Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hello.

I see from your notice board that the issues covered here might be slightly out of my league, but since my question is very simple, I'm sure you guys will have no problem helping me out?

I am designing a site where the users need to register to access the info page. They must provide a username and a password. There is a page where new users can do this, and a different one for users who just want to log in with an existing username and password.

I need to use CGI scripts written in Perl to store the form data into a .dat file on a UNIX server.

How do I go about doing this? How do I store username and passwords so they are associated with eachother and can be retrieved when the user logs in again?

I know this is probably a very basic question, but I would be really really gratefull if somebody could help me out!

Thanks very much in advance to anybody who takes the time to help me!!

Chrissy

20040107 Edit by BazB: Changed title from 'Newbee..'

  • Comment on Using CGI to collect and store user data

Replies are listed 'Best First'.
Re: Using CGI to collect and store user data
by blue_cowdawg (Monsignor) on Jan 07, 2004 at 19:15 UTC

        How do I go about doing this? How do I store username and passwords so they are associated with eachother and can be retrieved when the user logs in again?

    There are many, many ways of doing this. First off when I did a simple search of the PM site I got this discussion, this discussion and that discussion for starters.

    As far as where to store user tokens you can do any of the following with varying degress of utility:

    1. Flat files
      • .htaccess and use Basic Auth
      • Your own version of a password file
      • Many other variations of a theme...
      • Hard-coded in your Perl code (danger Will Robinson!)
      • In a database

    Last thought (for now) is that using HTTPS vs. HTTP is a factor of how sensitive your data is, how paranoid you are and in some cases your pocketbook. HTTPS will encrypt the communication between your browser and the server and HTTP will not.

    Peter L. Berghold -- Unix Professional
    Peter at Berghold dot Net
       Dog trainer, dog agility exhibitor, brewer of fine Belgian style ales. Happiness is a warm, tired, contented dog curled up at your side and a good Belgian ale in your chalice.
[reply]
Re: Using CGI to collect and store user data
by maa (Pilgrim) on Jan 07, 2004 at 18:59 UTC

    You need to check if .htaccess files are supported first - then you can use AuthType Basic (HTTP spec) and htpasswd so store username/password combos in a file... the server can handle authentication.

    To do anything more sophisticated you probably need a database as well (but you didn't mention that)...

[reply]
[d/l]
Re: Using CGI to collect and store user data
by b10m (Vicar) on Jan 07, 2004 at 19:05 UTC

    To read and write from a text file, you may want to take a look at perldoc -f open. But you may want to take a look at DBI too. This way you can store and retrieve the info from a database. If you want to "encrypt" the passwords, you might want to peek at Digest::MD5.

    If you've read that, and still have questions, please do post them (preferable with some of the code you use).

    --
    b10m
[reply]
Re: Using CGI to collect and store user data
by jacques (Priest) on Jan 07, 2004 at 19:34 UTC
    Many years ago I had to do the same thing, but I wasn't the sysadmin and thus couldn't change the apache config file to allow .htaccess. If you're in the same situation, I would speak kindly to the admin (bring cookies) and if the admin is a complete idiot (many are) and doesn't want to change anything on the server, I would resort to encrypting the data in textfiles. You would have to change the ownership of the file(s) to the user usually called 'nobody'. This is a special account used by the server. Make sure the permissions on the file are correct. You could play with the permissions to make the files a little bit more secure, but really This Is The Wrong Way To Do It. However, in life, you sometimes have to make do with what you have and lucky you have Perl. :)
[reply]
Re: Using CGI to collect and store user data
by CountZero (Bishop) on Jan 07, 2004 at 20:22 UTC
    You mentioned a ".dat" file. What are your specifications for such file?

    Another important question: what kind of server are you using and what level of access do you have? Can you access and change the configuration files? There is no "one size fits all" answer here: it all depends on what you are using.

    CountZero

    "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

[reply]
Re: Using CGI to collect and store user data
by jonnyfolk (Vicar) on Jan 07, 2004 at 21:29 UTC

    By the tone of your message I detect that you wouldn't be averse to using a ready made script? :)

    There are plenty of sites offering downloads of scripts of varying quality. If you didn't know about them then check them out, or follow the excellent suggestions of my fellow monks and build your own.

[reply]

Back to Seekers of Perl Wisdom