1: When I get a chance I will repost this with the changes suggested by
2: you fine Perl Monks. Remember This is my second perl script
3: attempt. I know I have much to learn. Please keep the feedback coming
4:
5: UPDATE[05/15/2002]: I have begun 'fixing' this code. I realize I still have not
6: incorporated the use of strict; and I still have textual
7: passwords that need to be encrypted. I'm still reading! :)
8:
9: UPDATE[05/16/2002]: I have incorporated crypt() into the code.
10: I also am now using alot of the CGI.pm features.
11: I am having one heck of a time adding strict to this though.
12:
13: UPDATE[05/17/2002]: I have actually gotten strict to work! I had to do a little
14: restructuring but it works! I am going to post a Node in SoPW. See if there
15: is anything else I need to change on this before I call it good code!
16:
17:
18:
19: #!/usr/bin/perl -w
20: # (Put the address to the location of PERL on your system. Find
21: # it with 'which perl')
22: use strict;
23: use CGI qw/:standard/;
24: use CGI::Cookie;
25:
26: # Where are you keeping the graphic that will be used in place of of
27: # The requested graphic (thru ubersecure.cgi?img=Name) if password is not found
28: my $imgfile = "/home/user/www/cgi-bin/ubersecure/secure.gif";
29:
30: # Where you are keeping UberData.txt which holds your KEY|Location
31: my $datafile = "/home/user/www/cgi-bin/ubersecure/uberdata.txt";
32:
33: # Will You need multiple logins or a single login? (1=multiple,0=single)
34: my $multi_in = 1;
35:
36: # This should point to your uberaccess.txt which holds the name|pass information
37: # This is not required for the single user mode
38: my $accessfile = "/home/user/www/cgi-bin/ubersecure/uberaccess.txt";
39:
40: # Password required to login for single user mode.(Default pass is: 1234)
41: # This will also be a valid password for multi user mode.
42: # You MUST encrypt this password, you can use the following tool:
43: # http://www.YourSite.com/cgi-bin/ubersecure/ubersecure.cgi?url=passwd
44: my $pass = "USaH0nvPrucUo";
45:
46: # UserName required to login for single user mode.
47: # This will also be a valid login for multi user mode.
48: my $goodnick = "1234";
49:
50: # Address to this script.
51: my $thisscript = "http://www.YourSite.com/cgi-bin/ubersecure.cgi";
52:
53: #Name of the page that you are logging into.
54: my $pagename = "UberSecure Test Page";
55:
56: #Send mail to YOU when someone logs in?
57: # 1 = On
58: # 0 = Off
59: my $send_mail = 0;
60:
61: #Send mail to YOU when a Keyword / URL isn't found?
62: my $send_mail_badurl = 0;
63:
64: # UNIX path to the mail program on your system.
65: # elm, Mail, etc. If you run into problems, turn mail sending off.
66: my $mail = "/var/qmail/bin/qmail-inject";
67:
68: #Email address to send mail to (your personal e-mail address.)
69: #You MUST put a backslash (\) in front of the 'at' (@) sign in the e-mail
70: # address.
71: my $to_email = "UberDragon13\@hotmail.com";
72:
73: # Do you wish to log logins? (1/0)
74: # LOG file is NOT auto cleared. You will have to edit it by hand. If you
75: # delete it, remember to chmod the new file 644 when you re-make it.
76: my $log = 1;
77:
78: #Ask for an e-mail address? (Will be logged.)
79: my $email = 0;
80:
81: # What is the address to the log file? (Remember to create the file and
82: # to chmod it 644)
83: my $log_file = /home/user/www/cgi-bin/ubersecure/ubersecure.log";
84:
85: # Path to your system's date program for logging.
86: my $date_prog = "/bin/date";
87:
88: # Settings for page colors.
