Password protection!

Hi,

I hope to use perl script only to implement a password protection scheme before entering some pages.

For example, before entering the page-- first.pl, a password and user name must be entered at the page -- password.pl. If either user name or password is incorrect, back to the previous page. On the other hand, if the password and user name is correct, enter the page -- first.pl. The main problem I faced is here. If the user had already entered the page first.pl succesfully once, next time he wants to enter this page, no password and user name will be required. Thus I don't want to enter the page password.pl anymore. I only want to enter the page first.pl directly.

Can I do like this by only using Perl???

Thanks!!!
cplauAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cplauAuthor Commented:
Hi,

I have forgotten to say I am using Microsoft PWS under Win95 and ActivePerl to run the Perl Script.

Bye
0
guadalupeCommented:
Do you want a explination of how to do this or code....?
0
cplauAuthor Commented:
Hi guadalupe,

Could you list the code?

Thank you very much!!!
0
Learn Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

guadalupeCommented:
OK quick question, do you have any objection to using cookies as this will be the easiest way to "remeber" if someone has logged in before or not...? The other question is do you have a protection scheme for the protected documents other than the script your speaking of? I ask because if perl is the only protection then the protection can be side stepped by someone somehow know or guessing the urls of the "protected" docs and typing these directly into the location window of there browser...  
0
cplauAuthor Commented:
Hi guadalupe,

I don't know how to use cookies. Can you teach me how to do this?

Also, I don't have any protection scheme beside the script.
Any good idea suggested by you?

Thanks!!!

0
cplauAuthor Commented:
Hi,

Acutally I think the problem you suggested is not important to me.
Because at the protected page, I will read the data posted by the previous page.

If the user enter the page by typing the url directly, my page will only display a blank page.

Thus, I only want to check the user had login or not before, if he hasn't login before, ask him to provide a password and user name first, then enter the protected page. If he has done the login process before, the protected page will be displayed the result directly.

Am I correct?

Thank you very much
0
guadalupeCommented:
Ah yes if you will use perl to display the pages and never show static htmls then you  are right... but I still need to know if you object to cookies (see previous comment).
0
guadalupeCommented:
Sorry there was a time lag in notification now I see your response to cookies and yes I'll teach you... Question can you install madules or do you already have CGI.pm installed?
0
cplauAuthor Commented:
Hi,

Acutally I think the problem you suggested is not important to me.
Because at the protected page, I will read the data posted by the previous page.

If the user enter the page by typing the url directly, my page will only display a blank page.

Thus, I only want to check the user had login or not before, if he hasn't login before, ask him to provide a password and user name first, then enter the protected page. If he has done the login process before, the protected page will be displayed the result directly.

Am I correct?

Thank you very much
0
cplauAuthor Commented:
Oh sorry posting the wrong comment...

Yes, I have the CGi.Pm installed......how can I use this?
0
cplauAuthor Commented:
Hi guadalupe,

I have one question, at my browser's preferences setting, I found I can disable the cookies.

I want to know if the user had done this at his/her browser. Then will yuor suggested method work? Can I still check whether he/she had login before or not?

Or if he/she had disabled the cookies, I will assume he/she hasn't login before. Can I do this?

Thanks!!!
0
guadalupeCommented:
Like you said... If they disable cookies you will assume they have not logged in...  The thing is I don't know of (maybe it exists - but I don't know of it) any simple ways (like a module) to mangage "session varables" as there knwo in Cold Fusion and ASP.  It would be possible to do this but it becomes tricky and long winded(coded) to avoid this I would suggest cookies.
0
cplauAuthor Commented:
Anyway, can you teach me how to use cookies to check whether the user had logged in or not before???

Thank you!!!
0
guadalupeCommented:
Ok I've gopt it almost done and I hit a doubt.  Is it ok to have a login and have that lead to an menu of options page?
0
guadalupeCommented:
Ok this is the first half:

#!/usr/local/bin/perl -I.


use CGI;

#Craete instance of CGI object
$query = new CGI;

#Get user_pass cookie
$user_pass = $query->cookie(-name=>'user_pass');

#get user
$user = $query->param('user');
#get pass
$pass = $query->param('pass');

