I haven't worked with cgi-lib.pl, so I'm confused. Is the password from the
web page being delivered as part of a hash called in? If so, then someone
else will need to help you with the if ($password ne $in{password}).
The other thing that I notice is that you are looking through the entire
pwdata.txt file comparing the password that was passed in against every
password in the file. It seems to me like you would want to compare the
username entered on the web page to the username on the line in the file,
and if they match, then compare the passwords, with some other case if none
of the usernames match.
On further review, what you are doing is comparing the password entered
against the password on the first line of pwdata.txt, and if it doesn't
match, then you exit the script.
I apologize for not giving more detailed help and debugging your code
further, but hopefully my comments help.
/\/\ark
-----Original Message-----
From: maureen [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 23, 2002 2:09 PM
Cc: [EMAIL PROTECTED]
Subject: Re: Text file separators
Thanks for the detailed information! I'm a beginner and appreciate
everyone's help.
I tried a number of the suggestions in this and other responses to my
post. This test:
if ($password ne $in{password}) is still not working. I'd appreciate
any suggestions.Here is the code:
open(FILE,"pwdata.txt") || die "Can't find database\n";
#store database contents in an array and close file
@indata = <FILE>;
close(FILE);
#remove hard return character from each record
chomp($i);
foreach $i (@indata)
{
#split fields on pipe character
#assign a variable name to each of the fields
($username, $password) = split(/\ | /,$i);
if ($password ne $in{password})
Here is my complete revised code:
#!/usr/local/bin/perl
require "cgi-lib.pl";
#process incoming form data
&ReadParse;
#open the database in read-only mode
open(FILE,"pwdata.txt") || die "Can't find database\n";
#store database contents in an array and close file
@indata = <FILE>;
close(FILE);
#remove hard return character from each record
chomp($i);
foreach $i (@indata)
{
#split fields on pipe character
#assign a variable name to each of the fields
($username, $password) = split(/\ | /,$i);
if ($password ne $in{password})
{
#invalid password--create error message and exit
print &PrintHeader;
print <<"PrintTag";
<HTML>
<HEAD>
<TITLE>Error!</TITLE>
</HEAD>
<BODY BGCOLOR="white" TEXT="black">
<H1>Authorization Required</H1>
<BLOCKQUOTE>
You do not have authorization to enter this website. Please click <a
href="http://www.worldwidewebstrategies.com";>here</a> to return to the
WWWS web site.
</BLOCKQUOTE>
<BLOCKQUOTE>
If you feel you have received this message in error, please return to
the login screen and try to enter your username and password again.
</BLOCKQUOTE>
</BODY>
</HTML>
PrintTag
exit(0);
}
#check for blank form fields
if ($in{'username'}eq"" || $in{'password'}eq"")
{ #invalid password--create error message and exit
print &PrintHeader;
print <<"PrintTag";
<HTML>
<HEAD>
<TITLE>Error!</TITLE>
</HEAD>
<BODY BGCOLOR="white" TEXT="black">
<H1>Authorization Required</H1>
<BLOCKQUOTE>
You do not have authorization to enter this website. Please click <a
href="http://www.worldwidewebstrategies.com";>here</a>
to return to the WWWS web site.
</BLOCKQUOTE>
<BLOCKQUOTE>
If you feel you have received this message in error, please return to
the
login screen and try to enter your username and password again.
</BLOCKQUOTE>
</BODY>
</HTML>
PrintTag
exit(0);
}
#everything is okay. Create lock file.
open(LOCK_FILE, ">lock.fil");
#open, append record, and close database
open(FILE,">>pwdata.txt") || die "Can't find database\n";
print FILE
"$in{'username'}|$in{'password'}\n";
close(FILE);
#close lock file
close(LOCK_FILE);
#delete lock file
unlink("lock.fil");
print "Location:http://www.worldwidewebstrategies.com\n\n";;
};
Peter Scott wrote:
>
> At 08:13 PM 1/22/02 -0500, maureen wrote:
>
> >Thanks to everyone in the group who has helped me recently. I appreciate
> >all of your suggestions.
