Solved

password protection

Posted on 1998-10-15
21
375 Views
Last Modified: 2008-03-10
I would like to create a password protection. I want to use cgi or perl only to write this script. And You can assume, I will create the password into a text file called "pass.txt".

Each user has their own web page. So, If I have 50 users, then i have 50 web page.

An example of "pass.txt" is :
(username, password, location)

tanc02 wrhgjjdhff http://www.user1.com
wlw08 fdskfjf http://www.user2.com
...and so on.


and if the user enter the wrong password, he or she will be tell the password is incorrect and allowed to re-enter again. If correct, he or she will bring to his or her web page.

I need a complete cgi, also tell me how to install and details. I have an access to server.
0
Comment
Question by:john_herry
  • 12
  • 8
21 Comments
 
LVL 5

Expert Comment

by:aioudine
ID: 1205376
What kind of OS, http server you are use
Do you have perl installed? Which version?
0
 
LVL 5

Accepted Solution

by:
aioudine earned 100 total points
ID: 1205377
-----pass.txt format----------
tanc02&&wrhgjjdhff&&http://www.user1.com
wlw08&&fdskfjf&&http://www.user2.com
andy&&andy&&http://www.novell.com
test&&test&&http://www.nsc.ru


------script start -------
#!/usr/local/bin/perl
require "cgi-lib.pl";
######################################################################


# Configuration

# The full path to your directory containing the script (not an url)
$path= "data:/inw_web/shared/docs/lcgi/perl5/test";

# Funny password file
$passfile= "/pass.txt";

# The full URL to the script
$scripturl="http://techware.prometeus.nsc.ru/perl/test/password.pl";

# footer of each page
$footer = <<EOT;
 <div align=center><small>script by <a href=\"http://techware.prometeus.nsc.ru\">aioudine<\/a><\/small></div>
EOT


# Colors placed in BODY tag
$bgcolor= "white";            # Background Color
$textcolor= "black";            # Text Color
$linkcolor= "blue";            # Link Color
$vlinkcolor= "darkblue";      # Visited Link Color
$alinkcolor= "red";            # Active Link Color
##
# Set this to a background image, or leave blank if you prefer

$bgimage= "";            # Full URL to your background image.

# End Configuration DO NOT MODIFY BELOW THIS LINE!
######################################################################



#######################
# Main

{
  if (&ReadParse(*input)){
        &CheckPass;
  }
  else{
        &ViewPage;

  }
}






########################
# sub CheckPass

sub CheckPass{

  $name = $input{'name'};
  $pass= $input{'pasw'};
  open(DATA,"$path$passfile") || print "ERROR: Can't read".$path.$passfile;
  @Data = <DATA>;
  close(DATA);

$done="no";

 foreach $Match (@Data) {
      @TempData = split (/&&/, $Match);
        if (($TempData[0] eq $name) && ($TempData[1] eq $pass))
         {
              print &PrintHeader;
              print "<META http-equiv=\"refresh\" content=\"0;url=".$TempData[2]."\">";
              $done="yes";
          }
     }

  if ($done eq "no")
   {
        print &PrintHeader;
      print <<EOT;
      <html>
      <head>
      <title>Error -- Wrong password</title>
      </head>
      <body background=\"$bgimage\" bgcolor=\"$bgcolor\" text=\"$textcolor\" link=\"$linkcolor\" vlink=\"$vlinkcolor\" alink=\"$alinkcolor\">
       <h2 align=center>You need to enter your correct password!<\/h2><br>
      <center>Please press your browser's back button and try again</center>
EOT
     print $footer;
     print &HtmlBot;
  }
}



########################
# sub ViewPage
sub ViewPage{

      print &PrintHeader;
      print <<EOT;
      <html>
      <head>
      <title>Enter password</title>
      </head>
      <body background=\"$bgimage\" bgcolor=\"$bgcolor\" text=\"$textcolor\" link=\"$linkcolor\" vlink=\"$vlinkcolor\" alink=\"$alinkcolor\">
      <p>
      <FORM ACTION=\"$scripturl\" METHOD=\"POST\">
      Youre name:<br>
      <input type=text name="name" size=60><br>
      Password:<br>
      <input type=password name="pasw" size=10><br>
      <INPUT TYPE=submit VALUE=Submit><INPUT TYPE=Reset VALUE=Reset>
      <\/FORM>
      <br>

EOT
            print $footer;
            print &HtmlBot;

}                  


----------end script--------
0
 

Author Comment

by:john_herry
ID: 1205378
it is unix and use apache server. I have perl but what is cgi-lib.pl

How to get it and install
0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 

Author Comment

by:john_herry
ID: 1205379
also can you tell me how do logout button. If logout button is pressed, then someone
can't use "back" buuton to view that page. And the user will be asked to enter password and login again ?
0
 

Author Comment

by:john_herry
ID: 1205380
how safe is that ? can I store pass.txt in someplace else, if yes how ?
and what chmod use I use ?
0
 

