Solved

different logins lead to different html pages

Posted on 2001-06-06
26
152 Views
Last Modified: 2013-12-25
This is essentially the same question as "bogie" had. I have (at the moment) 15 "registered users" that need to be led to their "own" html page.
I have folled "bogie's" thread and think Bob's answer is exactly what I need, but I still need some "handholding".  I might have some additional questions regarding security.

Thanks a lot,
Doris

0
Comment
Question by:dkyburz
  • 13
  • 13
26 Comments
 
LVL 8

Expert Comment

by:bebonham
Comment Utility
okay,

well, you are right to wonder about security.

server side script is secure in this way:

unless someone can hack into your website, they can't see anything in your cgi-bin directory.

however, the problem really only comes if someone in your own organization is trying to divulge passwords...then you need to use cyptology (which is how we would store the passwords if you feel it is necessary).

instead of the bogie idea, I think we should set up something slightly more complicated....that will be much EASIER for you, (I hope) and also, much more flexable.


first, this is the password file, called nav.dat

bob|texas|http://www.deja.com
test|password|http://www.experts-exchange.com
final|test|http://www.cnet.com

basically it follows this format:
username then a '|' then the password, then another '|', and finally, the full url of the new page.
you can add as many users as you want. (and this is why it is easy also to let them add themselves over the website)


and then, here is the script that does the password check and page change:


#!/usr/local/bin/perl

use CGI ':standard';


if(!param())
{
print header, start_html,
start_form,
textfield(-name=>'username'),br(),
textfield(-name=>'password'), submit(-name=>'sb', -value=>'logon'),
end_form;
}
elsif(param('username') and param('password'))
{
$pw=param('password');
$un=param('username');
open FILE, "nav.dat";
while (<FILE>)            
{
if($_=~/$un\|$pw/){
chomp($page=${[split(/\|/,$_)]}[2]);
print "Location: $page\n\n";}}
close FILE;
if(length($page)<2)
{
print header, start_html,
h1('sorry, that password and username are not recognized');
}}
else
{
print header, start_html,h1('sorry, you need to enter a username and password');
}

 


if you ask another question about "how do I let my users add their own page and user id and pw" this technique can be the basis of that...

it would be easy to set it up so the users could add themselves.


final notes:
 
you will have to chmod +x the main script (assign it the proper permissions)
and you will also have to do the same to the nav.dat data file

chmod 777 nav.dat (give full permissions to the world on this file)

let me know if you need any more help.

Bob
0
 

Author Comment

by:dkyburz
Comment Utility
Hi Bob,

Thank you for your superquick response.
I will try it out with fake user names etc. as quickly as I can. Once it works I can "transfer" it in the yet waiting to be created web pages.

One question though I have: I haven't seen that line - use CGI ':standard'; - before. Do I have to leave it in there as it is?

And did I understand correctly: the nav.dat file and the cgi script are in the same directory?

That's it, I'll be back soon :-)

Doris


0
 

Author Comment

by:dkyburz
Comment Utility
Me again. Could not go to bed without trying this.

Made a simple html page with two textfields (username and password) and a submit button. It's located here:
http://www.dkmediadesign.com/IS/test/login_example.html

I've created a cgi file "authentic.cgi" by cutting and pasting the script you have provided. It's uploaded into the cgi-bin and there I've created a directory "authentification". It's in there and the permission is set to 755.

And last I have created another nav.dat file (just to get the hang of it). The data I have created is:
cow|milk|http://www.integritysales.com
cat|mouse|http://www.cea.edu
horse|cowboy|http://www.dkmediadesign.com
bird|song|http://www.danazed.com
turtle|island|http://www.tuschmanphoto.com

It's in the same directory as the "authentic.cgi" script and the permission is set to 777.

Now, when I test it out I get a 500 "internal server error" message.

What might I have missed here?
0
 

Author Comment

by:dkyburz
Comment Utility
Me again. Could not go to bed without trying this.

Made a simple html page with two textfields (username and password) and a submit button. It's located here:
http://www.dkmediadesign.com/IS/test/login_example.html

I've created a cgi file "authentic.cgi" by cutting and pasting the script you have provided. It's uploaded into the cgi-bin and there I've created a directory "authentification". It's in there and the permission is set to 755.

And last I have created another nav.dat file (just to get the hang of it). The data I have created is:
cow|milk|http://www.integritysales.com
cat|mouse|http://www.cea.edu
horse|cowboy|http://www.dkmediadesign.com
bird|song|http://www.danazed.com
turtle|island|http://www.tuschmanphoto.com

It's in the same directory as the "authentic.cgi" script and the permission is set to 777.

