I have been tearing my hair out getting this thing to do what I want it to and I think I've finally succeeded.

This is the most secure password lookup mod I can think of.

When a user logs in, he enters just his username and email address. The script sends him a random password to the email address. This assures you that the email address he entered is a real one.

The password should arrive very quickly and the user logs in.

If the user loses his password, he enters his email address again and the script generates a new password.

All passwords are encrypted on the system.

There are several optional components to the mod which you can add if you wish.

The first pulls the email address from the password file so that the user does not need to enter it again when he adds a record.

The second allows the user to change his email address. You can also set things up so that the user's email address in his record(s) will also be changed.

The third allows the user to change his password.

The admin display is also modified so that you can change the password or email address for a user yourself. Again, when an email address is changed in the password file, the user's email address is also changed in the .db file.

You can test the functions (except admin) by going to

http://www.jpdeni.com/cgi-bin/password/db.cgi

You can pick up the mod at
http://www.jpdeni.com/dbman/secure_password_lookup.txt

Please let me know if you have any problems. I have tried to make the mod as easy to use as I could and I have tested it. But there could be something I didn't think of.


------------------
JPD

Is the link correct JPDeni?
Hm..cant find the file..

Sorry 'bout that. I had forgotten what I had named the file.

It's at

http://www.jpdeni.com/dbman/secure_lookup.txt


------------------
JPD

Looks very nice, JPDeni. Great Job!

Regards,

------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us

I've added in the mod already..hehe...looks good.

Hi JPD,
I think a great mod, much work. Before I start with this, does it work with my cleanup mod??

Probably not. You'll have to make allowances for dates every time a password is written to the .pass file. It would probably be best if you stick with the mod you already have.



------------------
JPD

JPD - just wanted to check and make sure before I changed my dbman.

Will this new password lookup mod work for those who were using the previous lookup mod without any problems?

---------------
donm

Probably not without a lot of work. For one thing, the old mod didn't encrypt the passwords. You would have to encrypt all the passwords in your current password file.

Also, you would have to add back in all the encryption routines that you took out when you used the old mod.

If you're not having trouble, I'd stick with the one you have right now.


------------------
JPD

Well that's just it .... we are having problems. UserID/Passwords are mysteriously disappearing.

I thought this mod would maybe this would help resolve this problem.

---------------
donm

What is the format for the default.pass file?? I assume it is similar to the old lookup mod. The problem is that when I used this mod, I was unable to log-in since the program now reads a different format of userid information.

Please post correct format ASAP.

TIA.

Regards,

Regards,

------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us

[This message has been edited by Eliot (edited July 29, 1999).]

[This message has been edited by Eliot (edited July 29, 1999).]

[This message has been edited by Eliot (edited July 29, 1999).]

Okay...My scripts are totally screwed up now. I cannot login and the default user link does NOT work.

Here are my files:

default.cfg
http://anthrotech.com/cgibin/classifieds/ads/defaultcfg.txt

default.cgi
http://anthrotech.com/cgibin/classifieds/ads/indexcgi.txt

html.pl
http://anthrotech.com/cgibin/classifieds/ads/htmlpl.txt

You can check this problem out at:
http://anthrotech.com/cgibin/classifieds/ads/

AND

anthrotech.com/cgibin/classifieds/ads/index.cgi?&uid=default

If anyone has a chance to review my scripts and provide feedback, I would greatly appreciate it.

TIA.

Regards,


------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us

[This message has been edited by Eliot (edited July 29, 1999).]

[This message has been edited by Eliot (edited July 29, 1999).]

[This message has been edited by Eliot (edited July 29, 1999).]

The format of the password file for the new mod is


If you want to use the new password mod, you'll probably have to start with a new distribution of DBMan, install the password mod and then copy over the modifications you made.

If you have specific problems you want to ask me about, ask them and I'll see what I can do.


------------------
JPD

I guess I must be missing something. There is nothing in the new lookup mod that specifies changes to the auth.pl file. Yet, that may be one of the problems.

Does the auth.pl need to be modified? If so, what changes need to be made?

