kiz has asked for the wisdom of the Perl Monks concerning the following question:

I'm trying to work out how to set up a system for web-based user self-registration (and self-maintenance) for a system we may impliment soon-ish.

The cgi for filling in forms and updating databases is all fairly straight forward...

One thing I want to do is something inspired by what mailing lists do:
When a user forgets their password, they can supply their email address and ask for a new password. What I'd like to do is to email the user with a message that says "reply to this to get a new password sent to you" - thus avoiding the id-10T who thinks it's fun to fill-in a random email address and get their password changed on them.

Thus, I want to read a message that comes in, probably identified by some random "session-id"-string in the subject-line, and then generate a new password for the user - which I email back to them.

I'm not really able to have the main mail-server configuration changed (it's for the whole Uni, after all :), so I'm really stuck to digging through a mailbox.

I'm happy to code up a bunch of packages etc to do all the creating, posting, updating, etc that is needed... however does anyone have any thoughts on how to logically match a reply with an action? (and I'd try to set up a solution that can be expanded to doing actions other than just changing the password :)

ta...



-- Ian Stuart
A man depriving some poor village, somewhere, of a first-class idiot.
  • Comment on mail-based interface for database manipulation..?

Replies are listed 'Best First'.
Re: mail-based interface for database manipulation..?
by tachyon (Chancellor) on Feb 06, 2003 at 12:32 UTC

    Why do you need/want to change the password? Just keep the (encrypted) passwords in the DB linked to the sign up email address and username. If a user forgets their password you simply decrypt the password in the DB (Crypt::Blowfish and Crypt::CBC are all you need) and then email it back to the registered email address. If someone 'guesses' a username or registered email address (whatever you decide validates the user - either seems logical) it does not matter as the password simply goes back to the registered email address, not the guesser's email address. KISS

    cheers

    tachyon

    s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

[reply]
Re: mail-based interface for database manipulation..?
by perrin (Chancellor) on Feb 06, 2003 at 16:37 UTC
    The standard answer these days for mail processing is Mail::Audit. You can grab all the mail that comes to a certain address and feed it to Mail::Audit. There are also modules for parsing raw mail messages. Shouldn't be very hard.

    As far as how to authenticate the messages, just use the same approach that people use for web session cookies, i.e. send a MAC using one of the Digest:: modules.

[reply]
Re: mail-based interface for database manipulation..?
by cees (Curate) on Feb 06, 2003 at 16:29 UTC

    This is not really a question of 'How would I do this with Perl?', but 'How do I get the returned email message to my Perl program?'

    This is completely dependant on the mail server that your Uni is using. If they are using Qmail, then you need to create a .qmail file in your homedirectory. For sendmail it would be a .forward file. If you have access to procmail, then you could use a procmail filter to do this as well.

    Since I am familiar with Qmail, I'll give an example of how to use a .qmail file to execute an external program.

    |/usr/local/bin/yourprogram.pl
./Maildir/

    [download]

    When a message comes in, it will spawn your program and send the message on STDIN. You can parse it and do what you like. If you exit with code 99 then qmail will not execute any more statements in the .qmail file. If you exit normally, qmail will continue delivery, and in this case deliver the message in the local Maidir directory.

    This is exactly how Qmail's ezmlm mailing list manager handles answering incoming email messages. Similar things can be done with sendmail's .forward file format, but you will have to look it up in the man page yourself :)

    Once you have the message in your perl program things become easy. I would look at the MIME-tools package which contains the MIME::Parser and MIME::Entity modules which are very handy for parsing and sending MIME compliant email messages. Don't try to parse the message yourself, let these modules do the gruntwork for you.

[reply]
[d/l]

Back to Seekers of Perl Wisdom