#!/usr/bin/perl #----------------------------------- use CGI::Carp "fatalsToBrowser"; use strict; print "Content-type: text/html\n\n"; print "Testing
"; #First, lets pretend user has signed #up and is using the following username #and password #---------- my $username = "monkey"; my $password = "platform"; #They're stored in a file... #---------- print qq| Signing Up

Stored in File:

|; #Now lets pretend the User is logging #in to their account. Validate that #the username and password they enter is #the same as that in the file. If it is, #then create a special validating code so #that it can be stored in a cookie and compared #back to the account when required. #---------- my $code; my $string = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; RandomString($string); for (my $i = 0; $i < length($password); $i++) { my $pos = index($string,substr($password,$i,1)); $code .= "$pos,"; } #All done, store the $code in the account file #along with the username and password and write #a cookie storing the username and $string in it #---------- print qq| After First Login:

Stored in File:

Stored in Cookie
$username & $string

|; #Now, nobody can see the password from the cookie #and each time the User logs in, it will create a brand #new code and string for the cookie. #Validating what's in the cookie against the User #account. Pretend we've opened the User Account and #have accessed the cookie. #---------- my @DECRYPT = split('[,]',$code); my $cookiepassword; foreach(@DECRYPT){ $cookiepassword .= substr($string,$_,1); } #If $cookiepassword = $password on account then #all is ok! print qq| Validating Cookie against Account

|; print ""; ########## sub RandomString { ########## my ($tmp,$y); my $len = length($_[0]); for(my $i = 0; $i < $len; $i++){ $y = $i + rand($len-$i); $tmp = substr($_[0],$i,1); substr($_[0],$i,1) = substr($_[0],$y,1); substr($_[0],$y,1) = $tmp; } return $_[0]; } #End of Script #----------------------