#check if values exist for both user and pass
if ($user && $pass)
{
      if ( &check_user("$user:$pass") )
      {
            &set_cookie("$user:$pass");
            &show_menu;
            exit;
      }
      else
      {
            &output_denial($request);
            exit;
      }
}

elsif ($user_pass)
{
      if ( &check_user($user_pass) )
      {
            &show_menu;
            exit;
      }
      else
      {
            &output_denial($request);
            exit;
      }
}

else
{
            #output request for name/pass
            &output_login;
            exit;
}



sub check_user()
{
      local($user_pass) = $_[0];

      #Check if user exists
      open(USERS, "./user.lst") || die "Could not open user list: $!\n";

      while (<USERS>)
      {
            if (/$user_pass/)
            {
                  return 1;
            }
            else
            {
                  return 0;
            }

      }
}


sub output_denial($)
{

print <<EOF;
Content-type: text/html\n\n
<HTML>
<HEAD>
<TITLE> New Document </TITLE>
</HEAD>

<BODY BGCOLOR="#FFFFFF">
Your access to $_[0] has been denied.
</BODY>
</HTML>
EOF

}

sub output_login()
{
print <<EOF;
Content-type: text/html\n\n
<HTML>
<HEAD>
<TITLE> New Document </TITLE>
</HEAD>

<BODY BGCOLOR="#FFFFFF">
<FORM METHOD="POST" ACTION="check_pass.cgi">
User: <INPUT TYPE="text" NAME="user"><br>
Pass: <INPUT TYPE="text" NAME="pass"><br>
<input type="submit">
</FORM>
</BODY>
</HTML>
EOF
}

sub show_menu()
{

      open(MENU, "menu.htm") || die "Could not open menu: $!\n";
      
      #only output header if cookie has not been set to avoid double header
      print "Content-type: text/html\n\n" unless $cookie;

      print <MENU>;
}

sub set_cookie($$)
{
      
      local($user_pass) = $_[0];
      
      $cookie = $query->cookie(-name=>'user_pass',
                             -value=>"$user_pass",
                             -expires=>'+1h',
                             -path=>'/cgi-bin',
                             -domain=>'www.uol.com.ar',
                             -secure=>0);
    #-expires=>'never',

      print $query->header(-cookie=>$cookie);
      $cookie++;
}


The second half is just a show_doc.cgi that first checks for thw cookie and then outputs the doc.  

the user.lst should be a txt with the format:

user1:pass1
user2:pass2
etc.

Let me know how it goes... I still don't know if you have CGI.pm which will definitly effect the viability of thsi script so let me know as there are work arounds...
0
guadalupeCommented:
Sorry two things.

One you might want to change the message line in sub output_denial to read:

Your access has been denied.

And the user password check is case senitive.  If you want to change this do this line in the sub check_user to read like this:

if (/$user_pass/i)

this just makes the pattern matching case insensitive.

Will also have to talk about making this a truly tight security app.  By changing some file permissions but well talk about that later.  Lets get this working first.




0
jhurstCommented:
Shamless plug follows:

for $25.00 per year you can do this using the code at www.resource.nu
0
cplauAuthor Commented:
Hi guadalupe,

As I am not at office now, I need to do the testing later. Anyway, Thank you very much for your help.

If I have any problem, I will find you later.

Or Can I have your e-mail address?

Thanks
0
cplauAuthor Commented:
Dear guadalupe,

I have tested the code provided by you. But it seems I can't add anything to the cookie.

How can I know whether I can set any cookie successfully?

I am using Netscape 4.5. I found the file called cookies.txt at my PC. But I this file will not be udpated unless I closed the netscape.

Also, after closing the netscape, I cannot find the entry I added......???
What possible errors have I made?
Is there any module need to be installed?

Thanks for your opinion?
0
guadalupeCommented:
OK, first the problem with the cookies.txt not being updated until after you close sholud not effect perls ability to detect the cookie.  If you want to check and see if you really "placed the cookie you have to do it "manually", try the following script:

#!/usr/local/bin/perl -I.


use CGI;

        $query = new CGI;
        $pass = $query->cookie(-name=>'user_pass');

print "Content-type: text/html\n\n"

print "Pass: $pass";

If it prints the value of the cookie you set then it worked.  If it prints:
"Pass:" then it didn't.  MAKE sure that the cookie you set and the cookie your trying to read with this script are of the same name!!!!!  In this code I'm reading the cookie I set in the otgher script I posted...  Let me know how that goes.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
guadalupeCommented:
I assume from the points that you got it... Let me know if you need more help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Perl

From novice to tech pro — start learning today.