Web Analytics Made Easy -
StatCounter how do i write a password script - CodingForum

Announcement

Collapse
No announcement yet.

how do i write a password script

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • how do i write a password script

    how do i write a password script ,for multiple user's using cgi ?

  • #2
    What are you trying to protect with the passwords?

    Mzzl, Chris
    My Website
    010100010011110101110100011011110111000001101000

    Comment


    • #3
      a message board iam writing

      Comment


      • #4
        There are several methods. I'm assuming you'll be using a form to get the username and password, so one way would be to hardcode each password and corresponding username inside the code using arrays. Another way would be just to have a text file on your computer that lists the username and password and whenever a user tries to enter, it checks for the username, and then when it finds it, checks if the password is correct.
        -Obiwan Jabroni
        May the Schwartz be With You

        Comment


        • #5
          The better way would be to use htaccess:

          http://javascriptkit.com/howto/htaccess3.shtml
          Moderator, Perl/CGI Forum
          shadowstorm.net - subvert society

          Comment


          • #6
            .htaccess would certainly be the easiest way, but it wouldn't necessarily be the 'prettiest', and certainly doesn't use CGI like you asked...

            If you wanted to do it with Perl the best option would be to assign the logged-in user a session cookie and to check for that session cookie on the protected pages.

            Hardcoding is a bit of a last resort really, since this is pretty unflexible, particularly if you wanted to be able to add new users, delete them, allow them to change passwords etc. etc.

            Storing the passwords in a file is a good idea, but you should make sure that the file is preferably outside of the public_html directory or whatever so that people can't just download the file.

            If this isn't an option then you can use some common tricks to stop people from downloading the file, such as CHMOD'ing it to 600 so that it isn't world readable, or using a .htaccess file to explicitly forbid it, or even giving the password file a .cgi extension will work.

            Also if you're going to store passwords, it's a good idea to make sure they're encrypted, so that even if a malicious person were to find them they wouldn't be able to use them.

            Try taking a look at the crypt() function or even the Digest::MD5 module. MD5 hashing's very good by the way.

            Please ask if you have any questions about anything.

            Comment


            • #7
              thanks for the info dude .looks hard but i will have ago

              Comment


              • #8
                Here is an idea:

                Code:
                #!/usr/bin/perl
                
                use CGI qw(param);
                use CGI::Carp qw(fatalsToBrowser);
                
                $user = param("user");
                $pass = param("pass");
                
                $file = "userpass.txt";
                
                open(DATA,"$file"); @data = <DATA>; close(DATA);
                foreach (@data) {
                 ($username, $password) = split(/\t/, $_);
                 if (($user eq $username) && (crypt($pass, length($pass)) eq $password)) {
                  $logged = "true";
                 }
                }
                if you wanted ... you could use Matt Wrights Cookies Archive.
                that would help you a lot
                -mR_eGo
                _______________________
                Programming since
                3 years old.

                Comment


                • #9
                  thanks dude

                  Comment


                  • #10
                    how do i get this to save the member info to a txt file after they register (what do i need to change ?)so they can login everytime they visit

                    print qq~
                    <table border=1 BORDERCOLOR="#000000" width=100% cellspacing=0 bgcolor="#ffffff">
                    <tr>
                    <td bgColor="ffffff" BORDERCOLOR="#ffffff"> <center>
                    <form action="/cgi-bin/cbsboard/login.cgi" method="POST">
                    User name: <input type="text" name="r_name">
                    </form>
                    <form action="/cgi-bin/cbsboard/login.cgi" method="POST">
                    <input type="hidden" name="_send_email" value="email.txt">
                    Your email address: <input type="text" name="re_email">
                    </form>
                    <form action="/cgi-bin/cbsboard/login.cgi" method="POST">
                    <input type="hidden" name="_password" value="password.txt">
                    Choose Password: <input type="text" name="re_password">
                    </form>
                    <form action="/cgi-bin/cbsboard/login.cgi" method="POST">
                    <input type="hidden" name="_password" value="password.txt">
                    Confirm Password: <input type="text" name="re_password">
                    </form>
                    <form action="/cgi-bin/cbsboard/login.cgi"
                    method="GET">
                    <input type="submit" value="Submit">
                    </form>
                    </center>
                    </td>
                    </tr>
                    </table>~;
                    Last edited by chaotic; Jul 11, 2002, 09:43 PM.

                    Comment

                    Working...
                    X