changing password

bory has asked for the wisdom of the Perl Monks concerning the following question:

Hi! I have a script and i want to change the user's password! All the passwords are in a text file written like this:username=passowrd on each line! In my script i want the user to write his username, old password, new password and confirm new password! When he does this to change the password in the text file! I have the following code but it doesn't change the password in the file

 #!/agl/tools/perl/bin/perl
        use strict;
    use CGI ':standard';  
               my $I_username = param('username'); 
        my $I_psswd = param('password'); 
        my $I_newpsswd = param('new_password');
        my $I_cnewpsswd = param('cnew_password');           
                    
                my $data_file = '/data/aww/cgi-bin/login.txt';  
               
open(DAT, "+>>$data_file") || die("Could not open file: $!");  
                  
                my %password;  
                while (<DAT>) {  
                  chomp;  
                  my ($k, $v) = split /\=/;  
                  $password{$k} = $v; 
          if (($I_username eq $k) and ($password{$I_username} eq $I_ps
+swd) and ($I_newpsswd eq $I_cnewpsswd)){
                      print DAT "$I_username=$I_newpsswd \n";
                    print "<h2>OK</h2>";   } 
                        else { if($I_newpsswd ne $I_cnewpsswd){print "
+<center><h2>Noua parola nu se potriveste !</h2></center>\n";}
          else {if($I_username ne $k){ print "<center><h2>Utilizatorul
+ nu exista!</h2></center>\n";}
          else {if($password{$I_username} ne $I_psswd){ print "<center
+><h2>Ai introdus parola veche gresit!</h2></center>";}
                }  }}}
        
                close(DAT);
[download]

Thank you very much for your time!

Comment on changing password Download Code

Replies are listed 'Best First'.
Re: changing password by TVSET (Chaplain) on Sep 25, 2003 at 08:44 UTC
Make sure that your web server can read and write the file that you are using for passwords. Also my personal approach to this kind of problems is to read the complete file first, then modify it, and then to write it back. Something along these lines: `open (IN,"<$myfile") or die "open failed for read: $!"; my @lines = <IN>; close (IN); open (OUT, ">$myfile") or die "open failed for write: $!"; foreach (@lines) { chomp; my ($user,$pass) = split(/=/); # Check username if ($user eq $i_user) { # Check password if ($pass eq $i_pass) { # Check the confirmation of the new password if ($i_newpass eq $i_cnewpass) { print OUT "$user=$i_newpass\n"; } } } else { print OUT "$user=$pass\n"; } } close (IN);` [download] These, of course, looks childish, but it's extremely easy to read and follow. If this one works, then you can rewrite it in a more compact way. :) P.S.: Code is untested of course. :) Leonid Mamtchenkov aka TVSET	[reply] [d/l]
Re: Re: changing password by Zaxo (Archbishop) on Sep 25, 2003 at 16:13 UTC
This solution needs file locking, with attention to race conditions. You probably don't want to prevent multiple instances from running in cgi, so you need to worry about simultaneous requests clobbering one another's work. After Compline, Zaxo	[reply]
Re: Re: changing password by bory (Beadle) on Sep 25, 2003 at 09:02 UTC
Thank you very much! It works ok!Now I will rewrite it in a compact way!	[reply]
Re: changing password by Abigail-II (Bishop) on Sep 25, 2003 at 09:19 UTC
I got to ask this! Why do you write an exclaimation mark after each sentence! Are you surprised by everything you say! Abigail!	[reply]
Re: Re: changing password by bory (Beadle) on Sep 25, 2003 at 09:37 UTC
Re: changing password by sulfericacid (Deacon) on Sep 25, 2003 at 17:56 UTC
I am not sure if it's just me, but I'd be frightened if I knew my username and password were recorded in nothing more than a user=pass text file. It doesn't even sound like the user is encrypting this information. Instead of reading from and writing to a file, wouldn't it be easier if the user used a flat file database like SDBM or DB_File? It would make it a lot easier to sort by username or password or even search for them by one or the other; not to mention make it a million times easier to change a user=pass by updating the $user{'newpass'];. I could be wrong, but this was my first thoughts when reading what the original poster asked and wondering why none of the rest of you have mentioned this. "Age is nothing more than an inaccurate number bestowed upon us at birth as just another means for others to judge and classify us" sulfericacid	[reply]