Thanks for the detailed information! I'm a beginner and appreciate
everyone's help.
I tried a number of the suggestions in this and other responses to my
post. This test:
if ($password ne $in{password}) is still not working. I'd appreciate
any suggestions.Here is the code:
open(FILE,"pwdata.txt") || die "Can't find database\n";
#store database contents in an array and close file
@indata = <FILE>;
close(FILE);
#remove hard return character from each record
chomp($i);
foreach $i (@indata)
{
#split fields on pipe character
#assign a variable name to each of the fields
($username, $password) = split(/\ | /,$i);
if ($password ne $in{password})
Here is my complete revised code:
#!/usr/local/bin/perl
require "cgi-lib.pl";
#process incoming form data
&ReadParse;
#open the database in read-only mode
open(FILE,"pwdata.txt") || die "Can't find database\n";
#store database contents in an array and close file
@indata = <FILE>;
close(FILE);
#remove hard return character from each record
chomp($i);
foreach $i (@indata)
{
#split fields on pipe character
#assign a variable name to each of the fields
($username, $password) = split(/\ | /,$i);
if ($password ne $in{password})
{
#invalid password--create error message and exit
print &PrintHeader;
print <<"PrintTag";
<HTML>
<HEAD>
<TITLE>Error!</TITLE>
</HEAD>
<BODY BGCOLOR="white" TEXT="black">
<H1>Authorization Required</H1>
<BLOCKQUOTE>
You do not have authorization to enter this website. Please click <a
href="http://www.worldwidewebstrategies.com";>here</a> to return to the
WWWS web site.
</BLOCKQUOTE>
<BLOCKQUOTE>
If you feel you have received this message in error, please return to
the login screen and try to enter your username and password again.
</BLOCKQUOTE>
</BODY>
</HTML>
PrintTag
exit(0);
}
#check for blank form fields
if ($in{'username'}eq"" || $in{'password'}eq"")
{ #invalid password--create error message and exit
print &PrintHeader;
print <<"PrintTag";
<HTML>
<HEAD>
<TITLE>Error!</TITLE>
</HEAD>
<BODY BGCOLOR="white" TEXT="black">
<H1>Authorization Required</H1>
<BLOCKQUOTE>
You do not have authorization to enter this website. Please click <a
href="http://www.worldwidewebstrategies.com";>here</a>
to return to the WWWS web site.
</BLOCKQUOTE>
<BLOCKQUOTE>
If you feel you have received this message in error, please return to
the
login screen and try to enter your username and password again.
</BLOCKQUOTE>
</BODY>
</HTML>
PrintTag
exit(0);
}
#everything is okay. Create lock file.
open(LOCK_FILE, ">lock.fil");
#open, append record, and close database
open(FILE,">>pwdata.txt") || die "Can't find database\n";
print FILE
"$in{'username'}|$in{'password'}\n";
close(FILE);
#close lock file
close(LOCK_FILE);
#delete lock file
unlink("lock.fil");
print "Location:http://www.worldwidewebstrategies.com\n\n";;
};
Peter Scott wrote:
>
> At 08:13 PM 1/22/02 -0500, maureen wrote:
>
> >Thanks to everyone in the group who has helped me recently. I appreciate
> >all of your suggestions.
> >
> >I am working with a text file that contains pipe separators, like this:
> >
> >username | password
> >
> >I am trying to load the text file into an array and create two variables
> >$username and $password, without the separator. I'd appreciate any
> >suggestions on what I am doing wrong here.
> >
> >open(FILE,"pwdata.txt") || die "Can't find database\n";
> >@indata = <FILE>;
> >close(FILE);
> >foreach $i (@indata)
> >{
> >#remove hard return character from each record
> >chomp($i);
> >($username,$password) = split(/\|/,$i);
>
> You're not doing anything wrong there:
>
> $ cat > pwdata.txt
> username|password
> $ perl -e 'open FILE,"pwdata.txt";@a=<FILE>;for $i (@a) { chomp
> $i; ($u, $p) = split/\|/,$i ; print "Username = $u, Password = $p\n"}'
> ^D
> Username = username, Password = password
>
> Your following test (below) though is wrong:
>
> if ($password = $i{password})
>
> I have no idea what that's trying to do. I don't see a hash %i in your
> code. And you're doing an assignment in a conditional instead of a
> test. I think you may have meant
>
> if ($password ne $in{password})
>
> However, I have several problems with your approach to an application that
> appears to be authenticating people for a web application:
>
> 1. Passwords stored in plain text. They should be stored as a one-way
> encryption, with, e.g., Digest::MD5.
> 2. Password file accessed without locking. It might be being updated at
> the same time.
> 3. Using cgi-lib.pl instead of CGI.pm.
> 4. Not using strict.
> 5. Not using -w during development.
> 6. Successful authentication simply redirects user to another page, whose
> URL could be discovered by someone who might just go straight there. If
> it's worth protecting then that page should be protected also. Using
> HTTP-Basic authentication may be a better approach.
> 7. Duplication of error message rather than reference the same
> one. Although it looks as though they ought to be two different error
> messages anyway.
>
> >Thanks! Maureen
> >
> >
> >The entire code follows:
> >
> >#!/usr/local/bin/perl
> >require "cgi-lib.pl";
> >#process incoming form data
> >&ReadParse;
> >#open the database in read-only mode
> >open(FILE,"pwdata.txt") || die "Can't find database\n";
> >#store database contents in an array and close file
> >@indata = <FILE>;
> >close(FILE);
> >foreach $i (@indata)
> >{
> >#remove hard return character from each record
> >chomp($i);
> >#split fields on pipe character
> >#assign a variable name to each of the fields
> >($username,$password) = split(/\|/,$i);
> >if ($password = $i{password})
> >{
> >#invalid password--create error message and exit
> >print &PrintHeader;
> >print <<"PrintTag";
> >
> >
> >Authorization Required
> >
> >
> >You do not have authorization to enter this website. Please click
> ><http://www.worldwidewebstrategies.com>here to return to the WWWS web site.
> >
> >If you feel you have received this message in error, please return to the
> >login screen and try to enter your username and password again.
> >
> >
> >PrintTag
> >exit(0);
> >}
> >#check for blank form fields
> >if ($in{'username'}eq"" || $in{'password'}eq"")
> >{ #invalid password--create error message and exit
> >print &PrintHeader;
> >print <<"PrintTag";
> >
> >
> >Authorization Required
> >
> >
> >You do not have authorization to enter this website. Please click
> ><http://www.worldwidewebstrategies.com>here to return to the WWWS web site.
> >
> >If you feel you have received this message in error, please return to the
> >login screen and try to enter your username and password again.
> >
> >
> >PrintTag
> >exit(0);
> >}
> >print "Location:http://www.worldwidewebstrategies.com\n\n";;
> >};
> >Thanks
>
> --
> Peter Scott
> Pacific Systems Design Technologies
> http://www.perldebugged.com
--
Be the change you want to see in the World - Mahatma Ghandi
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
