Solved

password protection

Posted on 1998-10-15
21
379 Views
Last Modified: 2008-03-10
I would like to create a password protection. I want to use cgi or perl only to write this script. And You can assume, I will create the password into a text file called "pass.txt".

Each user has their own web page. So, If I have 50 users, then i have 50 web page.

An example of "pass.txt" is :
(username, password, location)

tanc02 wrhgjjdhff http://www.user1.com
wlw08 fdskfjf http://www.user2.com
...and so on.


and if the user enter the wrong password, he or she will be tell the password is incorrect and allowed to re-enter again. If correct, he or she will bring to his or her web page.

I need a complete cgi, also tell me how to install and details. I have an access to server.
0
Comment
Question by:john_herry
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 8
21 Comments
 
LVL 5

Expert Comment

by:aioudine
ID: 1205376
What kind of OS, http server you are use
Do you have perl installed? Which version?
0
 
LVL 5

Accepted Solution

by:
aioudine earned 100 total points
ID: 1205377
-----pass.txt format----------
tanc02&&wrhgjjdhff&&http://www.user1.com
wlw08&&fdskfjf&&http://www.user2.com
andy&&andy&&http://www.novell.com
test&&test&&http://www.nsc.ru


------script start -------
#!/usr/local/bin/perl
require "cgi-lib.pl";
######################################################################


# Configuration

# The full path to your directory containing the script (not an url)
$path= "data:/inw_web/shared/docs/lcgi/perl5/test";

# Funny password file
$passfile= "/pass.txt";

# The full URL to the script
$scripturl="http://techware.prometeus.nsc.ru/perl/test/password.pl";

# footer of each page
$footer = <<EOT;
 <div align=center><small>script by <a href=\"http://techware.prometeus.nsc.ru\">aioudine<\/a><\/small></div>
EOT


# Colors placed in BODY tag
$bgcolor= "white";            # Background Color
$textcolor= "black";            # Text Color
$linkcolor= "blue";            # Link Color
$vlinkcolor= "darkblue";      # Visited Link Color
$alinkcolor= "red";            # Active Link Color
##
# Set this to a background image, or leave blank if you prefer

$bgimage= "";            # Full URL to your background image.

# End Configuration DO NOT MODIFY BELOW THIS LINE!
######################################################################



#######################
# Main

{
  if (&ReadParse(*input)){
        &CheckPass;
  }
  else{
        &ViewPage;

  }
}






########################
# sub CheckPass

sub CheckPass{

  $name = $input{'name'};
  $pass= $input{'pasw'};
  open(DATA,"$path$passfile") || print "ERROR: Can't read".$path.$passfile;
  @Data = <DATA>;
  close(DATA);

$done="no";

 foreach $Match (@Data) {
      @TempData = split (/&&/, $Match);
        if (($TempData[0] eq $name) && ($TempData[1] eq $pass))
         {
              print &PrintHeader;
              print "<META http-equiv=\"refresh\" content=\"0;url=".$TempData[2]."\">";
              $done="yes";
          }
     }

  if ($done eq "no")
   {
        print &PrintHeader;
      print <<EOT;
      <html>
      <head>
      <title>Error -- Wrong password</title>
      </head>
      <body background=\"$bgimage\" bgcolor=\"$bgcolor\" text=\"$textcolor\" link=\"$linkcolor\" vlink=\"$vlinkcolor\" alink=\"$alinkcolor\">
       <h2 align=center>You need to enter your correct password!<\/h2><br>
      <center>Please press your browser's back button and try again</center>
EOT
     print $footer;
     print &HtmlBot;
  }
}



########################
# sub ViewPage
sub ViewPage{

      print &PrintHeader;
      print <<EOT;
      <html>
      <head>
      <title>Enter password</title>
      </head>
      <body background=\"$bgimage\" bgcolor=\"$bgcolor\" text=\"$textcolor\" link=\"$linkcolor\" vlink=\"$vlinkcolor\" alink=\"$alinkcolor\">
      <p>
      <FORM ACTION=\"$scripturl\" METHOD=\"POST\">
      Youre name:<br>
      <input type=text name="name" size=60><br>
      Password:<br>
      <input type=password name="pasw" size=10><br>
      <INPUT TYPE=submit VALUE=Submit><INPUT TYPE=Reset VALUE=Reset>
      <\/FORM>
      <br>

EOT
            print $footer;
            print &HtmlBot;

}                  


----------end script--------
0
 

Author Comment

by:john_herry
ID: 1205378
it is unix and use apache server. I have perl but what is cgi-lib.pl

How to get it and install
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:john_herry
ID: 1205379
also can you tell me how do logout button. If logout button is pressed, then someone
can't use "back" buuton to view that page. And the user will be asked to enter password and login again ?
0
 

Author Comment

by:john_herry
ID: 1205380
how safe is that ? can I store pass.txt in someplace else, if yes how ?
and what chmod use I use ?
0
 

