password protection

I would like to create a password protection. I want to use cgi or perl only to write this script. And You can assume, I will create the password into a text file called "pass.txt".

Each user has their own web page. So, If I have 50 users, then i have 50 web page.

An example of "pass.txt" is :
(username, password, location)

tanc02 wrhgjjdhff http://www.user1.com
wlw08 fdskfjf http://www.user2.com
...and so on.


and if the user enter the wrong password, he or she will be tell the password is incorrect and allowed to re-enter again. If correct, he or she will bring to his or her web page.

I need a complete cgi, also tell me how to install and details. I have an access to server.
john_herryAsked:
Who is Participating?
 
aioudineCommented:
-----pass.txt format----------
tanc02&&wrhgjjdhff&&http://www.user1.com
wlw08&&fdskfjf&&http://www.user2.com
andy&&andy&&http://www.novell.com
test&&test&&http://www.nsc.ru


------script start -------
#!/usr/local/bin/perl
require "cgi-lib.pl";
######################################################################


# Configuration

# The full path to your directory containing the script (not an url)
$path= "data:/inw_web/shared/docs/lcgi/perl5/test";

# Funny password file
$passfile= "/pass.txt";

# The full URL to the script
$scripturl="http://techware.prometeus.nsc.ru/perl/test/password.pl";

# footer of each page
$footer = <<EOT;
 <div align=center><small>script by <a href=\"http://techware.prometeus.nsc.ru\">aioudine<\/a><\/small></div>
EOT


# Colors placed in BODY tag
$bgcolor= "white";            # Background Color
$textcolor= "black";            # Text Color
$linkcolor= "blue";            # Link Color
$vlinkcolor= "darkblue";      # Visited Link Color
$alinkcolor= "red";            # Active Link Color
##
# Set this to a background image, or leave blank if you prefer

$bgimage= "";            # Full URL to your background image.

# End Configuration DO NOT MODIFY BELOW THIS LINE!
######################################################################



#######################
# Main

{
  if (&ReadParse(*input)){
        &CheckPass;
  }
  else{
        &ViewPage;

  }
}






########################
# sub CheckPass

sub CheckPass{

  $name = $input{'name'};
  $pass= $input{'pasw'};
  open(DATA,"$path$passfile") || print "ERROR: Can't read".$path.$passfile;
  @Data = <DATA>;
  close(DATA);

$done="no";

 foreach $Match (@Data) {
      @TempData = split (/&&/, $Match);
        if (($TempData[0] eq $name) && ($TempData[1] eq $pass))
         {
              print &PrintHeader;
              print "<META http-equiv=\"refresh\" content=\"0;url=".$TempData[2]."\">";
              $done="yes";
          }
     }

  if ($done eq "no")
   {
        print &PrintHeader;
      print <<EOT;
      <html>
      <head>
      <title>Error -- Wrong password</title>
      </head>
      <body background=\"$bgimage\" bgcolor=\"$bgcolor\" text=\"$textcolor\" link=\"$linkcolor\" vlink=\"$vlinkcolor\" alink=\"$alinkcolor\">
       <h2 align=center>You need to enter your correct password!<\/h2><br>
      <center>Please press your browser's back button and try again</center>
EOT
     print $footer;
     print &HtmlBot;
  }
}



########################
# sub ViewPage
sub ViewPage{

      print &PrintHeader;
      print <<EOT;
      <html>
      <head>
      <title>Enter password</title>
      </head>
      <body background=\"$bgimage\" bgcolor=\"$bgcolor\" text=\"$textcolor\" link=\"$linkcolor\" vlink=\"$vlinkcolor\" alink=\"$alinkcolor\">
      <p>
      <FORM ACTION=\"$scripturl\" METHOD=\"POST\">
      Youre name:<br>
      <input type=text name="name" size=60><br>
      Password:<br>
      <input type=password name="pasw" size=10><br>
      <INPUT TYPE=submit VALUE=Submit><INPUT TYPE=Reset VALUE=Reset>
      <\/FORM>
      <br>

EOT
            print $footer;
            print &HtmlBot;

}                  


----------end script--------
0
 
aioudineCommented:
What kind of OS, http server you are use
Do you have perl installed? Which version?
0
 
john_herryAuthor Commented:
it is unix and use apache server. I have perl but what is cgi-lib.pl