The problem is that when I access the above URLs, I am taken to the "New Password Created" screen.

Starting over a new installation of DBMAN is not a very good option in my book. I have put a lot of time and effort into adding modifications to the html.pl file already.

Any suggestions on how to fix this would be most appreciated.

------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us

[This message has been edited by Eliot (edited July 29, 1999).]

No. There are no changes that need to be made to the auth.pl file *from the original file* for the new password mod to work. The email address is in the password file, but it is just ignored.

What specific problems are you having?


------------------
JPD

Here is my problem:


Any suggestions?

FYI: I installed ALL the mods included in the secure lookup mod.

Also, I noticed that in this new mod, there are no "failure" sub-routines for changing passwords or email address. Can I just copy the html_login_failure with associated forms for the other sub-routines (change password, new password, and change email)??

TIA.

Regards,

------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us

[This message has been edited by Eliot (edited July 29, 1999).]

I don't see where you're quoting from, so I don't know what the "above URLs" are.

You are correct. There are no separate "failure" subroutines for the change password or change email functions. However, the error messages, if any are passed back to the original subroutine and written out there. I didn't see any point in duplicating the subroutines when I could just add a few lines.



------------------
JPD

I really don't understand your frustration. I am just asking about how to fix the bugs that I have come accross. If you don't know how to fix it, fine. No biggie. But hostility is not the best method of responding to frustrating situations. I will work on it some more and see what I can come up with.

One suggestion would be to test the mods in a variety of ways, including using previous mods and applying the new mods to them, as well as applying new mods to "original" scripts.

Thanks anyway.

Regards,

------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us

I do not mean to be hostile. That is not where I'm coming from at all. I apologize if I gave that impression. I am feeling like I'm drowning and have been that way for quite a while. I feel that if I am unable to help you (and others) with problems they have with my mods, it would be better for me not to have the mods up in the first place.

If you would like, I'll take a day and look over your entire scripts to see if I can find something.


------------------
JPD

That would be really great. Although take your time. It is not a priority item. I apologize if I seemed like it was a rush item. This particular database is not scheduled to go live until the middle of August. Again, I will tinker with the scripts again (may be having to start with a fresh install...not ideal, but it may make it work).

Regards,

------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us

Let me know where I can pick up the files -- I'll need everything -- and I'll see what I can find.


------------------
JPD

I already gave the URL to the files in this Thread. They are located at:

default.cfg
http://anthrotech.com/cgibin/classifieds/ads/defaultcfg.txt

default.cgi
http://anthrotech.com/cgibin/classifieds/ads/indexcgi.txt

html.pl
http://anthrotech.com/cgibin/classifieds/ads/htmlpl.txt

The other files are unchanged. These are the only files where I have applied the mod.

Thanks.

Regards,






------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us

I really don't know what to tell you. I know that it works for me. I'm seriously considering pulling my mods, since it's just too hard to try to figure out what the problems are that people have, using different systems and different modifications. Maybe I wasn't cut out for this line of work after all.


------------------
JPD

The URLs I am referring to is in a previous response in this thread..

http://anthrotech.com/cgibin/classifieds/ads/

AND

anthrotech.com/cgibin/classifieds/ads/index.cgi?db=default

The first one should go to the Login Access Screen. The second one should go to the Main Menu Screen. As you will see both go to the "New Password Created" Screen.

Regards,

------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us

[This message has been edited by Eliot (edited July 30, 1999).]

[This message has been edited by Eliot (edited July 30, 1999).]

Carol,

Welp, I got it to work. I noticed that there is a syntax error in the mod you've provided. In the sub look-up, there are two closing right brackets at the end of the sub-routine. There seems to be a problem in the placement of the password change forms and email change form. I remmed out the following lines:


So, I guess for now, I will have to do without the password change and email change forms until I can further analyze these sub-routines to find out what the problem is. I guess the most important section of the mod that I needed was the secure_lookup. The password change and email change are just icing on the cake.

Regards,

------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us

[This message has been edited by Eliot (edited August 01, 1999).]