Author Comment

by:john_herry
ID: 1205381
Adjusted points to 109
0
 
LVL 5

Expert Comment

by:aioudine
ID: 1205382
cgi-lib.pl is a free "Perl Routines to Manipulate CGI input" by Steven E. Brenner  
For more information, see:  http://cgi-lib.stanford.edu/cgi-lib/

pass.txt should be stored in safe place, unaccessible by unix users and out of html
directory tree

if file placed in youre home dir use chmod u+s (I think, but better contact with sysadmin)

IFAIK thera no way to restrict user from pressing "BACK"
But you may use JavaScript onload event, which may run function for cleaning
password INPUT field, but this question for JavaScript area




0
 

Author Comment

by:john_herry
ID: 1205383
i ran this script, it gave me an error like : header problem and can't find eot before eof
waht's wrong ?
0
 
LVL 5

Expert Comment

by:aioudine
ID: 1205384
Hmm
On screen it' s seem same as my working script
try convert this file to unix style by using dos2unix utils

if no success download script from my site:
http://techware.prometeus.nsc.ru/test


0
 

Author Comment

by:john_herry
ID: 1205385
Thank you ! It is working right now, but after I entered the password, it give me this message :

 <html>
        <head>
        <title>Error -- Wrong password</title>
        </head>
        <body background="" bgcolor="white" text="black" link="blue" vlink="darkblue" alink="red">
        <h2 align=center>You need to enter your correct password!</h2><br>
        <center>Please press your browser's back button and try again</center>
 <div align=center><small>script by <a href="http://techware.prometeus.nsc.ru">aioudine</a></small></div>
</body>
</html>

why ? Or maybe it can't find my pass.txt. How to set to pass.txt, in what directory.
If I put my pass.txt in cgi-bin, can someone see it ? If yes, how to prevent someone steel my pass.txt.

The logout button I am talking about is made by cgi script, if you know what I mean if you have hotmail.com account ?
0
 
LVL 5

Expert Comment

by:aioudine
ID: 1205386
thera was a litle mistake in code:
When script can't find pass.txt it's output "Wrong password"
Modified script available at my site

Also don't forget to modify $path variable in script
for unixes it's should look like
$path= "/usr/local/ns-home/cgi-bin";


Usially users unable to read files in cgi-bin from Web browser (but some unix users may,
so contact with sysadmin where to place this file and how to restrict access)

Note: script should be able to read this file
0
 

Author Comment

by:john_herry
ID: 1205387
if I would like to encode the pass.txt, I have a htpasswd.pl which can do that, but I just
don't know how to put it inside the script. Can you teach me or do you have any
idea ?
0
 

Author Comment

by:john_herry
ID: 1205388
what is wrong wtih your page

http://techware.prometeus.nsc.ru/test 

I can't go in, it gave me a message that server is down
0
 

Author Comment

by:john_herry
ID: 1205389
I have changed my path like :

$path= "/home/mcs436-2/web-server/cgi-bin";

and my pass.txt is correct, after I entered the username and password, it didn't
bring me to the protected location but it me me this following :

<html>
              <head>
              <title>Error -- Wrong password</title>
              </head>
              <body background="" bgcolor="white" text="black" link="blue" vlink="darkblue" alink="red">
              <h2 align=center>You need to enter your correct password!</h2><br>
              <center>Please press your browser's back button and try again</center>
       <div align=center><small>script by <a
      href="http://techware.prometeus.nsc.ru">aioudine</a></small></div>
      </body>
      </html>
0
 
LVL 5

Expert Comment

by:aioudine
ID: 1205390
My server should be available now
0
 

Author Comment

by:john_herry
ID: 1205391
it still can't find my password, why ?
Here is what I did :

in the pass.txt. It is in /home/mcs436-2/web-server/cgi-bin/pass.txt

tanc02&&tanc02&&http://www.yahoo.com      


and script is in /home/mcs436-2/web-server/cgi-bin/t.pl

#!/usr/bin/perl
require "cgi-lib.pl";
######################################################################
 
 
# Configuration
 
# The full path to your directory containing the script (not an url)
$path= "data:/home/mcs436-2/web-server/cgi-bin";
 
# Funny password file
$passfile= "pass.txt";
 
# The full URL to the script
$scripturl="http://imps.stcloudstate.edu:8002/cgi-bin/t.pl";
 
# footer of each page
$footer = <<EOT;
 <div align=center><small>script by <a href=\"http://techware.prometeus.nsc.ru\">a
ioudine<\/a><\/small></div>
EOT
 
 
# Colors placed in BODY tag
$bgcolor= "white";              # Background Color
$textcolor= "black";            # Text Color
$linkcolor= "blue";             # Link Color
$vlinkcolor= "darkblue";        # Visited Link Color
$alinkcolor= "red";             # Active Link Color
##
# Set this to a background image, or leave blank if you prefer
 
$bgimage= "";           # Full URL to your background image.
 
