500 points for the best solution !!!

Hi Experts

Here's another brain teaser for you worth 500 lovelies :

I have several domains on one server each of which has a perl script called one.cgi in the cgi-bin.

I want to occasionally let other people run this script but ONLY ONCE by giving them a "works once only" password and a hidden clickable link to one of those cgi-bin/one.cgi scripts so that they can't just go straight to the script afterwards...

So to summarize :

1.They need a login screen for their name and email address which sends a mail to me allowing me to validate that they can use the script.

2.After validation they get a mail with their "once only password" and a url/cgi to go to that will accept it.

3.They are then validated against username or email and the given password after which they are given a domain.com/cgi-bin/one.cgi page chosen from a hidden list (in rotation or randomly assigned from a list of URLs) BUT which they cannot see the URL of when they are there (ie CGI hides it).

4.They run the "one.cgi" and their password then becomes invalid and they have to register for another one if they want to use the script again.

5. The whole thing generates a log of who used the script.

Anyone up to the challenge ?

:-)
boneyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

thoellriCommented:
Couple of questions:
1.) What platform? Unix?
2.) Do you have any databases with the registration information? SQL? DBM?


0
kadokevCommented:
Can we assume Perl5 on a 'standard' Unix system running Apache web server?
0
boneyAuthor Commented:
It's a linux running apache with perl5

No db i am afraid but I can create a simple line by line list of all the domain/cgi...
0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

pc012197Commented:
How strong is the constraint that they must not see the
chosen domain.com/cgi-bin/one.cgi URL? Is it enough if the
URL is not visible in the URL line in the browser?

Should the 'one.cgi' scripts be modified to do the
password check or do you want another cgi script to
make the password check and then do some kind of
redirection to 'one.cgi'?
0
boneyAuthor Commented:
Well because the one.cgi will be picked randomly or sequentially from a list of domains it will be difficult to modify it to include the password or validation number I suspect ?

The reason for them not seeing the URL of the cgi is simply so that they can't bookmark it and use it again without permission as this cgi uses so much of our processor up we need to restrict access severely and determine who can use it and when it can be used. Ideally we would like to charge them to use it each time so any ideas there would be helpful...

If there is a better way of doing it then happy to go that way...
0
pc012197Commented:
I understand those domains with the 'one.cgi' are completely
under your control. So you could modify them to look up
a username/password in a simple 'database' (perl db or
possibly some kind of CSV file). Of course it would be
silly to hardcode the password in those scripts.

I think the once-only requirement is quite strong here,
so more or less simple redirection is out of the question.

Is it important that the 'one.cgi' is invoked directly by
the browser or would it be possible to write a wrapper.cgi
to do the password check, then call one.cgi (either
directly or via http) and return the results of one.cgi to
the browser?

0
boneyAuthor Commented:
wow !

Now you are almost losing me :-)

If I understand you you can call the one.cgi from a random domain into the validation cgi and have it appear as url "validate.cgi" or whatever ?

Could it then write an "on" "off" flag in the one.cgi so if the validate is yes the one.cgi runs adn if not it doesn't (if you get my meaning) ?

:-)
0
pc012197Commented:
What I mean is to write a validate.cgi that's invoked like
this:

http://www.validate.org/validate.cgi?user=mike&pass=mechanic

(replace with your own domain, of course)

validate.cgi will first check if user and password are
valid. If not, print an error message 'access denied'.
If so, invalidate user and password in the database,
select a server www.random-domain.com, open a HTTP
connection to request
http://www.random-domain.com/cgi-bin/one.cgi and return
the result to the requesting browser.

You can configure your apache server to allow requests
to one.cgi only from www.validate.org, so this is secure.
The only URL the user ever sees is
http://www.validate.org/validate.cgi.

The downside is, the script one.cgi doesn't get any
information about the requesting user. Also, the user
doesn't see the domain name where one.cgi is actually
invoked. Would that be acceptable?

0
boneyAuthor Commented:
Sounds good !

I assume that a log can be created of who got approved and who ran it ?

Is it a tough one or quite simple really ?


0
pc012197Commented:
What I mean is to write a validate.cgi that's invoked like
this:

http://www.validate.org/validate.cgi?user=mike&pass=mechanic

(replace with your own domain, of course)

validate.cgi will first check if user and password are
valid. If not, print an error message 'access denied'.
If so, invalidate user and password in the database,
select a server www.random-domain.com, open a HTTP
connection to request
http://www.random-domain.com/cgi-bin/one.cgi and return
the result to the requesting browser.

You can configure your apache server to allow requests
to one.cgi only from www.validate.org, so this is secure.
The only URL the user ever sees is
http://www.validate.org/validate.cgi.

The downside is, the script one.cgi doesn't get any
information about the requesting user. Also, the user
doesn't see the domain name where one.cgi is actually
invoked. Would that be acceptable?

0
boneyAuthor Commented:
PC

It looks like the same answer as before ?
0
pc012197Commented:
oops. sorry, I shouldn't hit reload...

validate.cgi can of course log anything you want.
Well, most of it... :-)

I think it's not very hard to implement if it's
possible to use a few perl modules that are available
on CPAN, particularly HTTP, LWP, DBI and DBD::CVS.

0
boneyAuthor Commented:
Now you really have lost me :-)

Go for it !

B
0
pc012197Commented:
I have started working on it. Please don't rate this answer
yet, I hope it'll be finished tomorrow.

Maybe we should find a method to get the script to you
(other than pasting them here). Can I upload it somewhere?

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
boneyAuthor Commented:
sure email me it to bob@riviera.net

can't wait to see if it works :-)
0
boneyAuthor Commented:
Hi PC

Got your files and tried to run it but it said it didn't have DBI :

Can't locate DBI.pm in @INC (@INC contains: /usr/lib/perl5/mips-linux/5.00404 /usr/lib/perl5 /usr/lib/perl5/site_perl/mips-linux /usr/lib/perl5/site_perl .) at common.pl line 1.

So I went to CPAN and got that and tried to "Makefile" but then it said :

Can't locate lib/DBI/DBD.pm in @INC (@INC contains: lib /usr/lib/perl5/mips-linux/5.00404 /usr/lib/perl5 /usr/lib/perl5/site_perl/mips-linux /usr/lib/perl5/site_perl .) at Makefile.PL line 236

I figured "ok" so I'll stick that in as well but when I went to look for DBD there are millions of variations and now I am really lost !

Help ?
0
ozoCommented:
perl -MCPAN -e shell;
cpan> install DBI
should know how to automatically install any prerequisites
0
boneyAuthor Commented:
Thanks ozo !  ;-) I'll go look...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Perl

From novice to tech pro — start learning today.