You might want to think about crypting those passwords. Plain text still
leaves the information somewhat vulnerable, especially if you have them in a
flat text file that is being written to in a directory chmod'd 777. Two
suggestions:
- Check out Lincoln Stein's Crypt::CBC
module on CPAN and implement it if it
makes sense in your script.
- If you're on a UNIX system and want
to make that a little easier, you
can just system('crypt') the passwords.
- If you're on a UNIX system you can
run your scripts suid (chmod'd 4711
and #!/usr/bin/perl -U).
At any rate, you want to avoid these two things:
- Leaving the password in plain text
- Leaving the directory world-writeable
Scot Robnett
inSite Internet Solutions
[EMAIL PROTECTED]
http://www.insiteful.tv
-----Original Message-----
From: Ben Huyghebaert [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 13, 2002 10:43 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Having problems with login
It worked! I had to correct some syntax problems I had but after that I got
it rolling. Thank you very much! I'll try suggestions next time before I
just assume that they won't work.
I'm still confused by it but I'll study it maybe understand why it works.
LOL
On Wed, 12 June 2002, David vd Geer Inhuur tbv IPlib wrote:
>
>
> I think this will work :
>
> foreach $i(@access) {
> chomp $i;
> ($un,$pw) = split(/\|/, $i);
> $username = $FORM{'username'};
> $password = $FORM{'password'};
>
> if (($username ne $un) || ($password ne $pw)) {
> print <<NoPass; (block of html for invalid username/passwordscreen)
> NoPass
> }
> else {
> print <<YesPass; (block of html for Account manager screen)
> YesPass
> }
> } # End foreach
>
> Regs David
> ---------------
>
> > I'm starting to make a perl/cgi/html based multi-player game called
3MF (Massive Multiplayer Medieval Frolic). So far I've made an account
creation screen that writes the data to two flat file db's one of them holds
the usernames & passwords, while the other holds all the user information.
> > Now I'm working on the login screen but I've run into some problems.
It only lets the last user account I create gain access. For any others it
sends them to the invalid username and password screen I created.
> > Here is the code I'm using right now. I open up the file with the
usernames and passwords and throw it all into @access and then do this
> >
> > foreach $i (@access) {
> > chomp($i);
> > ($un,$pw) =
> > split(/\|/,$i);
> > }
> >
> > $username = $FORM{'username'};
> > $password = $FORM{'password'};
> >
> > if ($username ne "$un" or $password ne "$pw"){
> > print <<NoPass; (block of html for invalid username/passwordscreen)
> > NoPass
> > }
> > else {
> > print <<YesPass; (block of html for Account manager screen)
> > YesPass
> > }
> >
> > So what do I need to fix to be able to match any username and password
and not just the last one created? and by the way all the data is being
written to the files and each entry is a new line.
> > If anyone is interested in hearing more about my game concept and
helping out with any more problems I run into (there will be many) then let
me know.
> > Thanks
> >
> >
> >
> > -------------------------------------------------------------
> > Sign up for ICQmail at http://www.icq.com/icqmail/signup.html
> >
> > --
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
William move your heead! Look at the size of that boys
heeead! It's like an orange on a toothpeck! HEEEEAD
MOVE!
-------------------------------------------------------------
Sign up for ICQmail at http://www.icq.com/icqmail/signup.html
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.370 / Virus Database: 205 - Release Date: 6/5/2002
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.370 / Virus Database: 205 - Release Date: 6/5/2002
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