Now, when I test it out I get a 500 "internal server error" message.

What might I have missed here?
0
 
LVL 8

Expert Comment

by:bebonham
Comment Utility
hi,

yes, both files should be in the same directory:

also, there doesn't need to be any form to call it.

just go to the http://www.dkmediadesign.com/cgi-bin/authentification/authentic.cgi

directly

however, something is obviously wrong apart from that..


I am wondering if you have the CGI module installed on your server...

that is more likely the problem

Bob
0
 
LVL 8

Expert Comment

by:bebonham
Comment Utility
this is a script that will list all your modules

#!/usr/local/bin/perl

use strict;
my $j;
my $i;
my @files;
my @mList;
my @dList;
for($i=0;$i<$#INC;$i++)
{
opendir MDIR, $INC[$i] or die "I can't open that dir $!\n";
@files=readdir MDIR;
foreach(@files)
{if($_=~/\.pm$/)
{
push(@mList,$_);
push @dList,$INC[$i]
}}}

open FILE, ">myMods.dat";
print FILE "module\t\tfully qualified path\n";
print FILE "======\t\t====================\n";
for($j=0;$j<$#mList;$j++)
{
print FILE $mList[$j] . "\t\t" . $dList[$j] . "\n";
}


go ahead and put that in your cgi-bin directory, make it executable and run it from telnet (or the shell prompt)

it will make a file called myMods.dat

open that file and look for CGI.pm

if it's in there, we know you have CGI installed, if not, we can do this without CGI, but it is quite a bit more complicated.

Bob
0
 

Author Comment

by:dkyburz
Comment Utility
Good morning!

This is really fun, I'm even on it before having breakfast :-)

OK, I made the file with your script, uploaded, changed permission, run it and CGI.pm is in there. Hallelujah.

Now, what I thought it would work like is:
The user comes to an html page, and he/she knows that by typing in the username and password he/she will get to the html page especially made for them. In this case it's an order form with all the prices that were negotiated beforehand. So that's why I made this simple form because I thought that's the way it will work. The pages are in "design yet to be approved by client stage", but here is one of the comps to give you the idea:
http://www.dkmediadesign.com/IS/comps/doris/B_sub_01_green.html

I am wondering whether and what I have done wrong.

I have signed up with a host for my client and should get access to their server within a day or so. Let me try there as soon as I can and see whether it works better on their server.

Thank you so much. I'm off for breakfast now :-)
Doris


0
 

Author Comment

by:dkyburz
Comment Utility
Good morning!

This is really fun, I'm even on it before having breakfast :-)

OK, I made the file with your script, uploaded, changed permission, run it and CGI.pm is in there. Hallelujah.

Now, what I thought it would work like is:
The user comes to an html page, and he/she knows that by typing in the username and password he/she will get to the html page especially made for them. In this case it's an order form with all the prices that were negotiated beforehand. So that's why I made this simple form because I thought that's the way it will work. The pages are in "design yet to be approved by client stage", but here is one of the comps to give you the idea:
http://www.dkmediadesign.com/IS/comps/doris/B_sub_01_green.html

I am wondering whether and what I have done wrong.

I have signed up with a host for my client and should get access to their server within a day or so. Let me try there as soon as I can and see whether it works better on their server.

Thank you so much. I'm off for breakfast now :-)
Doris


0
 
LVL 8

Expert Comment

by:bebonham
Comment Utility
hi again,

glad you are having fun...perl is definitely my favorite thing to do on the computer...

well, since you have cgi we don't have to worry about that being a potential problem...

have you tried running ./authentic.cgi?

(running authentic.cgi from the command prompt?)

then you might see some useful errors returned to you that may help us figure it out.

in the mean time, you can see how CGI.pm works and how you don't even need a html page to submit the data (although, if you want one, that is certainly no problem -- I just thought it would be easier to only have the script, and not need a page)

anyways, check it out at http://www.milestonemortgage.com/cgi-bin/test/pw.pl

keep me posted, but honestly I don't think you've done anything wrong...

since you had no problem running that second script we know that you know what you are doing, and that your install of perl is okay, and that you have CGI, it has got to be some simple syntax type of thing.

we'll get it.

Bob
0
 
LVL 8

Expert Comment

by:bebonham
Comment Utility
hi again,

glad you are having fun...perl is definitely my favorite thing to do on the computer...

well, since you have cgi we don't have to worry about that being a potential problem...

have you tried running ./authentic.cgi?

