Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 189
  • Last Modified:

Password Protection/IP Addresses

I run a web site which has sections I do not want people to access unless they have proper authorization (are members of the organization).  I would like to know the script to create a prompt for a username and password and I would also like to know how to incorporate the script (like <SCRIPT> tags or whatever).  The second question I have is about IP addresses.  I would like to know how to obtain someone's IP address (so my scripts can assign it a variable) as well as how to incorporate it.  Thanks for your help and if you can answer both questions without leaving me hassles, you will get your well deserved 700 points.
0
appletman
Asked:
appletman
  • 3
  • 2
  • 2
  • +3
1 Solution
 
flivaudaCommented:
Here is a perl solution, you will need to be able to run perl scripts

Save the code in a file called adduser
accesspart:
-----
#!/usr/bin/perl

$htgroup = "/u/mypath/.htgroup";
$htpasswd = "/u/mypath/.htpasswd";

if (@ARGV<1)
{ print "\nusage: adduser        [username]\n\n"; exit;
}

print "Add user: $ARGV[0]\nAre you sure? ";

if (<STDIN>!~/^y|Y/)
{ print "Add user aborted.\n\n"; exit;
}

print "Adding user to group file.\n";
system "cp $htgroup $htgroup.old ; sed 's/\$/ $ARGV[0]/g' $htgroup.old > $htgroup";
exec "htpasswd $htpasswd $ARGV[0]";

run that on the command line
% adduser timmy

for the ip addr use the environemnt variable
REMOTE_ADDR

example:
$ip = $ENV{'REMOTE_ADDR'}


0
 
flivaudaCommented:
The % adduer username

code is run locally on the machine and then it will prompt the user to login with the login boxes like you see on this site.  

Let me know if you need anything else
0
 
appletmanAuthor Commented:
sorry im completely new to cgi-i need a complete walk through-for 700 points id like everything explained thoroughly and how to use the remote_addr
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
appletmanAuthor Commented:
I was completely new to Common Gateway Interface and had no idea as to how to incorporate that script etc.
0
 
dave1968Commented:
Need some info such as server platform, web server and versions to be able to determine what type of CGI you will be capable of.

You will not use <script> tags in your document if you are trying to do CGI.
0
 
boblineCommented:
Do you have your cgi-bin directory?
0
 
flivaudaCommented:
We need to know if you have server side access.  Which means can you telnet in and modify your scripts?  Or do you have to use canned solutions provided by someone else that wont really do what you need?  Also do you know before time all the people you want to give username/password access to? What lanuage are you using for your scripts?

So answer these questions for me and we can get you taken care of:
1) Do you have access to run cgi scripts in the first place, (ie can you telnet in and modify scripts)
2) Do you know where your cgi-bin directory is?
3) Do you know ahead of time people you want to give user/password access to?
4) Are you using perl for your scripts?  If not can you?

As for the second part of your question about IP address if you are using perl, all you have to do to assign the person's ip address to a variable is this:
$ip = $ENV{'REMOTE_ADDR'}

where $is is the variable name and $ENV tell it to read from the environment the remote_addr which will be their ip adress

0
 
shlomoyCommented:
If your server is using apache you can use htaccess to restrict some files or some directories from some users (you decide which ones and which files) from accessing your data.

I can suggest a link to a web-page with all the necessary data:
http://www.apacheweek.com/features/userauth

0
 
genuinegeniusCommented:
1. This would depend on whether you have access to the server. If so you can use CGI scripts and properly protect your site. If this is the case then good luck but I know no more. However, if you do not have access to the server you can write or find a java applet that requires a password before it takes you to a page. Once past the lock there is nothing to stop the user bookmarking the page and entering again, but as long as they don't know the name of the page the lock will take them to they will need to pass the lock at least once. Such an applet can be simply made using a program called Raida Lock, which can be downloaded free at

www.tucows.com

in the java section.

2. To find the IP address of a computer you must know the domain name e.g www.microsoft.com

this is difficult with users of ISP's as their domain names are hard to find. If you do find the DN then you can PING this to reveal the IP.

Alternatively your friend could run an IP poster. These programs 'post' your IP address to a webpage of your choice. Many can be found at

www.tucows.com

As well.

Good Luck (especialy if you have read all of this)
0
 
genuinegeniusCommented:
Cheers!
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 3
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now