89: my $text = "#000000";
90: my $link = "green";
91: my $vlink = "#663300";
92: my $bgcolor = "#FFFFFF";
93: my $background = "http://www.YourSite.com/graphics/rb-bak6.jpg";
94: my $bgproperties = "fixed";
95: ##########################################################################
96: my $date = `$date_prog '+%D %H:%M:%S'`;
97: my $salt = "US";
98: my %in = &getcgi;
99:
100: if ($in{'url'} eq "passwd") { &passwd; exit; }
101:
102: # Check for presence of Cookie and Parse info into $in
103: if ( (cookie('pass')) && (cookie('name')) ) {
104: $in{'name'} = cookie('name');
105: $in{'pass'} = cookie('pass');
106: }
107:
108: # Check for presence of Access File and Parse info into name and password
109: if ($multi_in == 1) {
110: open (DATA, "<$accessfile") or access_error and exit;
111: while(<DATA>){
112: chomp;
113: my ($acc,$accpass) = split'\|',$_;
114: if ( ($acc eq $in{'name'}) && ($accpass eq $in{'pass'}) ) {
115: $goodnick = $acc;$pass = $accpass;
116: }
117: }
118: close(DATA);
119:
120: }
121: # Check for img link and no password
122: if ( ($in{'img'}) && ($in{'pass'} ne $pass) ) {
123: print header;
124: open(FILE,"$imgfile");
125: while(<FILE>) { print $_; }
126: exit;
127: }
128: # Make sure its a valid login then do commands
129: if ( ($in{'name'} eq $goodnick) && ($in{'pass'} eq $pass) ) {
130: &send_mail;&log_in;
131: my $cookie_set1 = "Set-Cookie: name=$in{'name'}\n";
132: my $cookie_set2 = "Set-Cookie: pass=$in{'pass'}\n";
133: print $cookie_set1;
134: print $cookie_set2;
135: print header;
136: open (DATA, "<$datafile") or &data_error and exit;
137: while(<DATA>){
138: my ($key,$url)=split'\|',$_;
139: if($key eq $in{'url'}){
140: open(FILE,"$url");
141: while(<FILE>) { print $_; }
142: exit;
143: }
144: if($key eq $in{'img'}){
145: open(FILE,"$url");
146: while(<FILE>) { print $_; }
147: exit;
148: }
149:
150: }
151: close(DATA); &key_error; exit;
152: }
153: # Display Page For Login Error Due to bad pass
154: elsif ( ($in{'pass'}) && ($in{'pass'} ne $pass) ) {
155: &print_badlogin;exit;
156: }
157: # Display Page for Login Error Due to Bad Login Name
158: elsif ( ($in{'name'}) && ($in{'name'} ne $goodnick) ) {
159: &print_badlogin;exit;
160: }
161: # Put up page for user to login
162: else {
163: print header;&print_login;exit;
164: }
165: ##########################################################################
166: # If Specified Send Email to Webmaster about UberSecure
167: ##########################################################################
168:
169: sub send_mail {
170: if ( cookie() ) { return 1; }
171: if ($send_mail == 1) {
172: if (-x $mail) {
173: open(MAIL, "|$mail");
174: print MAIL ("To: $to_email\n",
175: "From: UberSecure_v1.1.0\n",
176: "Subject: Login Detected by $in{'name'}\n",
177: "User has logged in to UberSecure v1.1.0\n\n",
178: "$ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'})\n\n",
179: "$date\n",
180: " Name: $in{'name'}\n");
181: if ($email == 1) {
182: print MAIL " E-mail: $in{'email'}\n";
183: }
184: close(MAIL);
185: }
186: }
187: }
188: sub send_mail_badurl {
189: if ($send_mail_badurl == 1) {
190: if (-x $mail) {
191: open(MAIL, "|$mail");
192: print MAIL ("To: $to_email\n",
193: "From: UberSecure_v1.1.0\n",
194: "Subject: Bad URL Key Attempt at $in{'url'}$in{'img'}\n",
195: "$in{'name'} has logged in to UberSecure v1.1.0
196: to access --\> $in{'url'}\n\n",
197: "Unfortunately $in{'url'}$in{'img'} does not exist
198: in your data file.\n\n",
199: "$ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'})\n\n",
200: "$date\n",
201: " Name: $in{'name'}\n");
202: if ($email == 1) {
203: print MAIL " E-mail: $in{'email'}\n";
204: }
205: close(MAIL);
206: }
207: }
208: }
209: ##########################################################################
210: # Display Error Page if The Password is Incorrect
211: ##########################################################################
212:
213: sub print_badlogin {
214: &logerror("Login attempt for $in{'name'} Invalid Attempt");
215: print header;
216: begin_html("Bad Login Information to $pagename");
217:
218: print <<"html";
219: <center>
220: <font size=5>Login Error to: <b>$pagename</b><br><br>
221: </font>
222: Please try your Login again! <a href="$thisscript?url=$in{'url'}">click here!</a>
223: </center>