Author Comment

by:john_herry
ID: 1205381
Adjusted points to 109
0
 
LVL 5

Expert Comment

by:aioudine
ID: 1205382
cgi-lib.pl is a free "Perl Routines to Manipulate CGI input" by Steven E. Brenner  
For more information, see:  http://cgi-lib.stanford.edu/cgi-lib/

pass.txt should be stored in safe place, unaccessible by unix users and out of html
directory tree

if file placed in youre home dir use chmod u+s (I think, but better contact with sysadmin)

IFAIK thera no way to restrict user from pressing "BACK"
But you may use JavaScript onload event, which may run function for cleaning
password INPUT field, but this question for JavaScript area




0
 

Author Comment

by:john_herry
ID: 1205383
i ran this script, it gave me an error like : header problem and can't find eot before eof
waht's wrong ?
0
 
LVL 5

Expert Comment

by:aioudine
ID: 1205384
Hmm
On screen it' s seem same as my working script
try convert this file to unix style by using dos2unix utils

if no success download script from my site:
http://techware.prometeus.nsc.ru/test


0
 

Author Comment

by:john_herry
ID: 1205385
Thank you ! It is working right now, but after I entered the password, it give me this message :

 <html>
        <head>
        <title>Error -- Wrong password</title>
        </head>
        <body background="" bgcolor="white" text="black" link="blue" vlink="darkblue" alink="red">
        <h2 align=center>You need to enter your correct password!</h2><br>
        <center>Please press your browser's back button and try again</center>
 <div align=center><small>script by <a href="http://techware.prometeus.nsc.ru">aioudine</a></small></div>
</body>
</html>

why ? Or maybe it can't find my pass.txt. How to set to pass.txt, in what directory.
If I put my pass.txt in cgi-bin, can someone see it ? If yes, how to prevent someone steel my pass.txt.

The logout button I am talking about is made by cgi script, if you know what I mean if you have hotmail.com account ?
0
 
LVL 5

Expert Comment

by:aioudine
ID: 1205386
thera was a litle mistake in code:
When script can't find pass.txt it's output "Wrong password"
Modified script available at my site

Also don't forget to modify $path variable in script
for unixes it's should look like
$path= "/usr/local/ns-home/cgi-bin";


Usially users unable to read files in cgi-bin from Web browser (but some unix users may,
so contact with sysadmin where to place this file and how to restrict access)

Note: script should be able to read this file
0
 

Author Comment

by:john_herry
ID: 1205387
if I would like to encode the pass.txt, I have a htpasswd.pl which can do that, but I just
don't know how to put it inside the script. Can you teach me or do you have any
idea ?
0
 

Author Comment

by:john_herry
ID: 1205388
what is wrong wtih your page

http://techware.prometeus.nsc.ru/test 

I can't go in, it gave me a message that server is down
0
 

Author Comment

by:john_herry
ID: 1205389
I have changed my path like :

$path= "/home/mcs436-2/web-server/cgi-bin";

and my pass.txt is correct, after I entered the username and password, it didn't
bring me to the protected location but it me me this following :

<html>
              <head>
              <title>Error -- Wrong password</title>
              </head>
              <body background="" bgcolor="white" text="black" link="blue" vlink="darkblue" alink="red">
              <h2 align=center>You need to enter your correct password!</h2><br>
              <center>Please press your browser's back button and try again</center>
       <div align=center><small>script by <a
      href="http://techware.prometeus.nsc.ru">aioudine</a></small></div>
      </body>
      </html>
0
 
LVL 5

Expert Comment

by:aioudine
ID: 1205390
My server should be available now
0
 

Author Comment

by:john_herry
ID: 1205391
it still can't find my password, why ?
Here is what I did :

in the pass.txt. It is in /home/mcs436-2/web-server/cgi-bin/pass.txt

tanc02&&tanc02&&http://www.yahoo.com      


and script is in /home/mcs436-2/web-server/cgi-bin/t.pl

#!/usr/bin/perl
require "cgi-lib.pl";
######################################################################
 
 
# Configuration
 
# The full path to your directory containing the script (not an url)
$path= "data:/home/mcs436-2/web-server/cgi-bin";
 
# Funny password file
$passfile= "pass.txt";
 
# The full URL to the script
$scripturl="http://imps.stcloudstate.edu:8002/cgi-bin/t.pl";
 
# footer of each page
$footer = <<EOT;
 <div align=center><small>script by <a href=\"http://techware.prometeus.nsc.ru\">a
ioudine<\/a><\/small></div>
EOT
 
 
# Colors placed in BODY tag
$bgcolor= "white";              # Background Color
$textcolor= "black";            # Text Color
$linkcolor= "blue";             # Link Color
$vlinkcolor= "darkblue";        # Visited Link Color
$alinkcolor= "red";             # Active Link Color
##
# Set this to a background image, or leave blank if you prefer
 
$bgimage= "";           # Full URL to your background image.
 
