Thank you, Mart, for sending me the password files. It really helped.
Here's the edited subroutine (just a few typos and using > instead of < made all the difference.)
Code:
sub auth_check_password {
# --------------------------------------------------------
# This routine checks to see if the password and userid found
# in %in (must be 'pw' and 'userid') match a valid password and
# userid in the password file.
# It returns a status message and a userid which is built by a
# "user name" + "random number"
# which get's stored in the query string.
my ($pass, @passwd, $userid, $pw, @permissions, $file, $uid, $email, $last_login, $warning_sent);
my ($server_auth) = $ENV{'REMOTE_USER'} or $ENV{'AUTH_USER'};
if ($auth_no_authentication or (($db_uid eq 'default') && $auth_allow_default)) {
return ('ok', 'default', @auth_default_permissions);
}
elsif ($server_auth) { # The user has logged in via server authentication.
return ('ok', $server_auth, &auth_check_permissions($server_auth));
}
elsif ($in{'login'}) { # The user is trying to login.
open (PASSWD, "<$auth_pw_file") or &cgierr("unable to open password file. Reason: $!\n");
@passwds = <PASSWD>; # Let's get the user id and passwords..
close PASSWD;
my ($view, $add, $mod, $del, $admin, @data);
my ($found) = 0;
my ($output) = '';
PASS: foreach $pass (@passwds) { # Go through each pass and see if we match..
if ($pass =~ /^$/) {
$output .= $pass;
next PASS;
}
if ($pass =~ /^#/) {
$output .= $pass;
next PASS;
}
chomp ($pass);
(@data) = split (/:/, $pass);
if (($in{'userid'} eq $data[0]) && ($in{'pw'} eq $data[1])) {
$found = 1;
srand( time() ^ ($$ + ($$ << 15)) ); # Seed Random Number
$db_uid = "$data[0]." . time() . (int(rand(100000)) + 1);# Build User Id
$view=$data[2];
$add=$data[3];
$del=$data[4];
$mod=$data[5];
$admin=$data[6];
# save the date of the login
$data[8]=&get_date;
# reset the "warning" date
$data[9]='';
$output .= join (":",@data) . "\n";
open(AUTH, ">$auth_dir/$db_uid") or &cgierr("unable to open auth file: $auth_dir/$uid. Reason: $!\n");
print AUTH "$uid: $ENV{'REMOTE_HOST'}\n";
close AUTH;
}
# if a warning has been sent previously
elsif ($data[9]) {
# if the warning time has not elapsed
unless ((&date_to_unix($data[9]) + (86400 * $warning_days)) <= (time)) {
# keep the login information
$output .= $pass . "\n";
}
else {
# otherwise save the deleted account info to the log
&auth_logging('deleted user', $pass) if ($auth_logging);
}
}
# if the account has been inactive
elsif ((&date_to_unix($data[8]) + (86400 * $inactive_days)) <= (time)) {
# send an email to warn them
open (MAIL, "$mailprog") or &cgierr("Can't start mail program");
print MAIL "To: $data[7]\n";
print MAIL "From: $admin_email\n";
print MAIL "Subject: $db_name Account Expiring\n\n";
print MAIL "-" x 60 . "\n\n";
print MAIL "You have not logged in to the $db_name database at [insert the URL of your database here]\n";
print MAIL "for at least $inactive_days days.\n";
print MAIL "If you would like to maintain your account at $db_name, please visit the site again and log in.\n";
print MAIL "If you do not visit the database within $warning_days days, your account will be deleted.\n";
print MAIL "Your username is $data[0]\n";
print MAIL "Your password is $data[1]\n\n";
print MAIL "Sincerely, [insert your signature here]";
close (MAIL);
# save the date the warning was sent
$data[9] = &get_date;
# add the new information back into the password file
$output .= join (":",@data) . "\n";
}
else {
# everything is fine with this person's account
$output .= $pass . "\n";
}
}
# write the information back to the password file
open (PASSWD, ">$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASSWD, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
print PASSWD $output;
close PASSWD;
if ($found) {
foreach (0 .. 3) { $permissions[$_] = int($permissions[$_]); }
&auth_logging('logged on', $userid) if ($auth_logging);
return ('ok', $db_uid, $view, $add, $del, $mod, $admin);
}
else {
return ("invalid username/password");
}
}
elsif ($db_uid) { # The user already has a user id given by the program.
(-e "$auth_dir/$db_uid") ?
return ('ok', $db_uid, &auth_check_permissions($db_uid)) :
return ('invalid/expired user session');
}
else { # User has not logged on yet.
return 'no login';
}
}
print PASS print PASS "$in{'new_username'}:$in{'password'}:$in{'per_view'}:$in{'per_add'}:$in{'per_del'}:
print PASS print PASS "$in{'new_username'}:$in{'password'}:$in{'per_view'}:$in{'per_add'}:$in{'per_del'}:
Let me know if you still have problems.