Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

hi ,i'm doing a project for an online registration form in which i'm asking for username and password.the program somewhat goes like this.. 
#! /usr/bin/perl
print"Content-Type:text/html\n\n";

read (STDIN,$buffer,$ENV{'CONTENT_LENGTH'});#as i'm using the #post me
+thod in my form
@pairs=split(/&/,$buffer);
foreach $pair(@pairs) {
($name,$value) = split(/=/,$pair);
$value =~ tr/+/ /;
$value=~s/%[a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
$FORM{$name}=$value;
}
#more part of program
#checking password
if ($FORM{'password'}=~ /^\w+$/){sucess();}else{error();}

[download]
now u know this condition will only allow letters digits and underscore as valid password but my problem is:WHAT SHOULD I ADD IN IT IF I WANT THE VALID PASSWORD TO B ATLEAST 5CHARACTERS LONG.

my other problem is that i can give the login only if there exists alinux account with the same username.since i'm working in a unix enviornment so i'm simply using the YPCAT command as follows 

if (ypcat passwd |grep $FORM('username'}){check();}else {error();}

[download]
now this usually works by giving the name of a user directly but here using it indirectly it is giving me error:"not enough arguments for grep at ....near})" how can i get around this errorif ii HAVE TOuse this ypcat thanks

update (broquaint): title change (was problem of a beginner)

Replies are listed 'Best First'.
Re: Parsing and verifying login for a CGI form
by Abigail-II (Bishop) on Jul 09, 2003 at 07:11 UTC
    You are probably better off using CGI.pm instead of rolling your own parsing of arguments.

    As for checking the password, are you sure you want to reject passwords containing a non-alphanum? Usually you try to enforce hard to guess passwords, your check is promoting easy to guess passwords. Anyway, to enforce a minimum length of 5, replace the + in your regex with {5,}.

    As for the line with grep and ypcat, what makes you think that that is valid Perl? And why do you "have to" use ypcat? Anyway, I suggest that you lookup the syntax of grep - then it should become much clearer.

    BTW, was this a homework problem?

    Abigail

[reply]
Re: Parsing and verifying login for a CGI form
by antirice (Priest) on Jul 09, 2003 at 07:13 UTC

    Hello again. Once again, nice to see the progress since your last post. Take a look at this post for some helpful hints.

    You have to use ypcat? Why not just use getpwnam, extract the password hash and use crypt with the password hash as the salt? If the return from crypt is the same as the hash, then the password is correct for that account.

    antirice    
    The first rule of Perl club is - use Perl
    The     ith rule of Perl club is - follow rule i - 1 for i > 1

[reply]
      HIIIIIII,,and thanx for helping me..but their appears to be some confusion in the case of this linux account checking.i can't use getpwnam as it checks for the password where in all that i require is that the user name entered in the login form must b there in the linux account.so i don't have to check password rather just the name. thank u.please guide me to overcome the error of "not enough arguements"..ypcat passwd |grep name works well in genral unix enviornment.
[reply]

        getpwnam returns undef if the account doesn't exist. Try this:

        my $username = SomeSubToGetUsername;
my $check = getpwnam($username);
if ($check) {
# account exists
...
}
else {
# account does not exist
...
}

        [download]

        Hope this helps.

        antirice    
        The first rule of Perl club is - use Perl
        The         ith rule of Perl club is - follow rule i - 1 for i > 1

[reply]
[d/l]

Back to Seekers of Perl Wisdom