You might want to think about crypting those passwords. Plain text still leaves the information somewhat vulnerable, especially if you have them in a flat text file that is being written to in a directory chmod'd 777. Two suggestions:
- Check out Lincoln Stein's Crypt::CBC module on CPAN and implement it if it makes sense in your script. - If you're on a UNIX system and want to make that a little easier, you can just system('crypt') the passwords. - If you're on a UNIX system you can run your scripts suid (chmod'd 4711 and #!/usr/bin/perl -U). At any rate, you want to avoid these two things: - Leaving the password in plain text - Leaving the directory world-writeable Scot Robnett inSite Internet Solutions [EMAIL PROTECTED] http://www.insiteful.tv -----Original Message----- From: Ben Huyghebaert [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 10:43 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Having problems with login It worked! I had to correct some syntax problems I had but after that I got it rolling. Thank you very much! I'll try suggestions next time before I just assume that they won't work. I'm still confused by it but I'll study it maybe understand why it works. LOL On Wed, 12 June 2002, David vd Geer Inhuur tbv IPlib wrote: > > > I think this will work : > > foreach $i(@access) { > chomp $i; > ($un,$pw) = split(/\|/, $i); > $username = $FORM{'username'}; > $password = $FORM{'password'}; > > if (($username ne $un) || ($password ne $pw)) { > print <<NoPass; (block of html for invalid username/passwordscreen) > NoPass > } > else { > print <<YesPass; (block of html for Account manager screen) > YesPass > } > } # End foreach > > Regs David > --------------- > > > I'm starting to make a perl/cgi/html based multi-player game called 3MF (Massive Multiplayer Medieval Frolic). So far I've made an account creation screen that writes the data to two flat file db's one of them holds the usernames & passwords, while the other holds all the user information. > > Now I'm working on the login screen but I've run into some problems. It only lets the last user account I create gain access. For any others it sends them to the invalid username and password screen I created. > > Here is the code I'm using right now. I open up the file with the usernames and passwords and throw it all into @access and then do this > > > > foreach $i (@access) { > > chomp($i); > > ($un,$pw) = > > split(/\|/,$i); > > } > > > > $username = $FORM{'username'}; > > $password = $FORM{'password'}; > > > > if ($username ne "$un" or $password ne "$pw"){ > > print <<NoPass; (block of html for invalid username/passwordscreen) > > NoPass > > } > > else { > > print <<YesPass; (block of html for Account manager screen) > > YesPass > > } > > > > So what do I need to fix to be able to match any username and password and not just the last one created? and by the way all the data is being written to the files and each entry is a new line. > > If anyone is interested in hearing more about my game concept and helping out with any more problems I run into (there will be many) then let me know. > > Thanks > > > > > > > > ------------------------------------------------------------- > > Sign up for ICQmail at http://www.icq.com/icqmail/signup.html > > > > -- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > -- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] William move your heead! Look at the size of that boys heeead! It's like an orange on a toothpeck! HEEEEAD MOVE! ------------------------------------------------------------- Sign up for ICQmail at http://www.icq.com/icqmail/signup.html -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.370 / Virus Database: 205 - Release Date: 6/5/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.370 / Virus Database: 205 - Release Date: 6/5/2002 -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]