How to get it and install
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

 
john_herryAuthor Commented:
also can you tell me how do logout button. If logout button is pressed, then someone
can't use "back" buuton to view that page. And the user will be asked to enter password and login again ?
0
 
john_herryAuthor Commented:
how safe is that ? can I store pass.txt in someplace else, if yes how ?
and what chmod use I use ?
0
 
john_herryAuthor Commented:
Adjusted points to 109
0
 
aioudineCommented:
cgi-lib.pl is a free "Perl Routines to Manipulate CGI input" by Steven E. Brenner  
For more information, see:  http://cgi-lib.stanford.edu/cgi-lib/

pass.txt should be stored in safe place, unaccessible by unix users and out of html
directory tree

if file placed in youre home dir use chmod u+s (I think, but better contact with sysadmin)

IFAIK thera no way to restrict user from pressing "BACK"
But you may use JavaScript onload event, which may run function for cleaning
password INPUT field, but this question for JavaScript area




0
 
john_herryAuthor Commented:
i ran this script, it gave me an error like : header problem and can't find eot before eof
waht's wrong ?
0
 
aioudineCommented:
Hmm
On screen it' s seem same as my working script
try convert this file to unix style by using dos2unix utils

if no success download script from my site:
http://techware.prometeus.nsc.ru/test


0
 
john_herryAuthor Commented:
Thank you ! It is working right now, but after I entered the password, it give me this message :

 <html>
        <head>
        <title>Error -- Wrong password</title>
        </head>
        <body background="" bgcolor="white" text="black" link="blue" vlink="darkblue" alink="red">
        <h2 align=center>You need to enter your correct password!</h2><br>
        <center>Please press your browser's back button and try again</center>
 <div align=center><small>script by <a href="http://techware.prometeus.nsc.ru">aioudine</a></small></div>
</body>
</html>

why ? Or maybe it can't find my pass.txt. How to set to pass.txt, in what directory.
If I put my pass.txt in cgi-bin, can someone see it ? If yes, how to prevent someone steel my pass.txt.

The logout button I am talking about is made by cgi script, if you know what I mean if you have hotmail.com account ?
0
 
aioudineCommented:
thera was a litle mistake in code:
When script can't find pass.txt it's output "Wrong password"
Modified script available at my site

Also don't forget to modify $path variable in script
for unixes it's should look like
$path= "/usr/local/ns-home/cgi-bin";


Usially users unable to read files in cgi-bin from Web browser (but some unix users may,
so contact with sysadmin where to place this file and how to restrict access)

Note: script should be able to read this file
0
 
john_herryAuthor Commented:
if I would like to encode the pass.txt, I have a htpasswd.pl which can do that, but I just
don't know how to put it inside the script. Can you teach me or do you have any
idea ?
0
 
john_herryAuthor Commented:
what is wrong wtih your page

http://techware.prometeus.nsc.ru/test 

I can't go in, it gave me a message that server is down
0
 
john_herryAuthor Commented:
I have changed my path like :

$path= "/home/mcs436-2/web-server/cgi-bin";

and my pass.txt is correct, after I entered the username and password, it didn't
bring me to the protected location but it me me this following :

<html>
              <head>
              <title>Error -- Wrong password</title>
              </head>
              <body background="" bgcolor="white" text="black" link="blue" vlink="darkblue" alink="red">
              <h2 align=center>You need to enter your correct password!</h2><br>
              <center>Please press your browser's back button and try again</center>
       <div align=center><small>script by <a
      href="http://techware.prometeus.nsc.ru">aioudine</a></small></div>
      </body>
      </html>
0
 
aioudineCommented:
My server should be available now
0
 
john_herryAuthor Commented:
it still can't find my password, why ?
Here is what I did :

in the pass.txt. It is in /home/mcs436-2/web-server/cgi-bin/pass.txt

tanc02&&tanc02&&http://www.yahoo.com      


and script is in /home/mcs436-2/web-server/cgi-bin/t.pl

#!/usr/bin/perl
require "cgi-lib.pl";
######################################################################
 
 
# Configuration
 
# The full path to your directory containing the script (not an url)
$path= "data:/home/mcs436-2/web-server/cgi-bin";
 
# Funny password file
$passfile= "pass.txt";
 
# The full URL to the script
$scripturl="http://imps.stcloudstate.edu:8002/cgi-bin/t.pl";
 
# footer of each page
$footer = <<EOT;
 <div align=center><small>script by <a href=\"http://techware.prometeus.nsc.ru\">a
ioudine<\/a><\/small></div>
EOT
 
 
# Colors placed in BODY tag
$bgcolor= "white";              # Background Color
$textcolor= "black";            # Text Color
$linkcolor= "blue";             # Link Color
$vlinkcolor= "darkblue";        # Visited Link Color
$alinkcolor= "red";             # Active Link Color
##
# Set this to a background image, or leave blank if you prefer
 
$bgimage= "";           # Full URL to your background image.
 
