Solved

icheck.pl doesn't work with numbers

Posted on 2002-07-17
4
128 Views
Last Modified: 2010-03-05
Hello.  I'm using a very "simple" old script called icheck.pl.  See file below.

This script is for "pretty-good" security.  

The script creator is long gone so I can't get help there.

This script works with a form and a text file with a list of usernames (see below).  The user submits their username using the form.  If the username is in a flat text file - dataDealer.txt, the user is admitted to the protected area.

Everything is working great except I can't us any **numbers** in the dataDealer.txt file.  

I've had this script working on a different server using numbers in the username field.

*********Here is the dataDealer.txt file************
11AGRO
solution
Solutions
Solution
SOLUTION
SOLUTIONS
*********Here is the Perl File***********************
#!/usr/bin/perl

# ICheck v.1.0 written by Dave Palmer <dave@upstatepress.com>
# http://upstatepress.com/dave/perl.shtml
###############################################################
# ICheck allows you to "protect" a directory, without editing
# your .htaccess file. Of course this isn't as secure as editing
# your .htaccess file, but for those who don't want just want
# a bit of security, or just want people to register themselves
# before gaining access to a site, this is the script for that
# job! You can also choose to leave out the "register as a new
# user" on the form if you do not want to allow just anyone to
# register. Its up to you!!
###############################################################

# Location of your data.txt file. This file stores your registered
# users. This should be chmod to 777 Same with the directory: icheck
$datafile = "/home/aprillou/public_html/icheckDataAll/data.txt";

# Once the user is registered, this is the location of the "secured"
# site.
$location = "http://www.netafim-usa-greenhouse.com/Greenhouse/download_area_greenhouse.html";

################################################################

read(STDIN, $input, $ENV{'CONTENT_LENGTH'});

     @pairs = split(/&/, $input);
     foreach $pair (@pairs) {
     ($name, $value) = split(/=/, $pair);
     
     $name =~ tr/+/ /;
     $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
     $value =~ tr/+/ /;
     $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

   $FORM{$name} = $value;
          }
$usrname = $FORM{'usrname'};
$email = $FORM{'email'};
$action = $FORM{'action'};

if($action eq "register") {
     &register;
          }

     else {
       &admit;
              }

sub admit {
open(FILE, "$datafile") || die "I can't\n";    

     while(<FILE>) {
     chop;          
     @all = split(/\n/);

     foreach $line (@all) {
     ($loginname, $loginemail) = split(/&&/, $line);

     if($loginname eq "$usrname" && $loginemail eq "$email") {
          $match = 1;
          &relocate;
                  }
          }
     
      }
     
close(FILE);

          if (! $match) {
          &error;
                  }

     }

sub register {
open(FILE, ">>$datafile") || die "Nope\n";
print FILE "$usrname&&$email\n";
close(FILE);

print "Content-type: text/html\n\n";
print "<html><head><title>Thanks! $usrname!</title></head>\n";
print "<body>\n";
print "<p><h1>Thanks $usrname</p></h1>\n";
print "You have been registered. You may now go back and enter <b>$usrname\n";
print "</b> and <b>$email</b> to gain access to this site\n";
print "</body></html>\n";
     }

sub relocate {
print "Location: $location\n\n";
     }

sub error {
print "Content-type: text/html\n\n";
print "<html><head><title>Error</title></head>\n";
print "<body>\n";
print "<p><h1>Error</p></h1>\n";
print "You do not have access to this site\n";
print "</body></html>\n";
exit;
          }


I'll award more points than 200 if we can get this solved.

April
0
Comment
Question by:aprillougheed
  • 2
  • 2
4 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 200 total points
ID: 7160564
the posted dataDealer.txt does not contain any user which is matched with the posted script.
The lines must look like:

   user&&mail

somehow ...
0
 

Author Comment

by:aprillougheed
ID: 7160809
Actually, the above comment had nothing to do with why the script wasn't working.  I just had the wrong url to the data text file.

But I awarded the points for your time.

April
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7160823
exactly what I assumed/said ;-)
0
 

Author Comment

by:aprillougheed
ID: 7160846
Oh - sorry I see what you mean now.  :)
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I have been pestered over the years to produce and distribute regular data extracts, and often the request have explicitly requested the data be emailed as an Excel attachement; specifically Excel, as it appears: CSV files confuse (no Red or Green h…
In the distant past (last year) I hacked together a little toy that would allow a couple of Manager types to query, preview, and extract data from a number of MongoDB instances, to their tool of choice: Excel (http://dilbert.com/strips/comic/2007-08…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now