Here is a possible solution to the problem of user's logging into webmail
using the wrong domain.
I've been looking through the neomail sources, and honestly, I have a hard
time making sense of it. This is probably because I don't use perl for the
web. However I have some code at the bottom of this message for someone to
try out.
Because the Cobalt Raq servers are so standardized, we can make some
assumptions about the configuration. For example, the location of certain
files, etc.
The cgi variable, DOCUMENT_ROOT should always point to the path of the
current virtual domain's document root. For example, the primary site on
the raq should say:
DOCUMENT_ROOT --> /home/sites/home/web
That means that if a user wants to log in, and their user name is $USER, we
should be able to check if the folder $DOCUMENT_ROOT/../users/$USER exists
before we check to see if their password is correct. We could do it
afterwards, that part doesn't really matter. Which ever is more resource
intensive should be done last.
So what we're doing is creating two tests that the user must pass to login.
Pass only one, and you're out. Pass both and you're in.
So here is my attempt to help. First, I'll include the original text of
checklogin.pl:
#!/usr/bin/perl -T
my ($username, $password, $usr, $pswd, $passwdfile);
my $passcorrect = 0; # default to correct, set incorrect when determined
my $line;
chomp($passwdfile = <STDIN>);
chomp($username = <STDIN>);
chomp($password = <STDIN>);
if ( $passwdfile && $username && $password ) {
open (PASSWD, $passwdfile) or exit 1;
while (defined($line = <PASSWD>)) {
chomp($line);
($usr,$pswd) = (split(/:/, $line))[0,1];
last if ($usr eq $username); # We've found the user in /etc/passwd
}
close (PASSWD);
if (($usr ne $username) or (crypt($password, $pswd) ne $pswd)) {
$passcorrect = 1; # User/Pass combo is WRONG!
}
} else {
$passcorrect = 1;
}
exit $passcorrect;
-------<END>------
$passcorrect is set to 0 by default, and 0 indicates a successful login. The
variables $username contains the username entered by the user (vs. $usr
which is the username as specified by the /etc/passwd file). So, we can
build a path for the user's supposed home directory with the command:
$homedir = $ENV{DOCUMENT_ROOT} . '../users/'.$username;
Then, I **think** we can check to see if that directory exists by using the
following:
if(-d $homedir){
$passcorrect = 0;
# home dir exists
}else{
$passcorect =1;
# home dir not exist
}
SO, to bring it all together, we might end up with something like this at
the end of the file:
if($passcorrect == 0){
$homedir = $ENV{DOCUMENT_ROOT} . '../users/'.$username;
if(-d $homedir){
$passcorrect = 0;
# home dir exists
}else{
$passcorect =1;
# home dir not exist
}
}
exit $passcorrect;
Now, keep in mind that most of this code came out of my Learning Perl book
dated August 1994, so it may be somewhat outdated. (they haven't changed
that much since perl 4, right?)
Maybe this will help, maybe not. Let me know if it works and I'll post it
on my website.
Matt
_______________________________________________
cobalt-developers mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-developers
