Solved

Giving users username & password

Posted on 2000-05-10
7
251 Views
Last Modified: 2010-03-05
I am trying to give users who enter the site a username & corresponding password.

I can put the username & password into an associative array like this:

%username = ("ABC",101,
             "DEF",102,
             "GHI",103);

Alternatively is it better to put them seperatley into an array as follows:

@username=("ABC","DEF","GHI");
@password=("101","102","103");

I am trying to generate a different password and a different username to be given to the user whenever the site is visited.

I thought that this may involve a loop of some sort.

when the value os given to the user then the value is incremented some how.

I know how to return values from the arrays above by using $username{ABC} for the associative array and $password[0] for the array's.

If anyone has any ideas as to the above or any alternatives that may be easier please let me know.

thank you

Anne.




0
Comment
Question by:annesmith
  • 4
  • 3
7 Comments
 
LVL 16

Expert Comment

by:maneshr
Comment Utility
here is what i understand from your requirement above...

you want to generate a different password and a different username to users visiting your site.

if that is indeed the case i have a couple of Q's

* would you give a user a username and password from a pre-defined set of usernames and passwords??

Eg . you have 1000 usernames and passwords already created and stored somewhere and you just give them out one-by-one to every user visiting your site (kind of like a token).

* why cant you generate a username/password for the user once and let the user use it to log on to your system?? that way you dont have to worry about having to generate a new username/password fora user who is re-visiting your site.

let me know.
0
 

Author Comment

by:annesmith
Comment Utility
yes I am wanting to give the users a password and username as they enter the sytem as you said above like a token.

However the other way seems a little more complicated.  If it is this does not matter as long as I can find a way to give out usernames and passwords randomly to users.  i.e from an associative array.

Any of the ways above you have mentioned would work fine.  it depends I suppose upon yourself a simple way would be fine for me such as the token you mentioned above as I could then save this users password and username to a file.

Thanks.

Anne.
0
 
LVL 16

Expert Comment

by:maneshr
Comment Utility
i personally prefer going for the 2nd method. create username/password once and validate every time after that.

pl. let me know if this is fine with you and i will write a small piece of code that will do the same.

Rgds
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:annesmith
Comment Utility
Thanks for your reply Maneshr.
Yes that is fine going with your 2nd method.  

It is actualy probably the better of the two.

I just thought it may be a bit tricker but hey after all your the expert.

thanks again.

Anne.
0
 
LVL 16

Accepted Solution

by:
maneshr earned 60 total points
Comment Utility
i have written 2 script viz. passwd.pl for creating the username and password the first time/for a new user.

the second script - login.pl - would validate if the user has used the proper username and password & if so would show a welcome message to the user.

the password are all encrypted, so even you cant see the actual password. Also the info is stored in a file in the /tmp directory called my_passwd

These scripts are very good and usable starting points for you to build on.

i have peppered the code with a lot of comments so that you can find it easy to read, understand and if need be modify the code too!!

==========passwd.pl
!/usr/local/bin/perl

use CGI;

$query=new CGI;

print "Content-type: text/html\n\n";

if ($query->param){ ##  User clicked on the submit button.
  $pwd_file="/tmp/my_passwd";

  ##  Read the username and password from the HTML form
  $username=$query->param('u_name');
  $newuser=$query->param('pass');

  ##  Some basic validations!!
  if ($username=~ /^$/ || $username=~ /^\s+$/){ ##  Reject Empty username
    print "Username cant be blank!!<P>\n";
  }else{
    if ($username=~ /^$/ || $username=~ /^\s+$/){ ##  Reject Empty password
      print "Password cant be blank!!<P>\n";
    }else{

      if (-e $pwd_file){  ##  Open the password file, if it already exist!!
        ##  Check if the username has already been taken
        open(PWD,$pwd_file) || die $!;
        @pwds=<PWD>;
       close(PWD);
      }

