Hi Matt,
Thanks for the help, I gave your code a go, but it didnt work out I am
afraid. I kept getting failed logins.
I placed the:
if($passcorrect == 0){
$homedir = $ENV{DOCUMENT_ROOT} . '../users/'.$username;
if(-d $homedir){
$passcorrect = 0;
# home dir exists
}else{
$passcorect =1;
# home dir not exist
}
}
directly above the last "exit $passcorrect;" statement.
I changed the passcorrect 0 and 1 around and it obviously worked, which
means that so long as info held within the $homedir did not match then it
allowed access, so I think it means their was a problem with the
$ENV{DOCUMENT_ROOT} . '../users/'.$username; part. I tried different
combinations of just ../, ../../ etc
Thinking about this, isnt the neomail - webmail folder a reference as
opposed to a physical folder to go in and out off?
Anyone got any ideas....
Ian
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Matthew
Nuzum
Sent: 15 March 2002 20:43
To: [EMAIL PROTECTED]
Subject: Re: [cobalt-developers] Neomail domains?
Here is a possible solution to the problem of user's logging into webmail
using the wrong domain.
I've been looking through the neomail sources, and honestly, I have a hard
time making sense of it. This is probably because I don't use perl for the
web. However I have some code at the bottom of this message for someone to
try out.
Because the Cobalt Raq servers are so standardized, we can make some
assumptions about the configuration. For example, the location of certain
files, etc.
The cgi variable, DOCUMENT_ROOT should always point to the path of the
current virtual domain's document root. For example, the primary site on
the raq should say:
DOCUMENT_ROOT --> /home/sites/home/web
That means that if a user wants to log in, and their user name is $USER, we
should be able to check if the folder $DOCUMENT_ROOT/../users/$USER exists
before we check to see if their password is correct. We could do it
afterwards, that part doesn't really matter. Which ever is more resource
intensive should be done last.
So what we're doing is creating two tests that the user must pass to login.
Pass only one, and you're out. Pass both and you're in.
So here is my attempt to help. First, I'll include the original text of
checklogin.pl:
#!/usr/bin/perl -T
my ($username, $password, $usr, $pswd, $passwdfile);
my $passcorrect = 0; # default to correct, set incorrect when determined
my $line;
chomp($passwdfile = <STDIN>);
chomp($username = <STDIN>);
chomp($password = <STDIN>);
if ( $passwdfile && $username && $password ) {
open (PASSWD, $passwdfile) or exit 1;
while (defined($line = <PASSWD>)) {
chomp($line);
($usr,$pswd) = (split(/:/, $line))[0,1];
last if ($usr eq $username); # We've found the user in /etc/passwd
}
close (PASSWD);
if (($usr ne $username) or (crypt($password, $pswd) ne $pswd)) {
$passcorrect = 1; # User/Pass combo is WRONG!
}
} else {
$passcorrect = 1;
}
exit $passcorrect;
-------<END>------
$passcorrect is set to 0 by default, and 0 indicates a successful login. The
variables $username contains the username entered by the user (vs. $usr
which is the username as specified by the /etc/passwd file). So, we can
build a path for the user's supposed home directory with the command:
$homedir = $ENV{DOCUMENT_ROOT} . '../users/'.$username;
Then, I **think** we can check to see if that directory exists by using the
following:
if(-d $homedir){
$passcorrect = 0;
# home dir exists
}else{
$passcorect =1;
# home dir not exist
}
SO, to bring it all together, we might end up with something like this at
the end of the file:
if($passcorrect == 0){
$homedir = $ENV{DOCUMENT_ROOT} . '../users/'.$username;
if(-d $homedir){
$passcorrect = 0;
# home dir exists
}else{
$passcorect =1;
# home dir not exist
}
}
exit $passcorrect;
Now, keep in mind that most of this code came out of my Learning Perl book
dated August 1994, so it may be somewhat outdated. (they haven't changed
that much since perl 4, right?)
Maybe this will help, maybe not. Let me know if it works and I'll post it
on my website.
Matt
_______________________________________________
cobalt-developers mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-developers
_______________________________________________
cobalt-developers mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-developers