# End Configuration DO NOT MODIFY BELOW THIS LINE!
######################################################################
 
 
 
#######################
# Main
 
{
  if (&ReadParse(*input)){
        &CheckPass;
  }
  else{
        &ViewPage;

 
  }
}
 
 
 
 
 
 
########################
# sub CheckPass
 
sub CheckPass{
 
  $name = $input{'name'};
  $pass= $input{'pasw'};
  open(DATA,"$path$passfile") || print "ERROR: Can't read".$path.$passfile;
  @Data = <DATA>;
  close(DATA);
 
$done="no";
 
 foreach $Match (@Data) {
        @TempData = split (/&&/, $Match);
        if (($TempData[0] eq $name) && ($TempData[1] eq $pass))
  {      
                print &PrintHeader;
                print "<META http-equiv=\"refresh\" content=\"0;url=".$TempData[2]
"\">";
                $done="yes";
          }
     }
 
  if ($done eq "no")
   {
        print &PrintHeader;
        print <<EOT;
        <html>
        <head>
        <title>Error -- Wrong password</title>
        </head>
        <body background=\"$bgimage\" bgcolor=\"$bgcolor\" text=\"$textcolor\" lin
k=\"$linkcolor\" vlink=\"$vlinkcolor\" alink=\"$alinkcolor\">
        <h2 align=center>You need to enter your correct password!<\/h2><br>
        <center>Please press your browser's back button and try again</center>
EOT
     print $footer;
     print &HtmlBot;
  }
}
 
 
 
########################
# sub ViewPage
sub ViewPage{
 
        print &PrintHeader;
        print <<EOT;
        <html>
        <head>
        <title>Enter password</title>
        </head>
        <body background=\"$bgimage\" bgcolor=\"$bgcolor\" text=\"$textcolor\" lin
k=\"$linkcolor\" vlink=\"$vlinkcolor\" alink=\"$alinkcolor\">
        <p>
        <FORM ACTION=\"$scripturl\" METHOD=\"POST\">
        Youre name:<br>
        <input type=text name="name" size=60><br>
        Password:<br>
        <input type=password name="pasw" size=10><br>
        <INPUT TYPE=submit VALUE=Submit><INPUT TYPE=Reset VALUE=Reset>
        <\/FORM>
        <br>
EOT
                print $footer;
                print &HtmlBot;
 
}
 

and I wnet to visit your page, you have a messagebook, it is pretty neat. Can you grant
me the code and detail how to install that script. I will increase my points here.

But, I just want a textfield for Name(who is posting the message)
                                          Subject
                                          textarea
                                          submit and clear button
and the date and time is taken form local time machine( i mean unix time)
Can you do that for me. I am appreciated. Thank you !
Oh ! and the message is posted at the top, I don't want user to select the place and
I don't want overwrite radius. Also can you take out the password, because I will use the
password script that you give. that password script will bring user to messageboog page ! Thank you
0
 

Expert Comment

by:james005
ID: 1205392
Do you got the "cgi-lib.pl"? If no, please put it in your directory. If you got, I don't know!
0
 
LVL 5

Expert Comment

by:aioudine
ID: 1205393
Herry,
replace
$path= "data:/home/mcs436-2/web-server/cgi-bin";
with
$path= "/home/mcs436-2/web-server/cgi-bin";
     
If you wish talk about message_book drop me a email at andy@prometeus.nsc.ru
   
0
 

Author Comment

by:john_herry
ID: 1205394
It is working. You are the man. Thanks a lot.
I just named my pass.txt path wrong.

If you can :
 if I will like to add username and password
 and use something to encode the username and password

 can you teach me how to do that, I will increase another 20 points.

If you cannot, just tell me, I will give you an A and point right now.
0
 
LVL 5

Expert Comment

by:aioudine
ID: 1205395
Unfortunately, I unable to test script with encripted password,
becose my pretty Netware Webserver unsupport encript() function

But will give you an idea how to do this, without additional points

First run script
#!/usr/bin/perl
# Change your perl path to meet need..
print "Enter Password: ";
$pass = <STDIN>;
$key = "MySuperPrivateKey";
$encripted_pass = crypt ($pass, $key);
print "Password converted to: $encripted_pass\n";
#end script

It's will produce encripted_password

Use output as base for creating pass.txt
name&&encripted_password&&URL

after this in CheckPass subroutine replace string
----start-----
 $pass= $input{'pasw'};
-----stop ----
with
-----start----
 $pass= crypt ($input{'pasw'}, "MySuperPrivateKey");
---stop---

HTH
PS About messagebook: Since you don't need any advanced features, like images inline message,
add_to_top or overwrtite. You may use any guestbook available on the inteernet.
Visit http://cgi-resources.com


0
 

Author Comment

by:john_herry
ID: 1205396
Thank a lot, you gave me a lot of helppppppppp !

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Email validation in proper way is  very important validation required in any web pages. This code is self explainable except that Regular Expression which I used for pattern matching. I originally published as a thread on my website : http://www…
I have been pestered over the years to produce and distribute regular data extracts, and often the request have explicitly requested the data be emailed as an Excel attachement; specifically Excel, as it appears: CSV files confuse (no Red or Green h…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Six Sigma Control Plans

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question