titanic_fanataic has asked for the wisdom of the Perl Monks concerning the following question:

I'm just trying to write a simple script that will allow my clients to log on through the internet to see their current invoice. All I need is a snippet of code that will open my flatfile database that contains the username/password combo 1 per line in this format:

username|cryptedpassword
username2|cryptedpassword2
etc...

and matches the entered username agianst the usernames in the database... If found validate the password for that username, if not display a username/password is incorrect page.

I've been searching for hours trying to find a tutorial or some sort of reading that may help me with this, but I have not had any luck... Any help would be greatly appreciated.

Titanic_Fanatic
skatemaster@shaw.ca

Replies are listed 'Best First'.
Re: Searching database for username
by davido (Cardinal) on Nov 30, 2004 at 04:49 UTC

    This is a web application, right? For basic web authentication you may use .htaccess, described here. (off site link).

    For dealing with account information per user, you may need to dig in a little deeper, actually learning Perl (or an other suitable language for CGI programming).

    If you need help on some aspect of writing an access tool in Perl, let us know which step along the way you're hung up on. I would start by reading the documentation for CGI, and CGI::Session.


    Dave

[reply]
      This is a web application, right? For basic web authentication you may use .htaccess

      Good call. This way, you do not have to bother with authentication at all, as this will be handled by the web server. The downside is that you have no way to influence how the authentication dialog looks (the user's browser will produce one), but maybe this is not so important.

      Once you protect your CGI script with basic web authentication, you can retrieve the user ID like this: 

      my $q = new CGI;
my $userid = $q->remote_user;

      [download]
[reply]
[d/l]
Re: Searching database for username
by atcroft (Abbot) on Nov 30, 2004 at 04:51 UTC

    You mean something like: 

    # Open file, loading passwords into a hash, keyed on usernames
my $filename = '/path/to/pw/file/outside/web/root/filename.extension';
my (%users);
open(DF, $filename) or die("Cannot open $filename for input: $!\n");
while (my $line = <DF>) {
  chomp($line);
  my @parts = split(/\|/, $line, 2);
  $users{$parts[0]} = $parts[1];
}
close(DF);

# Get parameters passed in
my $q = new CGI;
my $entered_un = $q->param('username');
my $entered_pw = $q->param('password');

# Test if username and password match
my $authorized = 0;
if (exists($users{$entered_un})) {
  # crypt() uses a 2-character salt for additional variation
  my $crypted_pw = crypt($users{$entered_un}, $entered_pw);
  if ($crypted_pw eq $users{$entered_un}) {
    $authorized++;
  }
}
if (! $authorized) {
  &display_incorrect_un_pw_msg;
  exit;
}

# do whatever, such as set a cookie or something, then whatever

    [download]

    Code is untested, but should at least give you an idea of what is involved. Hope it helps.

[reply]
[d/l]
Re: Searching database for username
by hmerrill (Friar) on Nov 30, 2004 at 12:52 UTC
    Now you're using a flat file database - in the future you may want to convert that to a real database. My advice is to read the DBI perldocs by doing 
       perldoc DBI

    [download]
    at a command prompt. DBI is a database independent interface for accessing databases using Perl. If DBI looks promising (and even if it doesn't yet), then buy Tim Bunce's book "Programming the Perl DBI" - in there there is a section on flat file databases. Tim also describes the pro's and con's of using flat file databases. This is an excellent book for databases in general, but of course the majority of the book is devoted to proper use of the Perl DBI module and associated database specific DBD::<database> modules.

    HTH.

[reply]
[d/l]

Back to Seekers of Perl Wisdom