(running authentic.cgi from the command prompt?)

then you might see some useful errors returned to you that may help us figure it out.

in the mean time, you can see how CGI.pm works and how you don't even need a html page to submit the data (although, if you want one, that is certainly no problem -- I just thought it would be easier to only have the script, and not need a page)

anyways, check it out at http://www.milestonemortgage.com/cgi-bin/test/pw.pl

keep me posted, but honestly I don't think you've done anything wrong...

since you had no problem running that second script we know that you know what you are doing, and that your install of perl is okay, and that you have CGI, it has got to be some simple syntax type of thing.

we'll get it.

Bob
0
 

Author Comment

by:dkyburz
Comment Utility
I couldn't wait, of course, until I have access to the other server ;-)

Well then, I ran authetic.cgi and got the following response:

Unrecognized character  \312 at ./authentic.cgi line 18.

I opened the file from the server with fetch and couldn't see anything "funny". I forgot how the lines are "counted" (in Perl) but just for your information, there is one blank line after the shebang line and one after the "use CGI standard" line. So line 18 is either
while (<FILE>)
or
if($_=~/$un\|$pw/){

Does this give you an idea what's going on?

Thank you, this is so much fun!!! (I should write this in uppercase...)

Doris
0
 
LVL 8

Expert Comment

by:bebonham
Comment Utility
okay, hmmm...both of those lines *look* fine to me, and I have used stuff like that before...

how about trying this change:
I am wondering if it is a problem with escaping | (\|)
not that this happen on any system I know of...but hey, I am running low on ideas here...


#!/usr/local/bin/perl

use CGI ':standard';


if(!param())
{
print header, start_html,
start_form,
textfield(-name=>'username'),br(),
textfield(-name=>'password'), submit(-name=>'sb', -value=>'logon'),
end_form;
}
elsif(param('username') and param('password'))
{
$pw=param('password');
$un=param('username');
open FILE, "nav.dat";
$unpw=$un . '|' . $pw;
while(<FILE>)            
{
if($_=~/$unpw/){
chomp($page=${[split(/\|/,$_)]}[2]);
print "Location: $page\n\n";
}}
close FILE;
if(length($page)<2)
{
print header, start_html,
h1('sorry, that password and username are not recognized');
}}
else
{
print header, start_html,h1('sorry, you need to enter a username and password');
}



if that doesn't work for you either,

we will have to begin testing:
so let's try this first:

#!/usr/local/bin/perl

use CGI ':standard';


if(!param())
{
print header, start_html,
start_form,
textfield(-name=>'username'),br(),
textfield(-name=>'password'), submit(-name=>'sb', -value=>'logon'),
end_form;
}
elsif(param('username') and param('password'))
{
print header, start_html;

print "the basic logic of the script is okay, now lets add password processing";
$page='page';
}
else
{
print header, start_html,h1('sorry, you need to enter a username and password');
}


if that prints the message about "the basic logic of the script is okay"
then we can continue to add the part where we check the password, and then finally, we will add back in the page changing part.

okay?

but hopefully that first thing worked.

Good Luck

Bob
0
 

Author Comment

by:dkyburz
Comment Utility
"test report"

first script: this produced the following error message when I run it with ./authentic.cgi:
"Unrecognized character \312 at line 17" (no empty lines this time)

second (test) script: this one gets the following "feedback" when I run it with .authentic.cgi:
"(offline mode: enter name=value pairs on standard input)"   (with brackets)
when I open the file in the browser we get the "desired error message". See here:
http://www.dkmediadesign.com/cgi-bin/authentification/authentic.cgi

I'm really curious where "the dog lays buried", as we say in German.

Doris
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 8

Expert Comment

by:bebonham
Comment Utility
excellent well, we are on the right track now, and I feel good that the solution is in sight.

by the way, that offline mode stuff is the debugging method of cgi...when that happens you can type name=value pairs and then hit ^D on unix and ^Z on windows to end and send those paramaters to the script.

okay, now I will post two test to keep you a little busier, if we pass both then we are only one more step away.

this test is to determine if we can read the username and password without error.

#!/usr/local/bin/perl

use CGI ':standard';


if(!param())
{
print header, start_html,
start_form,
textfield(-name=>'username'),br(),
textfield(-name=>'password'), submit(-name=>'sb', -value=>'logon'),
end_form;
}
elsif(param('username') and param('password'))
{

print header, start_html;
print "your password is " . param('password') . " and username is " . param('username');

print "\n!!! we are reading the user name and password!";

}
else
{
print header, start_html,h1('sorry, you need to enter a username and password');
}




okay, we move on to test two (I lied there are three tests this time)

now we test to see if we can open the password file and print it to the browser.