224: html
225: print end_html;
226: exit;
227: }
228: ##########################################################################
229: # Display Login Page if No Login/Pass In Cookie
230: ##########################################################################
231:
232: sub print_login {
233: begin_html("Login to $pagename");
234: print "<font size=5>Please login to <u>$pagename</u></font>";
235: print start_form(-method=>'post',
236: -action=>"$thisscript?url=$in{'url'}");
237: print textfield(-name=>'name',
238: -size=>25,
239: -maxlength=>25);print " Login Name<BR>";
240: if ($email == 1) {
241: print textfield(-name=>'email',
242: -size=>25,
243: -maxlength=>25);print " Email Address<BR>";
244: }
245: print password_field(-name=>'pass',
246: -size=>25,
247: -maxlength=>25);print " Login Password<BR><BR>";
248:
249: print hidden(-name=>'url',
250: -default=>$in{'url'});
251:
252:
253: print submit(-name=>'Submit',
254: -value=>'Submit');
255:
256: print endform;print end_html;
257: exit;
258: }
259: ##########################################################################
260: # Parse Information sent thru the URL Command line into $in{}
261: ##########################################################################
262:
263: sub getcgi {
264: my $cgi = CGI->new();
265: my %in = %{$cgi->Vars};
266: if ($in{'pass'}){$in{'pass'} = crypt($in{'pass'}, $salt);}
267: return %in;
268: }
269:
270: sub logerror {
271: if (! -e "$log_file") {
272: open(FILE, ">$log_file");
273: print FILE "File START $date\n";
274: close(FILE);
275: }
276: if ($log == 1) {
277: my $error = $_[0];
278: open(FILE, ">>$log_file");
279: print FILE "ERROR: $ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'}) $date";
280: print FILE " Name: $in{'name'}\n";
281: if ($email == 1) {
282: print FILE " E-mail: $in{'email'}\n";
283: }
284: if($in{'url'}){print FILE " Error Msg: $error [?url=$in{'url'}]\n\n";}
285: if($in{'img'}){print FILE " Error Msg: $error [?img=$in{'img'}]\n\n";}
286: close(FILE);
287: }
288: }
289:
290: sub log_in {
291: if ($log == 1) {
292: if (! -e "$log_file") {
293: open(FILE, ">$log_file");
294: print FILE "File START $date\n";
295: close(FILE);
296: }
297: open(FILE, ">>$log_file");
298: print FILE "LOGIN: $ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'}) $date";
299: print FILE " Name: $in{'name'}\n";
300: if ($email == 1) {
301: print FILE " E-mail: $in{'email'}\n";
302: }
303: if($in{'url'}){print FILE " Command: ?url=$in{'url'}\n\n";}
304: if($in{'img'}){print FILE " Command: ?img=$in{'img'}\n\n";}
305: close(FILE);
306: }
307: }
308:
309: ##########################################################################
310: # Display Error Page if Specified Key is not in Data File
311: ##########################################################################
312: sub key_error {
313: &send_mail_badurl;&logerror("Specified Key Not Found");
314: my $show;
315: if($in{'img'}){$show = $in{'img'}};
316: if($in{'url'}){$show = $in{'url'}};
317: begin_html("Error - Specified Key Not Found");
318:
319: print <<"EOF";
320: <p><font size="+5"><b><font face="Geneva, Arial, Helvetica, san-serif">
321: ERROR 404</font></b></font></p><p><font face="Verdana, Arial, Helvetica,
322: sans-serif" size="4">URL Location Not Found - <b>$show</b></font></p>
323: <p>Email the <a href="mailto:$to_email">WebMaster</A> and let them know!</p>
324: <p> </p>
325: <p> </p>
326: <p> </p>
327: <p><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">
328: UberSecure v1.3.0 by <a href="
329: mailto:UberDragon13\@Yahoo.com?subject=UberSecure%20v1.3.0%20-%20$thisscript">
330: UberDragon13\@Yahoo.com</a></font></p>
331: EOF
332: print end_html;
333: exit;
334: }
335: ##########################################################################
336: # Display Error Page if Data File is Missing
337: ##########################################################################
338:
339: sub data_error {
340: &logerror("Missing Data File at $datafile");
341: begin_html("Error - Missing Data File");
342: print <<"EOF";
343: <p><font size="+5"><b><font face="Geneva, Arial, Helvetica, san-serif">
344: ERROR 404</font></b></font></p><p><font face="Verdana, Arial, Helvetica,
345: sans-serif" size="4">DataFile Not Found - <b>$datafile</b></font></p>
