Solved

icheck.pl doesn't work with numbers

Posted on 2002-07-17
4
136 Views
Last Modified: 2010-03-05
Hello.  I'm using a very "simple" old script called icheck.pl.  See file below.

This script is for "pretty-good" security.  

The script creator is long gone so I can't get help there.

This script works with a form and a text file with a list of usernames (see below).  The user submits their username using the form.  If the username is in a flat text file - dataDealer.txt, the user is admitted to the protected area.

Everything is working great except I can't us any **numbers** in the dataDealer.txt file.  

I've had this script working on a different server using numbers in the username field.

*********Here is the dataDealer.txt file************
11AGRO
solution
Solutions
Solution
SOLUTION
SOLUTIONS
*********Here is the Perl File***********************
#!/usr/bin/perl

# ICheck v.1.0 written by Dave Palmer <dave@upstatepress.com>
# http://upstatepress.com/dave/perl.shtml
###############################################################
# ICheck allows you to "protect" a directory, without editing
# your .htaccess file. Of course this isn't as secure as editing
# your .htaccess file, but for those who don't want just want
# a bit of security, or just want people to register themselves
# before gaining access to a site, this is the script for that
# job! You can also choose to leave out the "register as a new
# user" on the form if you do not want to allow just anyone to
# register. Its up to you!!
###############################################################

# Location of your data.txt file. This file stores your registered
# users. This should be chmod to 777 Same with the directory: icheck
$datafile = "/home/aprillou/public_html/icheckDataAll/data.txt";

# Once the user is registered, this is the location of the "secured"
# site.
$location = "http://www.netafim-usa-greenhouse.com/Greenhouse/download_area_greenhouse.html";

################################################################

read(STDIN, $input, $ENV{'CONTENT_LENGTH'});

     @pairs = split(/&/, $input);
     foreach $pair (@pairs) {
     ($name, $value) = split(/=/, $pair);
     
     $name =~ tr/+/ /;
     $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
     $value =~ tr/+/ /;
     $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

   $FORM{$name} = $value;
          }
$usrname = $FORM{'usrname'};
$email = $FORM{'email'};
$action = $FORM{'action'};

if($action eq "register") {
     &register;
          }

     else {
       &admit;
              }

sub admit {
open(FILE, "$datafile") || die "I can't\n";    

     while(<FILE>) {
     chop;          
     @all = split(/\n/);

     foreach $line (@all) {
     ($loginname, $loginemail) = split(/&&/, $line);

     if($loginname eq "$usrname" && $loginemail eq "$email") {
          $match = 1;
          &relocate;
                  }
          }
     
      }
     
close(FILE);

          if (! $match) {
          &error;
                  }

     }

sub register {
open(FILE, ">>$datafile") || die "Nope\n";
print FILE "$usrname&&$email\n";
close(FILE);

print "Content-type: text/html\n\n";
print "<html><head><title>Thanks! $usrname!</title></head>\n";
print "<body>\n";
print "<p><h1>Thanks $usrname</p></h1>\n";
print "You have been registered. You may now go back and enter <b>$usrname\n";
print "</b> and <b>$email</b> to gain access to this site\n";
print "</body></html>\n";
     }

sub relocate {
print "Location: $location\n\n";
     }

sub error {
print "Content-type: text/html\n\n";
print "<html><head><title>Error</title></head>\n";
print "<body>\n";
print "<p><h1>Error</p></h1>\n";
print "You do not have access to this site\n";
print "</body></html>\n";
exit;
          }


I'll award more points than 200 if we can get this solved.

April
0
Comment
Question by:aprillougheed
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 200 total points
ID: 7160564
the posted dataDealer.txt does not contain any user which is matched with the posted script.
The lines must look like:

   user&&mail

somehow ...
0
 

Author Comment

by:aprillougheed
ID: 7160809
Actually, the above comment had nothing to do with why the script wasn't working.  I just had the wrong url to the data text file.

But I awarded the points for your time.

April
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7160823
exactly what I assumed/said ;-)
0
 

Author Comment

by:aprillougheed
ID: 7160846
Oh - sorry I see what you mean now.  :)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've just discovered very important differences between Windows an Unix formats in Perl,at least 5.xx.. MOST IMPORTANT: Use Unix file format while saving Your script. otherwise it will have ^M s or smth likely weird in the EOL, Then DO NOT use m…
Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Six Sigma Control Plans

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question