      ##  Store the existing username/passwords in a hash/associative
      ##  Array. the username is the key to the array.
      foreach(@pwds){
        ($uname,$pwd)=split(/\t/,$_);
        chomp($pwd);  ##  Remove the enter char.
        $PASSWD{$uname}=$pwd;
      }

      if ($PASSWD{$username}){  ##  Username already taken!!
        print "Please use some other username<P>\n";
      }else{  ##  ALL is OK!!
        ##  Use the Process id & time to generate the salt.
        srand($$|time);                                 # random seed
        @saltchars=(a..z,A..Z,0..9,'.','/');            # valid salt chars
        $salt=$saltchars[int(rand($#saltchars+1))];     # first random salt cha
r
        $salt.=$saltchars[int(rand($#saltchars+1))];    # second random salt ch
ar
        ##  Encrypt the password
        $newuser = crypt ($newuser, $salt);

        $PASSWD{$username}=$newuser;
        ##  Write this new username/password to the file
        open(PASS,">$pwd_file") || die $!;
        foreach(keys %PASSWD){
          print PASS $_."\t".$PASSWD{$_},"\n";
        }
        close(PASS);

        print "<B>Welcome, Your account is now ready!!</B><P>\n";
        exit;
      }
    }
  }
}

print qq{
  <form method=POST action="$ENV{SCRIPT_NAME}">
  <b>Enter username </B><input type=text name=u_name><BR>
  <b>Enter password </B><input type=password name=pass><P>
  <INPUT TYPE=submit>
  </form>
};

=================login.pl
#!/usr/local/bin/perl

use CGI;

$query=new CGI;

print "Content-type: text/html\n\n";

if ($query->param){ ##  User clicked on the submit button.
  $pwd_file="/tmp/my_passwd";

  ##  Read the username and password from the HTML form
  $username=$query->param('u_name');
  $newuser=$query->param('pass');

  ##  Some basic validations!!
  if ($username=~ /^$/ || $username=~ /^\s+$/){ ##  Reject Empty username
    print "Username cant be blank!!<P>\n";
  }else{
    if ($newuser=~ /^$/ || $newuser=~ /^\s+$/){ ##  Reject Empty password
      print "Password cant be blank!!<P>\n";
    }else{

      if (-e $pwd_file){  ##  Open the password file, if it already exist!!
        ##  Check if the username has already been taken
        open(PWD,$pwd_file) || die $!;
        @pwds=<PWD>;
        close(PWD);
      }

      ##  Store the existing username/passwords in a hash/associative
      ##  Array. the username is the key to the array.
      foreach(@pwds){
        ($uname,$pwd)=split(/\t/,$_);
        chomp($pwd);  ##  Remove the enter char.
        $PASSWD{$uname}=$pwd;
      }

      if ($PASSWD{$username}){  ##  Username exists in our file!!
        ##  Extract the salt from the original password!!
        $salt=substr($PASSWD{$username},0,2);

        if ( crypt($newuser,$salt) eq $PASSWD{$username}){    ##  Valid user!!
          print "<B>Welcome $username, You have logged in successfully!!</B><P>
\n";
          exit;
        }else{
          print "Invalid password\n";
        }
      }else{  ##  Invalid Username
        print "Please use a valid username<P>\n";
      }
    }
  }
}

print qq{
  <form method=POST action="$ENV{SCRIPT_NAME}">
  <b>Enter username </B><input type=text name=u_name><BR>
  <b>Enter password </B><input type=password name=pass><P>
  <INPUT TYPE=submit name=Login>
  </form>
};
===========================================
0
 

Author Comment

by:annesmith
Comment Utility
Thanks very much for your Help.

The program is working perfectly thanks to your expert help.

thanks you.

Anne.
0
 
LVL 16

Expert Comment

by:maneshr
Comment Utility
Glad to know that your problem was solved.

most welcome :-)


Rgds
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

On Microsoft Windows, if  when you click or type the name of a .pl file, you get an error "is not recognized as an internal or external command, operable program or batch file", then this means you do not have the .pl file extension associated with …
I have been pestered over the years to produce and distribute regular data extracts, and often the request have explicitly requested the data be emailed as an Excel attachement; specifically Excel, as it appears: CSV files confuse (no Red or Green h…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now