> >
> >I am working with a text file that contains pipe separators, like this:
> >
> >username | password
> >
> >I am trying to load the text file into an array and create two variables
> >$username and $password, without the separator. I'd appreciate any
> >suggestions on what I am doing wrong here.
> >
> >open(FILE,"pwdata.txt") || die "Can't find database\n";
> >@indata = <FILE>;
> >close(FILE);
> >foreach $i (@indata)
> >{
> >#remove hard return character from each record
> >chomp($i);
> >($username,$password) = split(/\|/,$i);
>
> You're not doing anything wrong there:
>
> $ cat > pwdata.txt
> username|password
> $ perl -e 'open FILE,"pwdata.txt";@a=<FILE>;for $i (@a) { chomp
> $i; ($u, $p) = split/\|/,$i ; print "Username = $u, Password = $p\n"}'
> ^D
> Username = username, Password = password
>
> Your following test (below) though is wrong:
>
> if ($password = $i{password})
>
> I have no idea what that's trying to do. I don't see a hash %i in your
> code. And you're doing an assignment in a conditional instead of a
> test. I think you may have meant
>
> if ($password ne $in{password})
>
> However, I have several problems with your approach to an application that
> appears to be authenticating people for a web application:
>
> 1. Passwords stored in plain text. They should be stored as a one-way
> encryption, with, e.g., Digest::MD5.
> 2. Password file accessed without locking. It might be being updated at
> the same time.
> 3. Using cgi-lib.pl instead of CGI.pm.
> 4. Not using strict.
> 5. Not using -w during development.
> 6. Successful authentication simply redirects user to another page, whose
> URL could be discovered by someone who might just go straight there. If
> it's worth protecting then that page should be protected also. Using
> HTTP-Basic authentication may be a better approach.
> 7. Duplication of error message rather than reference the same
> one. Although it looks as though they ought to be two different error
> messages anyway.
>
> >Thanks! Maureen
> >
> >
> >The entire code follows:
> >
> >#!/usr/local/bin/perl
> >require "cgi-lib.pl";
> >#process incoming form data
> >&ReadParse;
> >#open the database in read-only mode
> >open(FILE,"pwdata.txt") || die "Can't find database\n";
> >#store database contents in an array and close file
> >@indata = <FILE>;
> >close(FILE);
> >foreach $i (@indata)
> >{
> >#remove hard return character from each record
> >chomp($i);
> >#split fields on pipe character
> >#assign a variable name to each of the fields
> >($username,$password) = split(/\|/,$i);
> >if ($password = $i{password})
> >{
> >#invalid password--create error message and exit
> >print &PrintHeader;
> >print <<"PrintTag";
> >
> >
> >Authorization Required
> >
> >
> >You do not have authorization to enter this website. Please click
> ><http://www.worldwidewebstrategies.com>here to return to the WWWS web
site.
> >
> >If you feel you have received this message in error, please return to the
> >login screen and try to enter your username and password again.
> >
> >
> >PrintTag
> >exit(0);
> >}
> >#check for blank form fields
> >if ($in{'username'}eq"" || $in{'password'}eq"")
> >{ #invalid password--create error message and exit
> >print &PrintHeader;
> >print <<"PrintTag";
> >
> >
> >Authorization Required
> >
> >
> >You do not have authorization to enter this website. Please click
> ><http://www.worldwidewebstrategies.com>here to return to the WWWS web
site.
> >
> >If you feel you have received this message in error, please return to the
> >login screen and try to enter your username and password again.
> >
> >
> >PrintTag
> >exit(0);
> >}
> >print "Location:http://www.worldwidewebstrategies.com\n\n";;
> >};
> >Thanks
>
> --
> Peter Scott
> Pacific Systems Design Technologies
> http://www.perldebugged.com
--
Be the change you want to see in the World - Mahatma Ghandi
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
