When I get a chance I will repost this with the changes suggested by you fine Perl Monks. Remember This is my second perl script attempt. I know I have much to learn. Please keep the feedback coming UPDATE[05/15/2002]: I have begun 'fixing' this code. I realize I still have not incorporated the use of strict; and I still have textual passwords that need to be encrypted. I'm still reading! :) UPDATE[05/16/2002]: I have incorporated crypt() into the code. I also am now using alot of the CGI.pm features. I am having one heck of a time adding strict to this though. UPDATE[05/17/2002]: I have actually gotten strict to work! I had to do a little restructuring but it works! I am going to post a Node in SoPW. See if there is anything else I need to change on this before I call it good code! #!/usr/bin/perl -w # (Put the address to the location of PERL on your system. Find # it with 'which perl') use strict; use CGI qw/:standard/; use CGI::Cookie; # Where are you keeping the graphic that will be used in place of of # The requested graphic (thru ubersecure.cgi?img=Name) if password is not found my $imgfile = "/home/user/www/cgi-bin/ubersecure/secure.gif"; # Where you are keeping UberData.txt which holds your KEY|Location my $datafile = "/home/user/www/cgi-bin/ubersecure/uberdata.txt"; # Will You need multiple logins or a single login? (1=multiple,0=single) my $multi_in = 1; # This should point to your uberaccess.txt which holds the name|pass information # This is not required for the single user mode my $accessfile = "/home/user/www/cgi-bin/ubersecure/uberaccess.txt"; # Password required to login for single user mode.(Default pass is: 1234) # This will also be a valid password for multi user mode. # You MUST encrypt this password, you can use the following tool: # http://www.YourSite.com/cgi-bin/ubersecure/ubersecure.cgi?url=passwd my $pass = "USaH0nvPrucUo"; # UserName required to login for single user mode. # This will also be a valid login for multi user mode. my $goodnick = "1234"; # Address to this script. my $thisscript = "http://www.YourSite.com/cgi-bin/ubersecure.cgi"; #Name of the page that you are logging into. my $pagename = "UberSecure Test Page"; #Send mail to YOU when someone logs in? # 1 = On # 0 = Off my $send_mail = 0; #Send mail to YOU when a Keyword / URL isn't found? my $send_mail_badurl = 0; # UNIX path to the mail program on your system. # elm, Mail, etc. If you run into problems, turn mail sending off. my $mail = "/var/qmail/bin/qmail-inject"; #Email address to send mail to (your personal e-mail address.) #You MUST put a backslash (\) in front of the 'at' (@) sign in the e-mail # address. my $to_email = "UberDragon13\@hotmail.com"; # Do you wish to log logins? (1/0) # LOG file is NOT auto cleared. You will have to edit it by hand. If you # delete it, remember to chmod the new file 644 when you re-make it. my $log = 1; #Ask for an e-mail address? (Will be logged.) my $email = 0; # What is the address to the log file? (Remember to create the file and # to chmod it 644) my $log_file = /home/user/www/cgi-bin/ubersecure/ubersecure.log"; # Path to your system's date program for logging. my $date_prog = "/bin/date"; # Settings for page colors. my $text = "#000000"; my $link = "green"; my $vlink = "#663300"; my $bgcolor = "#FFFFFF"; my $background = "http://www.YourSite.com/graphics/rb-bak6.jpg"; my $bgproperties = "fixed"; ########################################################################## my $date = `$date_prog '+%D %H:%M:%S'`; my $salt = "US"; my %in = &getcgi; if ($in{'url'} eq "passwd") { &passwd; exit; } # Check for presence of Cookie and Parse info into $in if ( (cookie('pass')) && (cookie('name')) ) { $in{'name'} = cookie('name'); $in{'pass'} = cookie('pass'); } # Check for presence of Access File and Parse info into name and password if ($multi_in == 1) { open (DATA, "<$accessfile") or access_error and exit; while(){ chomp; my ($acc,$accpass) = split'\|',$_; if ( ($acc eq $in{'name'}) && ($accpass eq $in{'pass'}) ) { $goodnick = $acc;$pass = $accpass; } } close(DATA); } # Check for img link and no password if ( ($in{'img'}) && ($in{'pass'} ne $pass) ) { print header; open(FILE,"$imgfile"); while() { print $_; } exit; } # Make sure its a valid login then do commands if ( ($in{'name'} eq $goodnick) && ($in{'pass'} eq $pass) ) { &send_mail;&log_in; my $cookie_set1 = "Set-Cookie: name=$in{'name'}\n"; my $cookie_set2 = "Set-Cookie: pass=$in{'pass'}\n"; print $cookie_set1; print $cookie_set2; print header; open (DATA, "<$datafile") or &data_error and exit; while(){ my ($key,$url)=split'\|',$_; if($key eq $in{'url'}){ open(FILE,"$url"); while() { print $_; } exit; } if($key eq $in{'img'}){ open(FILE,"$url"); while() { print $_; } exit; } } close(DATA); &key_error; exit; } # Display Page For Login Error Due to bad pass elsif ( ($in{'pass'}) && ($in{'pass'} ne $pass) ) { &print_badlogin;exit; } # Display Page for Login Error Due to Bad Login Name elsif ( ($in{'name'}) && ($in{'name'} ne $goodnick) ) { &print_badlogin;exit; } # Put up page for user to login else { print header;&print_login;exit; } ########################################################################## # If Specified Send Email to Webmaster about UberSecure ########################################################################## sub send_mail { if ( cookie() ) { return 1; } if ($send_mail == 1) { if (-x $mail) { open(MAIL, "|$mail"); print MAIL ("To: $to_email\n", "From: UberSecure_v1.1.0\n", "Subject: Login Detected by $in{'name'}\n", "User has logged in to UberSecure v1.1.0\n\n", "$ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'})\n\n", "$date\n", " Name: $in{'name'}\n"); if ($email == 1) { print MAIL " E-mail: $in{'email'}\n"; } close(MAIL); } } } sub send_mail_badurl { if ($send_mail_badurl == 1) { if (-x $mail) { open(MAIL, "|$mail"); print MAIL ("To: $to_email\n", "From: UberSecure_v1.1.0\n", "Subject: Bad URL Key Attempt at $in{'url'}$in{'img'}\n", "$in{'name'} has logged in to UberSecure v1.1.0 to access --\> $in{'url'}\n\n", "Unfortunately $in{'url'}$in{'img'} does not exist in your data file.\n\n", "$ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'})\n\n", "$date\n", " Name: $in{'name'}\n"); if ($email == 1) { print MAIL " E-mail: $in{'email'}\n"; } close(MAIL); } } } ########################################################################## # Display Error Page if The Password is Incorrect ########################################################################## sub print_badlogin { &logerror("Login attempt for $in{'name'} Invalid Attempt"); print header; begin_html("Bad Login Information to $pagename"); print <<"html";
Login Error to: $pagename

