[QUOTE=ThatLuaCoder;31603616]That android app in the OP relies on the pocketSteam back end. I would prefer direct access to Steam.[/QUOTE]
I wouldn't really mind, just as long as i don't have to zoom in and fiddle around with the page to make the chat visible, etc.
[QUOTE=Dj-J3;31602554]When is the android version coming? :v:[/QUOTE]
Android version is taking a while, but it should be ready for testing by the end of this month.
[editline]8th August 2011[/editline]
Actually I think I may have just fixed that Steam Guard email problem by updating to the latest SteamRE.
You have INDEED fixed it! Thanks a bunch! :)
Can you make an iOS app too? Thanks.
[QUOTE=The Pretender;31629639]Can you make an iOS app too? Thanks.[/QUOTE]
You don't quite need an app for this, you can just bookmark the webpage to your home screen with Safari
If you think im going to send my steam login information to your server then your wrong.
Either way how would this work as the new security measure requires you to get a string sent to your email when accessing from another computer.
When you login, it sends the code to your email. You just put the code into the new input that comes up and it authorizes you. Even if he had your password, he'd also need access to your email account tied to your steam account. It's safe, calm down.
My email password is my steam password. So I'd be fucked. :saddowns:
I don't trust the creator.
[QUOTE=Map in a box;31641530]My email password is my steam password. So I'd be fucked. :saddowns:[/QUOTE]
Change one of them!
[QUOTE=doonbugie2;31641645]I don't trust the creator.[/QUOTE]
He'd probably be banned by now if this was a phishing site
[QUOTE=Quark:;31635996]When you login, it sends the code to your email. You just put the code into the new input that comes up and it authorizes you. Even if he had your password, he'd also need access to your email account tied to your steam account. It's safe, calm down.[/QUOTE]
It isn't save since you actually auth his proxy-server (from where he could log in with your acc).
Not that he could do much with it anyway.
[QUOTE=The Pretender;31629639]Can you make an iOS app too? Thanks.[/QUOTE]
Working on it.
Shouldn't the password be hashed on the client anyways?
No password should ever be sent to his server. I know nothing about how it logins to steam though.
[QUOTE=Darwin226;31645439]Shouldn't the password be hashed on the client anyways?
No password should ever be sent to his server. I know nothing about how it logins to steam though.[/QUOTE]
A plaintext password is required to login to steam, but it isn't logged and the website uses SSL so it can't be intercepted.
[QUOTE=Map in a box;31641530]My email password is my steam password. So I'd be fucked. :saddowns:[/QUOTE]
Why? That's pretty stupid.
Well, SteamGuard did nothing...
[QUOTE=Quark:;31635996]When you login, it sends the code to your email. You just put the code into the new input that comes up and it authorizes you. Even if he had your password, he'd also need access to your email account tied to your steam account. It's safe, calm down.[/QUOTE]
Except where he now has the password and the auth code you just typed in, along with the sentry file it generated on his backend.
This web service is entirely run on an honor system. Either you trust the guy operating it, or you don't.
[QUOTE=Darwin226;31645439]Shouldn't the password be hashed on the client anyways?
No password should ever be sent to his server. I know nothing about how it logins to steam though.[/QUOTE]
Steam2 works by sending the client two (constant, per-user) salts that are to be hashed with the password, and then used as a key to exchange further data (via AES). Technically, the password nor its hash are ever sent during authentication.
No clue how Steam3 (the newer subset of the Steam protocol, where all the fun stuff is done) does it, yet. I need to continue working on [url=http://github.com/SergeB/libsteam]libsteam[/url] some day. Maybe then I can create portable clients that do not rely on trust. :v:
[QUOTE=VoiDeD;31655592]Except where he now has the password and the auth code you just typed in, along with the sentry file it generated on his backend.
This web service is entirely run on an honor system. Either you trust the guy operating it, or you don't.[/QUOTE]
He still needs access to my email to even login to my steam account
[QUOTE=Quark:;31662506]He still needs access to my email to even login to my steam account[/QUOTE]
No, you do that for him. His web service requires 3 things from you in order to be able to login to your account at any time. Your username, password, and then the auth code you provide from the email.
[QUOTE=VoiDeD;31663223]No, you do that for him. His web service requires 3 things from you in order to be able to login to your account at any time. Your username, password, and then the auth code you provide from the email.[/QUOTE]
Afaik you can only use the key where you requested it from. Not sure how he does it though(auth and login), or from where.
Still, what if he uses his webserver to access your account? It's perfectly feasible.
[QUOTE=GranPC;31666448]Still, what if he uses his webserver to access your account? It's perfectly feasible.[/QUOTE]
He can use anything. The authcode is required only once to create the sentry file. Once you have the file it's entirely possible to use it for logging in with the regular steam client.
Of course it's possible that you can deauthorize all computers, and that would invalidate the sentry file, but until that's done your account is accessible.
I don't want to instill some sort of feeling that the OP is out to do any of this, but some fair warning is prudent.
I could really use this, but I haven't gotten my Steam Guard email. Help?
[editline]12th August 2011[/editline]
I cheated. I tried logging into steampowered.com and it gave me a new key. That key worked on pocketSteam and Steam's site.
On a feature note, you need a flashing title like Facebook or Omegle when there's a new message.
This pretty much saved my day from massive boredom. The only bug I know of is that half a second after starting to scroll through the friends list it jumps back to the top. This only happens when all avatars haven't been downloaded.
[QUOTE=Dj-J3;31647259]Why? That's pretty stupid.[/QUOTE]
Not if you're using Google and their 2-way authentication. :smile:
Haven't worked much on this recently as I've gotten distracted. But the Android app is useable now. It can now display avatars and cache them, and you can send and recieve messages.
Will add notifications on the web app soon and work on some new features for it (such as setting yourself as away/busy)
Have some media:
[img]http://dl.dropbox.com/u/3695360/webSteam/app3.PNG[/img]
[img]http://dl.dropbox.com/u/3695360/webSteam/app4.PNG[/img]
Please release the Android app, I'd love to use it no matter how buggy it is.
AzzyMaster: Shut up and take my winners. All of them.
Sorry, you need to Log In to post a reply to this thread.
