Solved

payed files : need a quick access to an ascii table

Posted on 2000-03-24
4
141 Views
Last Modified: 2013-12-25
I wish to make access to certain files both protected and paid. To that end I wish to maintain off-line (on my own PC) a wide list of e-mails + password in an appropriate format. I will load that list on my sites (I have serveral sites).

Then I would like to have a cgi to accept :
- the name of the file to display
to prompt for the :
- the e-mail
- the password
to check the table, to log the request in a local or remote file with the date, and display the file.

I wish to avoid database systems to be portable on any machine. I accept to design the file in the best way for a quick retrieval. If fast, simple enough and supported the solution may be used for a business and yield (small) royalties.
Thnaks for your help!
0
Comment
Question by:toulon
  • 3
4 Comments
 
LVL 16

Expert Comment

by:maneshr
Comment Utility
here is a very simple script that does username/password check against a flat text file. it is written in PERL, so you need to have that installed on your server.


ABOUT:
this script shows a very basis user interface and prompts the user for username/password. It then matches the username against the plain-text "database". if a match is found the user profile file is read. the passwords are them matched.

If the password matches the user sees a Welcome message. if not it shows Invalid username/password message.


INSTALLATION:

copy this script to your cgi directory, give it the proper permissions and your are ready to go!! (assuming of course that you have PERL and the required PERL modules)

passed is the plaintext password file where the first column is user name, 2nd column is some junk info that you can delete of modify and the 3rd column is name of the file where the users detailed info/profile is stored. Eg. user aaa's profile is stored in 0001.cgi and so on.


The columns are seperated by | sign.

right now the password is stored in plain text. if you want a littttllleee bit more security, PERL has a crypt sub routine that encrypts the pasword.

========passwd
aaa|junk|0001
123|junk|0002
man|junk|0003

================0001.cgi
aaa
pass1
1
2
3
4
4
5
6
7
8
9


=================check_password.pl
#!/usr/local/bin/perl

use CGI;

$query=new CGI;

$username=$query->param('username');
$pass=$query->param('pass');

if ($query->param){
  open(PASS,"/home/webuser/manesh/tmp/passwd") || die $!;
  print "Content-type: text/html\n\n";

  while(<PASS>){
    ($uname,$junk,$file)=split(/\|/,$_);
    $file=~ s/\s+//g; ##  Remove any white spaces from the file name

    if ($uname=~ /^$username$/){  ##  Matching username found
      ##  Now Open the password file and validate!!
      $pwd_file="/home/webuser/manesh/tmp/$file.cgi";
      open(PWD,$pwd_file) || die $!;
      @lines=<PWD>; ##  Read ALL the lines of the file
      close(PWD);
      if ($lines[1]=~ /^$pass$/){ ##  Password matches
        print "<B>Welcome $username \n<br>\n";
        exit;
      }else{
        close(PASS);
      }
    }
  }
  close(PASS);
  print "<B>Invalid Username/Password</B><BR>\n";
}else{
  print "Content-type: text/html\n\n";
  print qq{
  <TITLE>Login Page</TITLE>
  <FORM METHOD=POST ACTION=$ENV{SCRIPT_NAME}>
  <B>Username:</B><INPUT TYPE=TEXT NAME=username><BR>
  <B>Password:</B><INPUT TYPE=password NAME=pass><P>
  <INPUT TYPE=SUBMIT VALUE=Login>
  </FORM>
  };
}
0
 
LVL 16

Expert Comment

by:maneshr
Comment Utility
here is a very simple script that does username/password check against a flat text file. it is written in PERL, so you need to have that installed on your server.


ABOUT:
this script shows a very basis user interface and prompts the user for username/password. It then matches the username against the plain-text "database". if a match is found the user profile file is read. the passwords are them matched.

If the password matches the user sees a Welcome message. if not it shows Invalid username/password message.


INSTALLATION:

copy this script to your cgi directory, give it the proper permissions and your are ready to go!! (assuming of course that you have PERL and the required PERL modules)

passed is the plaintext password file where the first column is user name, 2nd column is some junk info that you can delete of modify and the 3rd column is name of the file where the users detailed info/profile is stored. Eg. user aaa's profile is stored in 0001.cgi and so on.


The columns are seperated by | sign.

right now the password is stored in plain text. if you want a littttllleee bit more security, PERL has a crypt sub routine that encrypts the pasword.


the profile file has one line per entry and the 1st line is the username, 2nd line is the password. the remaining can be ANYTHING..

========passwd
aaa|junk|0001
123|junk|0002
man|junk|0003

================0001.cgi
aaa
pass1
1
2
3
4
4
5
6
7
8
9


=================check_password.pl
#!/usr/local/bin/perl

use CGI;

$query=new CGI;

$username=$query->param('username');
$pass=$query->param('pass');

if ($query->param){
  open(PASS,"/home/webuser/manesh/tmp/passwd") || die $!;
  print "Content-type: text/html\n\n";

  while(<PASS>){
    ($uname,$junk,$file)=split(/\|/,$_);
    $file=~ s/\s+//g; ##  Remove any white spaces from the file name

    if ($uname=~ /^$username$/){  ##  Matching username found
      ##  Now Open the password file and validate!!
      $pwd_file="/home/webuser/manesh/tmp/$file.cgi";
      open(PWD,$pwd_file) || die $!;
      @lines=<PWD>; ##  Read ALL the lines of the file
      close(PWD);
      if ($lines[1]=~ /^$pass$/){ ##  Password matches
        print "<B>Welcome $username \n<br>\n";
        exit;
      }else{
        close(PASS);
      }
    }
  }
  close(PASS);
  print "<B>Invalid Username/Password</B><BR>\n";
}else{
  print "Content-type: text/html\n\n";
  print qq{
  <TITLE>Login Page</TITLE>
  <FORM METHOD=POST ACTION=$ENV{SCRIPT_NAME}>
  <B>Username:</B><INPUT TYPE=TEXT NAME=username><BR>
  <B>Password:</B><INPUT TYPE=password NAME=pass><P>
  <INPUT TYPE=SUBMIT VALUE=Login>
  </FORM>
  };
}
0
 

Author Comment

by:toulon
Comment Utility
Thanks for your script, but I does not fully do what I need.
1) I need to receive the name of the file to display (this file cannot be changed)
2) I need to access a passwd database of real magnitude (may be 100.000 users) at maximum speed using a simple pointer solution (I can shape the file for that).
3) I need to log the authorization or the denial and its date.
I do not know if this script can serve as a basis?
0
 
LVL 16

Accepted Solution

by:
maneshr earned 200 total points
Comment Utility
1) I need to receive the name of the file to display (this file cannot be changed)

Sure that can be added to the script...

Add the foll line

<B>File name:</B><INPUT TYPE=text NAME=file><P>

AFTER <B>Password:</B><INPUT TYPE=password NAME=pass><P>

Also add the foll

$file_name=$query->param('file');

AFTER $pass=$query->param('pass');

2) I need to access a passwd database of real magnitude (may be 100.000 users) at maximum speed using a simple pointer solution (I can shape the file for that).


for that you would have to use DBM (Database Management) facility, which offers a lot more speed and flexibility than a text file.

DBM is a simple database management facility for Unix systems. It allows programs to store a collection of key-value pairs in binary form, thus providing rudimentary database support for Perl. Practically all Unix systems support DBM, and for those that don't, you can get Berkeley DB from http://www.sleepycat.com/db.

To use DBM databases in Perl, you can associate a hash with a DBM database through a process similar to opening a file. This
hash (called a DBM array) is then used to access and modify the DBM database.


3) I need to log the authorization or the denial and its date.
I do not know if this script can serve as a basis?

the logging can be added with a couple of commands.

Add the foll line...

open(LOG,">>/tmp/Auth_log") || die $!;

AFTER ...

open(PASS,"/home/webuser/manesh/tmp/passwd") || die $!;


Now every attempt successfull or otherwise can be logged to the file, by using the foll lines.


Add the foll lines...

$when=`date`;
chomp($when);

BEFORE

if ($uname=~ /^$username$/){  ##  Matching username found


Next add the following line .........
print LOG "Success: $username with password $password tried to access $file at $when\n"

AFTER print "<B>Welcome $username \n<br>\n";


Also add the foll line....

print LOG "Failure: $username with password $password tried to access $file at $when\n"

AFTER .

  print "<B>Invalid Username/Password</B><BR>\n";



The last line of the program should be

close(LOG);


Again this script is rudimentary and can easily evolve as per your requirements.

Hope that helps.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Ever wondered how to display how many visitors you have online. In this tutorial I will show you an easy but effective way to display the number of online visitors in WhizBase. In this article I assume you have read my previous articles and know …
It is becoming increasingly popular to have a front-page slider on a web site. Nearly every TV website,  magazine or online news has one on their site, and even some e-commerce sites have one. Today you can use sliders with Joomla, WordPress or …
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now