 Please try your Login again! click here!
html print end_html; exit; } ########################################################################## # Display Login Page if No Login/Pass In Cookie ########################################################################## sub print_login { begin_html("Login to $pagename"); print "Please login to $pagename"; print start_form(-method=>'post', -action=>"$thisscript?url=$in{'url'}"); print textfield(-name=>'name', -size=>25, -maxlength=>25);print " Login Name
"; if ($email == 1) { print textfield(-name=>'email', -size=>25, -maxlength=>25);print " Email Address
"; } print password_field(-name=>'pass', -size=>25, -maxlength=>25);print " Login Password

"; print hidden(-name=>'url', -default=>$in{'url'}); print submit(-name=>'Submit', -value=>'Submit'); print endform;print end_html; exit; } ########################################################################## # Parse Information sent thru the URL Command line into $in{} ########################################################################## sub getcgi { my $cgi = CGI->new(); my %in = %{$cgi->Vars}; if ($in{'pass'}){$in{'pass'} = crypt($in{'pass'}, $salt);} return %in; } sub logerror { if (! -e "$log_file") { open(FILE, ">$log_file"); print FILE "File START $date\n"; close(FILE); } if ($log == 1) { my $error = $_[0]; open(FILE, ">>$log_file"); print FILE "ERROR: $ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'}) $date"; print FILE " Name: $in{'name'}\n"; if ($email == 1) { print FILE " E-mail: $in{'email'}\n"; } if($in{'url'}){print FILE " Error Msg: $error [?url=$in{'url'}]\n\n";} if($in{'img'}){print FILE " Error Msg: $error [?img=$in{'img'}]\n\n";} close(FILE); } } sub log_in { if ($log == 1) { if (! -e "$log_file") { open(FILE, ">$log_file"); print FILE "File START $date\n"; close(FILE); } open(FILE, ">>$log_file"); print FILE "LOGIN: $ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'}) $date"; print FILE " Name: $in{'name'}\n"; if ($email == 1) { print FILE " E-mail: $in{'email'}\n"; } if($in{'url'}){print FILE " Command: ?url=$in{'url'}\n\n";} if($in{'img'}){print FILE " Command: ?img=$in{'img'}\n\n";} close(FILE); } } ########################################################################## # Display Error Page if Specified Key is not in Data File ########################################################################## sub key_error { &send_mail_badurl;&logerror("Specified Key Not Found"); my $show; if($in{'img'}){$show = $in{'img'}}; if($in{'url'}){$show = $in{'url'}}; begin_html("Error - Specified Key Not Found"); print <<"EOF";

ERROR 404

URL Location Not Found - $show

Email the WebMaster and let them know!

 

 

 

UberSecure v1.3.0 by UberDragon13\@Yahoo.com

EOF print end_html; exit; } ########################################################################## # Display Error Page if Data File is Missing ########################################################################## sub data_error { &logerror("Missing Data File at $datafile"); begin_html("Error - Missing Data File"); print <<"EOF";

ERROR 404

DataFile Not Found - $datafile

Check your configuration in UberSecure.cgi and verify the file exists where the path says it does.

 

 

 

UberSecure v1.3.0 by UberDragon13\@Yahoo.com

EOF print end_html; exit; } ########################################################################## # Display Error Page if Access File is Missing ########################################################################## sub access_error { &logerror("Missing Access file at $accessfile"); print header; begin_html("Error - Missing Access List File"); print <<"EOF";

ERROR 404

AccessFile Not Found - $accessfile

Check your configuration in UberSecure.cgi and verify the file exists where the path says it does.

 

 

 

UberSecure v1.3.0 by UberDragon13\@Yahoo.com

EOF print end_html; exit; } ########################################################################## # Begin the HTML Document ########################################################################## sub begin_html { print start_html( -title=>$_[0], -meta=>{'author'=>'UberSecure HTML Generator', 'copyright'=>'copyright 2002 UberSecure'}, -BGPROPERTIES=>$bgproperties, -BACKGROUND=>$background, -BGCOLOR=>$bgcolor, -TEXT=>$text, -LINK=>$link, -VLINK=>$vlink, -ALIGN=>'center',); } ########################################################################## # Subroutine to help admin encrypt the user file password data ########################################################################## sub passwd { if ($in{'htname'}) { if ($in{'htpass'} ne $in{'htpass2'}) { print header; begin_html('Password Mismatch'); print <<"EOF"; The two passwords you entered DO NOT match!

Click Here To try again. EOF print end_html; exit; } elsif(($in{'htname'}) && ($in{'htpass'})) { print header; begin_html('Encrypted Results'); my $htpass = crypt($in{'htpass'}, $salt); print <<"EOF"; Simply Copy/Paste the Encrypted Line to your uberaccess.txt

Please NOTE There is no known way to decrypt() this Password!
Make sure your User remembers his/her password.

Encrypted Access line for User[$in{'htname'}] with the password[$in{'htpass'}] is:

$in{'htname'}|$htpass

EOF print end_html; exit; } } print header; begin_html('Get Encrypted Password'); print "Fill out this form to produce the encrypted password line in your uberaccess.txt
Note: Login Names and Passwords are case sensitive!"; print start_form(-method=>'post', -action=>"$thisscript?url=passwd"); print textfield(-name=>'htname', -size=>25, -maxlength=>25), " Enter Login Name

"; print password_field(-name=>'htpass', -size=>25, -maxlength=>25), " Enter Desired Password

"; print password_field(-name=>'htpass2', -size=>25, -maxlength=>25), " RE-Enter Desired Password

"; print hidden(-name=>'url', -default=>'passwd'); print submit(-name=>'Get Encrypted Line', -value=>'Get Encrypted Line'); print endform, end_html; exit; } ########################################################################## # End of Program ##########################################################################