We help IT Professionals succeed at work.

Authentication against a bunch of files..needs to be fast

georgia
georgia asked
on
245 Views
Last Modified: 2010-03-05
I am going for broke here.... but I really need this:

I need to create a simple HTML authentication screen with username and password.  When the user enters their user/pass I need to check about 200 files in a directory in my server to make sure that they are registered.

Let's say the files are in the:  /opt/mymembers/ directory
and their filenames are like:  00001.cgi, 00002.cgi, 00003.cgi...etc....(one for each registered user)
and the contents of these files looks like:  (each file is 12 lines long, but I only care about the first two for authentication, but might want to extract the "otherdata" lines for use later):

USERNAME
PASSWORD
otherdata
otherdata
otherdata
otherdata
otherdata
otherdata
otherdata
otherdata
otherdata
otherdata

BTW - if it helps there is another file is this mymember directory that is kind of a master cross reference with just the usernames and a pointer to their file... one on each line... looks like:  (it is called mymemberlist.cgi)

USERNAME1|!!|00001
USERNAME2|!!|00002
USERNAME3|!!|00003

I will up the points even more for a fast solution.
Comment
Watch Question

Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Commented:
Ok, this answer works well for systems I've built. I can't say how scalable it is, but it would be faster than checking individual files I think.

This subroutine as written checks a user name and password, but I think you can probably tweak it how you want.

I have a form asking for user name and password and then call a cgi with this subroutine. Another subroutine then builds an validation html page with a hidden value being the area they are authenticated for.

Obviously, you'll need to have code in the cgi to deciper posts from a form.

======
 # This subroutine will not only check validation, but also return
 # another field in the your bar delimited database. You can use this returned value as
 # a hidden value to send the person to a particular page after they are validated.
 
 # for example, if I have a master list like your's and I want the 4 field
 # returned for the $division variable, I'd do this:
 # (in this example, I've parsed the values for a form the person submitted
 # and the form had a user and pswd field to enter).
 
 # $division = &return_password_match($dbase_pswd, $FORM{'user'}, "1", $FORM{'pswd'}, "2", "4");
 
 # terms:
 # $dbase_pswd = the name of the master file to check
 # $FORM{'user'} = the user name
 # "1"           = the field in the master file where user names are found
 # $FORM{'pswd'} = the password
 # "2"           = the field in the master file where passwords are found
 # "4"           = if a match is found, the field to return
 
 # An empty string returned means they aren't registered.
 
  sub return_password_match
   {
   
   my ($db_file_name, $matchone, $fieldone, $matchtwo, $fieldtwo, $fieldreturn) = @_;
   
   my (@all, $line, @field, $selected, $output, $item);
   
   # convert string of items separated by $delimiter to array
   @selectfields = split(/$delimiter/, $selected_items);
   
   open(FILE, "$db_file_name");
   
   while(<FILE>)
      {
         chop;      
            
         @all = split(/\n/);
         foreach $line (@all)
          {
          @field = split(/\|/, $line);
   

           # We're setting this up for a case insensitive search
           # $field[$itm] =~ /.*$keyword.*/i
           # if ($selectvalue eq $item) {$selected = "1";}
           if ($matchone eq $field[$fieldone])
              {
              if ($matchtwo eq $field[$fieldtwo])
                 {
                 $output = $field[$fieldreturn];
                 close(FILE);
                 return $output;
                 }
              }

          }#end of file loop  
       }#end of while file loop
       close(FILE);          
      
   return $output;
   }

Author

Commented:
thanks grommett, but manshr's solution seems totally complete to me, since I don't have to modify it much....

Author

Commented:
maneshr...  this seems perfect, but I have a couple errors when I don't explicitly run "perl check_password.cgi".....  can you take a look?

bach:~/www/cgi-bin$ ./check_password.cgi
../check_password.cgi: use: command not found
../check_password.cgi: =new: command not found
../check_password.cgi: syntax error near unexpected token `$username=$query->para
m(''
../check_password.cgi: ./check_password.cgi: line 8: `$username=$query->param('us
ername');'
bach:~/www/cgi-bin$        

Author

Commented:
Adjusted points from 300 to 350

Author

Commented:
I made a couple small changes and got rid of the errors... thanks!

Commented:
i think the change that you made might have to do with the location of the PERL file ie. its located on a diff directory on your server, right??

Author

Commented:
not really... I am an oldschool perl guy and I have never messed with modules, but I think it had to do with trying to use the CGI module, I don't think they had it - if that makes any sense.  I basically chopped up everything anyway and integrated it with another piece of code, worked out pretty well - I appreciate your help.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.