provided it's possible)

-create a simple LC Server script that will have only 2 purposes : receive any POST query (sent by the mobile apps), apply some checks and verifications on the data contained in the query, and then relay the data by sending an email.

to give you an idea about POST structure look here :
http://revolution.byu.edu/internet/serv ... ormsdb.php

For emailing within LC server :
http://lessons.runrev.com/m/4070/l/8184 ... er-scripts

Or, you could use a free remote emailer system, like Mandrill. look here for an example :
http://forums.livecode.com/viewtopic.ph ... 43#p105566

Overall, it's a very straightforward scheme.

You could add for fun and sophistication :

-some encryption.

-a log/history system : the data received would be first saved in a local MySQL database for instance (on the go daddy server), and then sent by email. That would give your client the ability to check/summarize after all the informations (furthermore an email can be lost)

[trags3]

bangkok,
Thanks so much.
This clarifies this for me.


Tom

[AxWald]

Hi,

I see you're using sockets communication. AFAIK not yet available for Android.

To your questions:

1.) How can I reject incoming data from unwanted sources?

Code: Select all

on ServerClientConnected pSocket
   -- Safety measures: Known IPs may connect, else we can connect via a known token
   if checkallow(GetMySocket(pSocket),true) then  -- ask if we know the IP
      -- it's a valid IP. No further AUThorization required
      put pSocket & return after gSockets     
      put "You're welcome!" into MyMsg
      write "CON OK, " & length(MyMsg)& return & MyMsg to socket pSocket
      get LogHandler("Client connected: " & pSocket,,true)  -- write it to the log
      read from socket pSocket until return with message "ServerMessageReceived"
   else
      -- unknown IP, we require AUT_horization:
      put "Unknown IP, please AUT!" into MyMsg
      write "CON NO, " & length(MyMsg)& return & MyMsg to socket pSocket
      get LogHandler("Wrong IP, asked for AUT! " & pSocket,,true)  -- write it to the log
      read from socket pSocket until return with message "ServerMessageReceived"
   end if
end ServerClientConnected

This is code from my socket server, guess we started with the same basics ;-)

I use "checkallow(GetMySocket(pSocket),true)" to determine if I know the IP. For this I call some functions in an "in-use-stack" - reading a prefs file, looking if the IP is good.

If the client is unknown, I offer to log in via a special command: AUT. This must be the next to come in, else the server kicks you:

Code: Select all

(in "Servermessagereceived":
         if checkallow(myPL) then
            -- correct User Token this time? Yes
            put pSocket & return after gSockets
            put myPL & " , you're welcome! Send MSG/ USR/ ART!" into MyMsg
            write "AUT OK," & length(MyMsg) & return & MyMsg to socket pSocket            
            get loghandler(MyPL & " is valid: ", pSocket,true)
            read from socket pSocket until return with message "ServerMessageReceived"
         else
            put "Unknown User " & MyPL & ", try to reconnect!" into MyMsg
            write "AUT NO," & length(MyMsg) & return & MyMsg to socket pSocket
            get loghandler(MyPL & " rejected: ", pSocket,true)
            socketclosed pSocket
         end if

2. Should I set the maximum number of characters I expect?

I'm doin it this way:
My protocol requires some very few parameters on line 1, ending with length(what comes after). Usually it's a 3-char command, sometimes followed by a single parameter (AUT oievn6845mfg for instance), sometimes followed by a larger block:

Code: Select all

ORD 210359, 53b05ab68952d, 82
0051820,6.45,30,0
0082540,7.82,12,0

This is an ORDer. ORD [Customernumber],[OrderToken],[Length([whatFollows]),
and the articleData.

I'm testing the arguments on the first line (CustNr. has to be numeric and x chars long, Token has to be y chars long ...), then the following lines (payload = MyPL), to prohibit SQLInjection.

3. ... LC Server ...
No idea, sry ;-)

4. Is it possible to save this stack as a standalone and run it on the server?
I'm running my socket server on a Win 2K3 server, as a service, using NSSM. It's a rather small standalone (8.192 Bytes before compiling to a StandAlone), and it uses a help stack that it puts "in use" at startup. The standalone only contains the basic logic, anything else comes from the help stack and a .prefs file.
The compiled StandAlone (with internet & database support) is about 3.2MB, uses 10.6 MB RAM on the server, and runs like a charm.

Hope this helps, feel free to ask questions ;-)
I wished we'd finally have socket communications for Android, too - it's such a great way for server-client communication!

Have fun!

[trags3]

Thanks AxWald.
I really appreciate the help
Tom