[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: perl script & password auth.

To: lug-l@xxxxxxx
Subject: Re: perl script & password auth.
From: "Barry J. Dmytro" <dmytro@xxxxxxxxxxxxxxxx>
Date: Thu, 27 Jun 2002 12:33:39 -0500

They way I did it (in php mind you) is that I placed the encrypted password
in a conf file so that even if the kiddies found a way to look at the source
there is no way in hell the're going to decrypt that password.  In php you
just call md5($password) and it returns you an encrypted password.  That part
of the script looks something like this:

if($password && $username)
{
   /* code to grab username & encryped $password from file */
   if($encryped_password == md5($password)
   {
      /* log the user in */
   }
   else
   {
      /* print login form */
   }
}
else
{
   /* print the login form */
}

If you want to go all out, use SSL, then none of the middle men can get the
password either.

Adam Shirey [26/06/02 18:15 -0500]:
> Even though you're using .htaccess, this is still doable.
> 
> It's actually pretty easy. What I'd do is something like the following:
> 
> # all of your initial CGI junk
> 
> if ($INPUT->{submit}eq "Login"){
>     if ($INPUT->{password} eq "YOUR PASSWORD HERE")
> 
>         # execute your program
>     } else {
>         print "you're not authorized to execute this script.";
>         exit(0);
>     }
> } else {
>     # print a form that asks for a password. something like the following:
>     print <<EOF;
>     <form method="post" action="myfile.cgi">
>     Enter the password:<input type="password" name="password"><br>
>     <input type="submit" name="submit" value="Login">
>     </form>
>     EOF
> 
> } # end else
> 
> this way, when someone goes to your file, it sees there's no "submit" key in
> the INPUT hash, so it just prints out a form. then when you login, it checks
> your pass (you can also implement a username, too), and compares it to your
> password in the program. if it's good, it executes your script.
> 
> that's basically what i did with my chat room, only it's got very little
> hardcoding. conf files own :)
> 
> (shameless plug: http://www.daily-bull.com/chat/ )
> 
> 
> -Adam
> 
> ----- Original Message -----
> From: "Andy Zobro" <ajzobro@xxxxxxx>
> To: <lug-l@xxxxxxx>
> Sent: Tuesday, June 25, 2002 6:49 PM
> Subject: perl script & password auth.
> 
> 
> >
> > I have written a perl script that I would like only authorized persons to
> > be able to execute through a cgi interface.  Has anyone done anything like
> > this? if so, what do I need to do in order to accomplish this feat.
> >
> > - AZ
> >

-- 
/-------------------------------------------------\
|Barry J Dmytro............dmytro@xxxxxxxxxxxxxxxx|
|badcherry................http://www.badcherry.org|
|job5_20.........................job5_20@xxxxxxxxx|
|jobbd.....................................AIM UID|
|job5_20...........................Yahoo Messenger|
|94626793...................................ICQ ID|
|job5_20@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ID|
|-------------------------------------------------|
|The primary purpose of the DATA statement is to .|
|give names to constants; instead of referring to.|
|pi as 3.141592653589793 at every appearance, the.|
|variable PI can be given that value with a DATA .|
|statement and used instead of the longer form of.|
|the constant. This also simplifies modifying the.|
|program, should the value of pi change...........|
|..............FORTRAN manual for Xerox Computers.|
\-------------------------------------------------/

References:
- perl script & password auth.
  - From: Andy Zobro
- Re: perl script & password auth.
  - From: Adam Shirey

Prev by Date: Re: perl script & password auth.
Next by Date: dotgnu
Previous by thread: Re: perl script & password auth.
Next by thread: gimp script-fu
Index(es):
- Date
- Thread