#!/usr/local/bin/perl

use CGI ':standard';


if(!param())
{
print header, start_html,
start_form,
textfield(-name=>'username'),br(),
textfield(-name=>'password'), submit(-name=>'sb', -value=>'logon'),
end_form;
}
elsif(param('username') and param('password'))
{

print header, start_html;
###print "your password is " . param('password') . " and
####username is " . param('username');

open PWFILE, "nav.dat";
while(<FILE>){
print $_;
}

print "\n" . 'this is the password file!';
close PWFILE;

}
else
{
print header, start_html,h1('sorry, you need to enter a username and password');
}



okay, now to the final test, if we pass this it is a cakewalk from here as we say in american :)

#!/usr/local/bin/perl

use CGI ':standard';


if(!param())
{
print header, start_html,
start_form,
textfield(-name=>'username'),br(),
textfield(-name=>'password'), submit(-name=>'sb', -value=>'logon'),
end_form;
}
elsif(param('username') and param('password'))
{

print header, start_html;
print "your password is " . param('password') . " and
username is " . param('username');
$unpw=param('username') . '|' . param('password');
open PWFILE, "nav.dat";
while(<FILE>){
print $_;
if($unpw=~/$_)
{
print "this line matched, and we are almost there\n$_";
}
}

print "\n" . 'this is the password file!';
close PWFILE;

}
else
{
print header, start_html,h1('sorry, you need to enter a username and password');
}



okay, let me know! (no hurry, though!, but if you are game, I am too!)

Bob
0
 
LVL 8

Expert Comment

by:bebonham
Comment Utility
also posting the link to the test scripts was great...

if they all work, only post the last,

if they don't, post the last working and the one that fails please,


Bob
0
 

Author Comment

by:dkyburz
Comment Utility
Here is the newest test report :-)

script 1 = works perfect

script 2 = works perfect
You can view it working here:
http://www.dkmediadesign.com/cgi-bin/authentification/authenticgood.cgi
use "horse|cowboy"

script 3 produces again an "internal server error"
You can view it here:
http://www.dkmediadesign.com/cgi-bin/authentification/authenticbad.cgi
I have uploaded and set permissions of these scripts separately. (script 1 = authentic.cgi at the moment)

I know there is no hurry, but...

So we are close to the "buried dog", hmmm...

Looking forward to the next round :-)

Doris

PS. no hurry, remember :-)
0
 
LVL 8

Expert Comment

by:bebonham
Comment Utility
okay, notice in
http://www.dkmediadesign.com/cgi-bin/authentification/authenticgood.cgi

(script 2)

that the contents of the nav.dat file are not being printed.


have you done a chmod 777 nav.dat ?
just telnet into the server get to the right directory, and type chmod 777 nav.dat

because it has to have 777 permissions for us to open the file for reading and writing over the web.

also try running the script 3 (that didn't work) from the command line or prompt or whatever ...

see what error it returns, also on script 3, make sure that

the line:
print "your password is " . param('password') . " and username is " . param('username');

is all on one line.

make sure any line starting with print is all one one line.


okay, it is hard for me to make sure that the lines stay together on one line, because sometimes when they get posted here, the formating gets altered.


Okay, good luck!

Bob

0
 

Author Comment

by:dkyburz
Comment Utility
Hi Bob,

I guess we are getting closer. Here my report:

- the permissions are set correctly: rwxrwxrwx for nav.dat and rwxr-wr-x for authenticbad.cgi

- made the print lines "oneliners"

- tested authenticbad (the new one with the onliners) with ./authenticbad.cgi
result error message: Search pattern not terminated at ./authenticbad.cgi at line 15
which is:
if($unpw=~/$_)

Actually "was": I went back to my Perl book and looked up "Delimiters" and trying myself by inserting a slash, like so:
if($unpw=~/$_/)

I do not know whether this is what really was the problem but, hey, look here:
http://www.dkmediadesign.com/cgi-bin/authentification/authenticbad.cgi
"authenticbad.cgi" isn't bad anymore.

Now I am totally curious what the next step will be. This is so absolutely great fun.  

Looking forward to the next (last?) step :-)

Doris
(PS. authenticbad.cgi is the only one up at the moment, I'm trying not to get confused with the versions...)