# End Configuration DO NOT MODIFY BELOW THIS LINE!
######################################################################
 
 
 
#######################
# Main
 
{
  if (&ReadParse(*input)){
        &CheckPass;
  }
  else{
        &ViewPage;

 
  }
}
 
 
 
 
 
 
########################
# sub CheckPass
 
sub CheckPass{
 
  $name = $input{'name'};
  $pass= $input{'pasw'};
  open(DATA,"$path$passfile") || print "ERROR: Can't read".$path.$passfile;
  @Data = <DATA>;
  close(DATA);
 
$done="no";
 
 foreach $Match (@Data) {
        @TempData = split (/&&/, $Match);
        if (($TempData[0] eq $name) && ($TempData[1] eq $pass))
  {      
                print &PrintHeader;
                print "<META http-equiv=\"refresh\" content=\"0;url=".$TempData[2]
"\">";
                $done="yes";
          }
     }
 
  if ($done eq "no")
   {
        print &PrintHeader;
        print <<EOT;
        <html>
        <head>
        <title>Error -- Wrong password</title>
        </head>
        <body background=\"$bgimage\" bgcolor=\"$bgcolor\" text=\"$textcolor\" lin
k=\"$linkcolor\" vlink=\"$vlinkcolor\" alink=\"$alinkcolor\">
        <h2 align=center>You need to enter your correct password!<\/h2><br>
        <center>Please press your browser's back button and try again</center>
EOT
     print $footer;
     print &HtmlBot;
  }
}
 
 
 
########################
# sub ViewPage
sub ViewPage{
 
        print &PrintHeader;
        print <<EOT;
        <html>
        <head>
        <title>Enter password</title>
        </head>
        <body background=\"$bgimage\" bgcolor=\"$bgcolor\" text=\"$textcolor\" lin
k=\"$linkcolor\" vlink=\"$vlinkcolor\" alink=\"$alinkcolor\">
        <p>
        <FORM ACTION=\"$scripturl\" METHOD=\"POST\">
        Youre name:<br>
        <input type=text name="name" size=60><br>
        Password:<br>
        <input type=password name="pasw" size=10><br>
        <INPUT TYPE=submit VALUE=Submit><INPUT TYPE=Reset VALUE=Reset>
        <\/FORM>
        <br>
EOT
                print $footer;
                print &HtmlBot;
 
}
 

and I wnet to visit your page, you have a messagebook, it is pretty neat. Can you grant
me the code and detail how to install that script. I will increase my points here.

But, I just want a textfield for Name(who is posting the message)
                                          Subject
                                          textarea
                                          submit and clear button
and the date and time is taken form local time machine( i mean unix time)
Can you do that for me. I am appreciated. Thank you !
Oh ! and the message is posted at the top, I don't want user to select the place and
I don't want overwrite radius. Also can you take out the password, because I will use the
password script that you give. that password script will bring user to messageboog page ! Thank you
0
 
james005Commented:
Do you got the "cgi-lib.pl"? If no, please put it in your directory. If you got, I don't know!
0
 
aioudineCommented:
Herry,
replace
$path= "data:/home/mcs436-2/web-server/cgi-bin";
with
$path= "/home/mcs436-2/web-server/cgi-bin";
     
If you wish talk about message_book drop me a email at andy@prometeus.nsc.ru
   
0
 
john_herryAuthor Commented:
It is working. You are the man. Thanks a lot.
I just named my pass.txt path wrong.

If you can :
 if I will like to add username and password
 and use something to encode the username and password

 can you teach me how to do that, I will increase another 20 points.

If you cannot, just tell me, I will give you an A and point right now.
0
 
aioudineCommented:
Unfortunately, I unable to test script with encripted password,
becose my pretty Netware Webserver unsupport encript() function

But will give you an idea how to do this, without additional points

First run script
#!/usr/bin/perl
# Change your perl path to meet need..
print "Enter Password: ";
$pass = <STDIN>;
$key = "MySuperPrivateKey";
$encripted_pass = crypt ($pass, $key);
print "Password converted to: $encripted_pass\n";
#end script

It's will produce encripted_password

Use output as base for creating pass.txt
name&&encripted_password&&URL

after this in CheckPass subroutine replace string
----start-----
 $pass= $input{'pasw'};
-----stop ----
with
-----start----
 $pass= crypt ($input{'pasw'}, "MySuperPrivateKey");
---stop---

HTH
PS About messagebook: Since you don't need any advanced features, like images inline message,
add_to_top or overwrtite. You may use any guestbook available on the inteernet.
Visit http://cgi-resources.com


0
 
john_herryAuthor Commented:
Thank a lot, you gave me a lot of helppppppppp !

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.