346: <p>Check your configuration in UberSecure.cgi and verify the file exists
347: where the path says it does.</p>
348: <p> </p>
349: <p> </p>
350: <p> </p>
351: <p><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">
352: UberSecure v1.3.0 by <a href="
353: mailto:UberDragon13\@Yahoo.com?subject=UberSecure%20v1.3.0%20-%20$thisscript">
354: UberDragon13\@Yahoo.com</a></font></p>
355: EOF
356: print end_html;
357: exit;
358: }
359: ##########################################################################
360: # Display Error Page if Access File is Missing
361: ##########################################################################
362:
363: sub access_error {
364: &logerror("Missing Access file at $accessfile");
365: print header;
366: begin_html("Error - Missing Access List File");
367: print <<"EOF";
368: <p><font size="+5"><b><font face="Geneva, Arial, Helvetica, san-serif">
369: ERROR 404</font></b></font></p><p><font face="Verdana, Arial, Helvetica,
370: sans-serif" size="4">AccessFile Not Found - <b>$accessfile</b></font></p>
371: <p>Check your configuration in UberSecure.cgi and verify the file exists
372: where the path says it does.</p>
373: <p> </p>
374: <p> </p>
375: <p> </p>
376: <p><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">
377: UberSecure v1.3.0 by <a href="
378: mailto:UberDragon13\@Yahoo.com?subject=UberSecure%20v1.3.0%20-%20$thisscript">
379: UberDragon13\@Yahoo.com</a></font></p>
380: EOF
381: print end_html;
382: exit;
383: }
384: ##########################################################################
385: # Begin the HTML Document
386: ##########################################################################
387: sub begin_html {
388: print start_html( -title=>$_[0],
389: -meta=>{'author'=>'UberSecure HTML Generator',
390: 'copyright'=>'copyright 2002 UberSecure'},
391: -BGPROPERTIES=>$bgproperties,
392: -BACKGROUND=>$background,
393: -BGCOLOR=>$bgcolor,
394: -TEXT=>$text,
395: -LINK=>$link,
396: -VLINK=>$vlink,
397: -ALIGN=>'center',);
398: }
399: ##########################################################################
400: # Subroutine to help admin encrypt the user file password data
401: ##########################################################################
402: sub passwd {
403: if ($in{'htname'}) {
404: if ($in{'htpass'} ne $in{'htpass2'}) {
405: print header;
406: begin_html('Password Mismatch');
407: print <<"EOF";
408: The two passwords you entered DO NOT match!<BR><BR>
409: <a href="$thisscript?url=passwd">Click Here</a> To try again.
410: EOF
411: print end_html;
412: exit;
413: }
414: elsif(($in{'htname'}) && ($in{'htpass'})) {
415: print header;
416: begin_html('Encrypted Results');
417: my $htpass = crypt($in{'htpass'}, $salt);
418: print <<"EOF";
419: Simply Copy/Paste the Encrypted Line to your uberaccess.txt<BR><BR>
420: Please NOTE There is no known way to decrypt() this Password!<BR>
421: Make sure your User remembers his/her password.<BR><BR>
422: Encrypted Access line for <code>User[<u>$in{'htname'}</u>]</code>
423: with the <code>password[<u>$in{'htpass'}</u>]</code> is:<BR><BR>
424: <h1>$in{'htname'}|$htpass</h1>
425: EOF
426: print end_html;
427: exit;
428: }
429: }
430: print header;
431: begin_html('Get Encrypted Password');
432: print "Fill out this form to produce the encrypted
433: password line in your uberaccess.txt<BR>Note: Login Names and
434: Passwords are <u>case sensitive</u>!";
435:
436: print start_form(-method=>'post',
437: -action=>"$thisscript?url=passwd");
438:
439: print textfield(-name=>'htname',
440: -size=>25,
441: -maxlength=>25),
442: " Enter Login Name<BR><BR>";
443:
444: print password_field(-name=>'htpass',
445: -size=>25,
446: -maxlength=>25),
447: " Enter Desired Password<BR><BR>";
448:
449: print password_field(-name=>'htpass2',
450: -size=>25,
451: -maxlength=>25),
452: " RE-Enter Desired Password<BR><BR>";
453:
454: print hidden(-name=>'url',
455: -default=>'passwd');
456:
457:
458: print submit(-name=>'Get Encrypted Line',
459: -value=>'Get Encrypted Line');
460:
461: print endform, end_html;
462: exit;
463:
464: }
465:
466: ##########################################################################
467: # End of Program
468: ##########################################################################
469:
Back to
Craft