Helpful Information
 
 
Category: Perl/ CGI
how do i write a password script

how do i write a password script ,for multiple user's using cgi ?

What are you trying to protect with the passwords?

Mzzl, Chris

a message board iam writing

There are several methods. I'm assuming you'll be using a form to get the username and password, so one way would be to hardcode each password and corresponding username inside the code using arrays. Another way would be just to have a text file on your computer that lists the username and password and whenever a user tries to enter, it checks for the username, and then when it finds it, checks if the password is correct.

The better way would be to use htaccess:

http://javascriptkit.com/howto/htaccess3.shtml

.htaccess would certainly be the easiest way, but it wouldn't necessarily be the 'prettiest', and certainly doesn't use CGI like you asked...

If you wanted to do it with Perl the best option would be to assign the logged-in user a session cookie and to check for that session cookie on the protected pages.

Hardcoding is a bit of a last resort really, since this is pretty unflexible, particularly if you wanted to be able to add new users, delete them, allow them to change passwords etc. etc.

Storing the passwords in a file is a good idea, but you should make sure that the file is preferably outside of the public_html directory or whatever so that people can't just download the file.

If this isn't an option then you can use some common tricks to stop people from downloading the file, such as CHMOD'ing it to 600 so that it isn't world readable, or using a .htaccess file to explicitly forbid it, or even giving the password file a .cgi extension will work.

Also if you're going to store passwords, it's a good idea to make sure they're encrypted, so that even if a malicious person were to find them they wouldn't be able to use them.

Try taking a look at the crypt() (http://www.perldoc.com/perl5.6.1/pod/func/crypt.html) function or even the Digest::MD5 (http://www.perldoc.com/perl5.6.1/lib/Digest/MD5.html) module. MD5 hashing's very good by the way.

Please ask if you have any questions about anything.

thanks for the info dude .looks hard but i will have ago :thumbsup:

Here is an idea:




#!/usr/bin/perl

use CGI qw(param);
use CGI::Carp qw(fatalsToBrowser);

$user = param("user");
$pass = param("pass");

$file = "userpass.txt";

open(DATA,"$file"); @data = <DATA>; close(DATA);
foreach (@data) {
($username, $password) = split(/\t/, $_);
if (($user eq $username) && (crypt($pass, length($pass)) eq $password)) {
$logged = "true";
}
}



if you wanted ... you could use Matt Wrights Cookies Archive.
that would help you a lot

thanks dude :D

how do i get this to save the member info to a txt file after they register (what do i need to change ?)so they can login everytime they visit

print qq~
<table border=1 BORDERCOLOR="#000000" width=100% cellspacing=0 bgcolor="#ffffff">
<tr>
<td bgColor="ffffff" BORDERCOLOR="#ffffff"> <center>
<form action="/cgi-bin/cbsboard/login.cgi" method="POST">
User name: <input type="text" name="r_name">
</form>
<form action="/cgi-bin/cbsboard/login.cgi" method="POST">
<input type="hidden" name="_send_email" value="email.txt">
Your email address: <input type="text" name="re_email">
</form>
<form action="/cgi-bin/cbsboard/login.cgi" method="POST">
<input type="hidden" name="_password" value="password.txt">
Choose Password: <input type="text" name="re_password">
</form>
<form action="/cgi-bin/cbsboard/login.cgi" method="POST">
<input type="hidden" name="_password" value="password.txt">
Confirm Password: <input type="text" name="re_password">
</form>
<form action="/cgi-bin/cbsboard/login.cgi"
method="GET">
<input type="submit" value="Submit">
</form>
</center>
</td>
</tr>
</table>~;










privacy (GDPR)