Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 10 of 10
  1. #1
    New Coder
    Join Date
    Jun 2002
    Location
    chaoticrealities.com
    Posts
    32
    Thanks
    0
    Thanked 0 Times in 0 Posts

    how do i write a password script

    how do i write a password script ,for multiple user's using cgi ?

  • #2
    Regular Coder
    Join Date
    Jun 2002
    Location
    the Netherlands
    Posts
    215
    Thanks
    0
    Thanked 0 Times in 0 Posts
    What are you trying to protect with the passwords?

    Mzzl, Chris

  • #3
    New Coder
    Join Date
    Jun 2002
    Location
    chaoticrealities.com
    Posts
    32
    Thanks
    0
    Thanked 0 Times in 0 Posts
    a message board iam writing

  • #4
    New Coder
    Join Date
    Jun 2002
    Posts
    70
    Thanks
    0
    Thanked 0 Times in 0 Posts
    There are several methods. I'm assuming you'll be using a form to get the username and password, so one way would be to hardcode each password and corresponding username inside the code using arrays. Another way would be just to have a text file on your computer that lists the username and password and whenever a user tries to enter, it checks for the username, and then when it finds it, checks if the password is correct.
    -Obiwan Jabroni
    May the Schwartz be With You

  • #5
    Regular Coder Feyd's Avatar
    Join Date
    May 2002
    Location
    Los Angeles, CA Maxim: Subvert Society
    Posts
    404
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The better way would be to use htaccess:

    http://javascriptkit.com/howto/htaccess3.shtml
    Moderator, Perl/CGI Forum
    shadowstorm.net - subvert society

  • #6
    Regular Coder
    Join Date
    Jul 2002
    Location
    London, UK
    Posts
    126
    Thanks
    0
    Thanked 0 Times in 0 Posts
    .htaccess would certainly be the easiest way, but it wouldn't necessarily be the 'prettiest', and certainly doesn't use CGI like you asked...

    If you wanted to do it with Perl the best option would be to assign the logged-in user a session cookie and to check for that session cookie on the protected pages.

    Hardcoding is a bit of a last resort really, since this is pretty unflexible, particularly if you wanted to be able to add new users, delete them, allow them to change passwords etc. etc.

    Storing the passwords in a file is a good idea, but you should make sure that the file is preferably outside of the public_html directory or whatever so that people can't just download the file.

    If this isn't an option then you can use some common tricks to stop people from downloading the file, such as CHMOD'ing it to 600 so that it isn't world readable, or using a .htaccess file to explicitly forbid it, or even giving the password file a .cgi extension will work.

    Also if you're going to store passwords, it's a good idea to make sure they're encrypted, so that even if a malicious person were to find them they wouldn't be able to use them.

    Try taking a look at the crypt() function or even the Digest::MD5 module. MD5 hashing's very good by the way.

    Please ask if you have any questions about anything.

  • #7
    New Coder
    Join Date
    Jun 2002
    Location
    chaoticrealities.com
    Posts
    32
    Thanks
    0
    Thanked 0 Times in 0 Posts
    thanks for the info dude .looks hard but i will have ago

  • #8
    Regular Coder
    Join Date
    Jun 2002
    Location
    Brisbane, Australia
    Posts
    181
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Here is an idea:

    Code:
    #!/usr/bin/perl
    
    use CGI qw(param);
    use CGI::Carp qw(fatalsToBrowser);
    
    $user = param("user");
    $pass = param("pass");
    
    $file = "userpass.txt";
    
    open(DATA,"$file"); @data = <DATA>; close(DATA);
    foreach (@data) {
     ($username, $password) = split(/\t/, $_);
     if (($user eq $username) && (crypt($pass, length($pass)) eq $password)) {
      $logged = "true";
     }
    }
    if you wanted ... you could use Matt Wrights Cookies Archive.
    that would help you a lot

  • #9
    New Coder
    Join Date
    Jun 2002
    Location
    chaoticrealities.com
    Posts
    32
    Thanks
    0
    Thanked 0 Times in 0 Posts
    thanks dude

  • #10
    New Coder
    Join Date
    Jun 2002
    Location
    chaoticrealities.com
    Posts
    32
    Thanks
    0
    Thanked 0 Times in 0 Posts
    how do i get this to save the member info to a txt file after they register (what do i need to change ?)so they can login everytime they visit

    print qq~
    <table border=1 BORDERCOLOR="#000000" width=100% cellspacing=0 bgcolor="#ffffff">
    <tr>
    <td bgColor="ffffff" BORDERCOLOR="#ffffff"> <center>
    <form action="/cgi-bin/cbsboard/login.cgi" method="POST">
    User name: <input type="text" name="r_name">
    </form>
    <form action="/cgi-bin/cbsboard/login.cgi" method="POST">
    <input type="hidden" name="_send_email" value="email.txt">
    Your email address: <input type="text" name="re_email">
    </form>
    <form action="/cgi-bin/cbsboard/login.cgi" method="POST">
    <input type="hidden" name="_password" value="password.txt">
    Choose Password: <input type="text" name="re_password">
    </form>
    <form action="/cgi-bin/cbsboard/login.cgi" method="POST">
    <input type="hidden" name="_password" value="password.txt">
    Confirm Password: <input type="text" name="re_password">
    </form>
    <form action="/cgi-bin/cbsboard/login.cgi"
    method="GET">
    <input type="submit" value="Submit">
    </form>
    </center>
    </td>
    </tr>
    </table>~;
    Last edited by chaotic; 07-12-2002 at 02:43 AM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •