Solved

Giving users username & password

Posted on 2000-05-10
7
255 Views
Last Modified: 2010-03-05
I am trying to give users who enter the site a username & corresponding password.

I can put the username & password into an associative array like this:

%username = ("ABC",101,
             "DEF",102,
             "GHI",103);

Alternatively is it better to put them seperatley into an array as follows:

@username=("ABC","DEF","GHI");
@password=("101","102","103");

I am trying to generate a different password and a different username to be given to the user whenever the site is visited.

I thought that this may involve a loop of some sort.

when the value os given to the user then the value is incremented some how.

I know how to return values from the arrays above by using $username{ABC} for the associative array and $password[0] for the array's.

If anyone has any ideas as to the above or any alternatives that may be easier please let me know.

thank you

Anne.




0
Comment
Question by:annesmith
  • 4
  • 3
7 Comments
 
LVL 16

Expert Comment

by:maneshr
ID: 2797314
here is what i understand from your requirement above...

you want to generate a different password and a different username to users visiting your site.

if that is indeed the case i have a couple of Q's

* would you give a user a username and password from a pre-defined set of usernames and passwords??

Eg . you have 1000 usernames and passwords already created and stored somewhere and you just give them out one-by-one to every user visiting your site (kind of like a token).

* why cant you generate a username/password for the user once and let the user use it to log on to your system?? that way you dont have to worry about having to generate a new username/password fora user who is re-visiting your site.

let me know.
0
 

Author Comment

by:annesmith
ID: 2801645
yes I am wanting to give the users a password and username as they enter the sytem as you said above like a token.

However the other way seems a little more complicated.  If it is this does not matter as long as I can find a way to give out usernames and passwords randomly to users.  i.e from an associative array.

Any of the ways above you have mentioned would work fine.  it depends I suppose upon yourself a simple way would be fine for me such as the token you mentioned above as I could then save this users password and username to a file.

Thanks.

Anne.
0
 
LVL 16

Expert Comment

by:maneshr
ID: 2801664
i personally prefer going for the 2nd method. create username/password once and validate every time after that.

pl. let me know if this is fine with you and i will write a small piece of code that will do the same.

Rgds
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:annesmith
ID: 2806596
Thanks for your reply Maneshr.
Yes that is fine going with your 2nd method.  

It is actualy probably the better of the two.

I just thought it may be a bit tricker but hey after all your the expert.

thanks again.

Anne.
0
 
LVL 16

Accepted Solution

by:
maneshr earned 60 total points
ID: 2811662
i have written 2 script viz. passwd.pl for creating the username and password the first time/for a new user.

the second script - login.pl - would validate if the user has used the proper username and password & if so would show a welcome message to the user.

the password are all encrypted, so even you cant see the actual password. Also the info is stored in a file in the /tmp directory called my_passwd

These scripts are very good and usable starting points for you to build on.

i have peppered the code with a lot of comments so that you can find it easy to read, understand and if need be modify the code too!!

==========passwd.pl
!/usr/local/bin/perl

use CGI;

$query=new CGI;

print "Content-type: text/html\n\n";

if ($query->param){ ##  User clicked on the submit button.
  $pwd_file="/tmp/my_passwd";

  ##  Read the username and password from the HTML form
  $username=$query->param('u_name');
  $newuser=$query->param('pass');

  ##  Some basic validations!!
  if ($username=~ /^$/ || $username=~ /^\s+$/){ ##  Reject Empty username
    print "Username cant be blank!!<P>\n";
  }else{
    if ($username=~ /^$/ || $username=~ /^\s+$/){ ##  Reject Empty password
      print "Password cant be blank!!<P>\n";
    }else{

      if (-e $pwd_file){  ##  Open the password file, if it already exist!!
        ##  Check if the username has already been taken
        open(PWD,$pwd_file) || die $!;
        @pwds=<PWD>;
       close(PWD);
      }

      ##  Store the existing username/passwords in a hash/associative
      ##  Array. the username is the key to the array.
      foreach(@pwds){
        ($uname,$pwd)=split(/\t/,$_);
        chomp($pwd);  ##  Remove the enter char.
        $PASSWD{$uname}=$pwd;
      }

      if ($PASSWD{$username}){  ##  Username already taken!!
        print "Please use some other username<P>\n";
      }else{  ##  ALL is OK!!
        ##  Use the Process id & time to generate the salt.
        srand($$|time);                                 # random seed
        @saltchars=(a..z,A..Z,0..9,'.','/');            # valid salt chars
        $salt=$saltchars[int(rand($#saltchars+1))];     # first random salt cha
r
        $salt.=$saltchars[int(rand($#saltchars+1))];    # second random salt ch
ar
        ##  Encrypt the password
        $newuser = crypt ($newuser, $salt);

        $PASSWD{$username}=$newuser;
        ##  Write this new username/password to the file
        open(PASS,">$pwd_file") || die $!;
        foreach(keys %PASSWD){
          print PASS $_."\t".$PASSWD{$_},"\n";
        }
        close(PASS);

        print "<B>Welcome, Your account is now ready!!</B><P>\n";
        exit;
      }
    }
  }
}

print qq{
  <form method=POST action="$ENV{SCRIPT_NAME}">
  <b>Enter username </B><input type=text name=u_name><BR>
  <b>Enter password </B><input type=password name=pass><P>
  <INPUT TYPE=submit>
  </form>
};

=================login.pl
#!/usr/local/bin/perl

use CGI;

$query=new CGI;

print "Content-type: text/html\n\n";

if ($query->param){ ##  User clicked on the submit button.
  $pwd_file="/tmp/my_passwd";

  ##  Read the username and password from the HTML form
  $username=$query->param('u_name');
  $newuser=$query->param('pass');

  ##  Some basic validations!!
  if ($username=~ /^$/ || $username=~ /^\s+$/){ ##  Reject Empty username
    print "Username cant be blank!!<P>\n";
  }else{
    if ($newuser=~ /^$/ || $newuser=~ /^\s+$/){ ##  Reject Empty password
      print "Password cant be blank!!<P>\n";
    }else{

      if (-e $pwd_file){  ##  Open the password file, if it already exist!!
        ##  Check if the username has already been taken
        open(PWD,$pwd_file) || die $!;
        @pwds=<PWD>;
        close(PWD);
      }

      ##  Store the existing username/passwords in a hash/associative
      ##  Array. the username is the key to the array.
      foreach(@pwds){
        ($uname,$pwd)=split(/\t/,$_);
        chomp($pwd);  ##  Remove the enter char.
        $PASSWD{$uname}=$pwd;
      }

      if ($PASSWD{$username}){  ##  Username exists in our file!!
        ##  Extract the salt from the original password!!
        $salt=substr($PASSWD{$username},0,2);

        if ( crypt($newuser,$salt) eq $PASSWD{$username}){    ##  Valid user!!
          print "<B>Welcome $username, You have logged in successfully!!</B><P>
\n";
          exit;
        }else{
          print "Invalid password\n";
        }
      }else{  ##  Invalid Username
        print "Please use a valid username<P>\n";
      }
    }
  }
}

print qq{
  <form method=POST action="$ENV{SCRIPT_NAME}">
  <b>Enter username </B><input type=text name=u_name><BR>
  <b>Enter password </B><input type=password name=pass><P>
  <INPUT TYPE=submit name=Login>
  </form>
};
===========================================
0
 

Author Comment

by:annesmith
ID: 2818956
Thanks very much for your Help.

The program is working perfectly thanks to your expert help.

thanks you.

Anne.
0
 
LVL 16

Expert Comment

by:maneshr
ID: 2819011
Glad to know that your problem was solved.

most welcome :-)


Rgds
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Remove Malware code from PHP file 6 74
how to extract data from a table into a fixed length file 10 54
Perl Sort Question 4 129
work on ods spreadsheet with perl in ubuntu 4 75
Many time we need to work with multiple files all together. If its windows system then we can use some GUI based editor to accomplish our task. But what if you are on putty or have only CLI(Command Line Interface) as an option to  edit your files. I…
Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now