# End Configuration DO NOT MODIFY BELOW THIS LINE!
######################################################################
 
 
 
#######################
# Main
 
{
  if (&ReadParse(*input)){
        &CheckPass;
  }
  else{
        &ViewPage;

 
  }
}
 
 
 
 
 
 
########################
# sub CheckPass
 
sub CheckPass{
 
  $name = $input{'name'};
  $pass= $input{'pasw'};
  open(DATA,"$path$passfile") || print "ERROR: Can't read".$path.$passfile;
  @Data = <DATA>;
  close(DATA);
 
$done="no";
 
 foreach $Match (@Data) {
        @TempData = split (/&&/, $Match);
        if (($TempData[0] eq $name) && ($TempData[1] eq $pass))
  {      
                print &PrintHeader;
                print "<META http-equiv=\"refresh\" content=\"0;url=".$TempData[2]
"\">";
                $done="yes";
          }
     }
 
  if ($done eq "no")
   {
        print &PrintHeader;
        print <<EOT;
        <html>
        <head>
        <title>Error -- Wrong password</title>
        </head>
        <body background=\"$bgimage\" bgcolor=\"$bgcolor\" text=\"$textcolor\" lin
k=\"$linkcolor\" vlink=\"$vlinkcolor\" alink=\"$alinkcolor\">
        <h2 align=center>You need to enter your correct password!<\/h2><br>
        <center>Please press your browser's back button and try again</center>
EOT
     print $footer;
     print &HtmlBot;
  }
}
 
 
 
########################
# sub ViewPage
sub ViewPage{
 
        print &PrintHeader;
        print <<EOT;
        <html>
        <head>
        <title>Enter password</title>
        </head>
        <body background=\"$bgimage\" bgcolor=\"$bgcolor\" text=\"$textcolor\" lin
k=\"$linkcolor\" vlink=\"$vlinkcolor\" alink=\"$alinkcolor\">
        <p>
        <FORM ACTION=\"$scripturl\" METHOD=\"POST\">
        Youre name:<br>
        <input type=text name="name" size=60><br>
        Password:<br>
        <input type=password name="pasw" size=10><br>
        <INPUT TYPE=submit VALUE=Submit><INPUT TYPE=Reset VALUE=Reset>
        <\/FORM>
        <br>
EOT
                print $footer;
                print &HtmlBot;
 
}
 

and I wnet to visit your page, you have a messagebook, it is pretty neat. Can you grant
me the code and detail how to install that script. I will increase my points here.

But, I just want a textfield for Name(who is posting the message)
                                          Subject
                                          textarea
                                          submit and clear button
and the date and time is taken form local time machine( i mean unix time)
Can you do that for me. I am appreciated. Thank you !
Oh ! and the message is posted at the top, I don't want user to select the place and
I don't want overwrite radius. Also can you take out the password, because I will use the
password script that you give. that password script will bring user to messageboog page ! Thank you
0
 

Expert Comment

by:james005
ID: 1205392
Do you got the "cgi-lib.pl"? If no, please put it in your directory. If you got, I don't know!
0
 
LVL 5

Expert Comment

by:aioudine
ID: 1205393
Herry,
replace
$path= "data:/home/mcs436-2/web-server/cgi-bin";
with
$path= "/home/mcs436-2/web-server/cgi-bin";
     
If you wish talk about message_book drop me a email at andy@prometeus.nsc.ru
   
0
 

Author Comment

by:john_herry
ID: 1205394
It is working. You are the man. Thanks a lot.
I just named my pass.txt path wrong.

If you can :
 if I will like to add username and password
 and use something to encode the username and password

 can you teach me how to do that, I will increase another 20 points.

If you cannot, just tell me, I will give you an A and point right now.
0
 
LVL 5

Expert Comment

by:aioudine
ID: 1205395
Unfortunately, I unable to test script with encripted password,
becose my pretty Netware Webserver unsupport encript() function

But will give you an idea how to do this, without additional points

First run script
#!/usr/bin/perl
# Change your perl path to meet need..
print "Enter Password: ";
$pass = <STDIN>;
$key = "MySuperPrivateKey";
$encripted_pass = crypt ($pass, $key);
print "Password converted to: $encripted_pass\n";
#end script

It's will produce encripted_password

Use output as base for creating pass.txt
name&&encripted_password&&URL

after this in CheckPass subroutine replace string
----start-----
 $pass= $input{'pasw'};
-----stop ----
with
-----start----
 $pass= crypt ($input{'pasw'}, "MySuperPrivateKey");
---stop---

HTH
PS About messagebook: Since you don't need any advanced features, like images inline message,
add_to_top or overwrtite. You may use any guestbook available on the inteernet.
Visit http://cgi-resources.com


0
 

Author Comment

by:john_herry
ID: 1205396
Thank a lot, you gave me a lot of helppppppppp !

0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Perl for loop for 2000 ms 7 98
cpan issue 1 63
Can Oracle Client 11.2.0.2.0 work with an Oracle 12c Database? 5 149
git fat pull happens nothing in centos 6.3 python 2.6.6 33 215
There are many situations when we need to display the data in sorted order. For example: Student details by name or by rank or by total marks etc. If you are working on data driven based projects then you will use sorting techniques very frequently.…
In the distant past (last year) I hacked together a little toy that would allow a couple of Manager types to query, preview, and extract data from a number of MongoDB instances, to their tool of choice: Excel (http://dilbert.com/strips/comic/2007-08…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now