0
 
LVL 8

Expert Comment

by:bebonham
Comment Utility
good job, now you are fixing my mistakes!!

yes, that is right, that is a regular expression searching for the username password match (you may have figured as much)

anyways,

you are going to hate me for this, but I screwed up again I JUST NOTICED, okay, heh sorry, I feel like dumb now.

here is another problem...

I opened up a file with the file handle PWFILE, and then I try to use it with the file handle FILE ?!?!
sorry about that...

here is a corrected code for test three.

(with  your correction and mine :)  )
#!/usr/local/bin/perl

use CGI ':standard';


if(!param())
{
print header, start_html,
start_form,
textfield(-name=>'username'),br(),
textfield(-name=>'password'), submit(-name=>'sb', -value=>'logon'),
end_form;
}
elsif(param('username') and param('password'))
{

print header, start_html;
print "your password is " . param('password') . " and
username is " . param('username');
$unpw=param('username') . '|' . param('password');
open PWFILE, "nav.dat";
while(<PWFILE>){
print $_;
if($unpw=~/$_/)
{
print "this line matched, and we are almost there\n$_";
}
}

print "\n" . 'this is the password file!';
close PWFILE;

}
else
{
print header, start_html,h1('sorry, you need to enter a username and password');
}


okay, Doris, I have my fingers crossed !!

good luck!

Bob
0
 
LVL 8

Expert Comment

by:bebonham
Comment Utility
I'm excited, I think it will work!
0
 

Author Comment

by:dkyburz
Comment Utility
Hey Bob, "we" are a good team :-))

You must have spent the evening with crossed fingers.

Just came home from dinner with friends and had to try it out right away. Bravo! Bravo! See here:
http://www.dkmediadesign.com/cgi-bin/authentification/authentic.cgi

I have renamed the script again to it's original name.

I've compared this one with the very first script and I am looking forward to get the final "instructions" on how to make the whole thing work from the login on the html page the user is going to use.

Wish you a fine and refreshing weekend,

Doris



0
 
LVL 8

Accepted Solution

by:
bebonham earned 300 total points
Comment Utility
super! we are on the verge, and if this works, hopefully, your question will be answered.


the only change now, is that we are going to print the location to the browser, and that should change the page to whatever you have specified.

#!/usr/local/bin/perl

use CGI ':standard';


if(!param())
{
print header, start_html,
start_form,
textfield(-name=>'username'),br(),
textfield(-name=>'password'), submit(-name=>'sb', -value=>'logon'),
end_form;
}
elsif(param('username') and param('password'))
{

$unpw=param('username') . '|' . param('password');
open PWFILE, "nav.dat";
while(<PWFILE>){
if($unpw=~/$_/)
{
chomp($page=${[split(/\|/,$_)]}[2]);
print "Location: $page\n\n";
close PWFILE;
exit;
}
}
print header, start_html;
print "sorry, we couldn't find that username and password";
close PWFILE;
exit;
}
else
{
print header, start_html,h1('sorry, you need to enter a username and password');
}


Okay, tell me how it goes!


Bob
0
 

Author Comment

by:dkyburz
Comment Utility
Wonderful Bob!

We are there, you did it! :-)) If you hear a loud sound: it's the big rock that just fell from my heart!
I'm one big step closer to completion of my huge job.

I have started installing the shopping cart, and that one works better than I feared (even the "search function I've added works ;-). This "exercise" gave me some confidence that I can at least figure how things work. I might be back soon with the remaining shopping cart problems ;-)

I wish you a splendid Sunday!

Doris
0
 

Author Comment

by:dkyburz
Comment Utility
Thanks for your great patience!
0
 

Author Comment

by:dkyburz
Comment Utility
Thanks for your great patience!
0
 
LVL 8

Expert Comment

by:bebonham
Comment Utility
no problem, it was fun working with you!

thanks for your patience as well, and good luck in your task!

Bob
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

The following is a collection of cases for strange behaviour when using advanced techniques in DOS batch files. You should have some basic experience in batch "programming", as I'm assuming some knowledge and not further explain the basics. For some…
This tutorial will discuss the log-in process using WhizBase. In this article I assume you already know HTML. I will write the code using WhizBase Server Pages, so you need to know some basics in WBSP (you might look at some of my other articles abo…
Learn the basics of strings in Python: declaration, operations, indices, and slicing. Strings are declared with quotations; for example: s = "string": Strings are immutable.: Strings may be concatenated or multiplied using the addition and multiplic…
Learn the basics of lists in Python. Lists, as their name suggests, are a means for ordering and storing values. : Lists are declared using brackets; for example: t = [1, 2, 3]: Lists may contain a mix of data types; for example: t = ['string', 1, T…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now