Gossamer Forum
Home : Products : DBMan SQL : Discussion :

Re: [ltillner] upgrade from dbman to dbmansql 1

Quote Reply
Re: [ltillner] upgrade from dbman to dbmansql 1 In reply to
Modified sub signup (for the secure password lookup mod).

I noticed a few problems with the signup subroutine:

1. Emails were sent out with username & generated passwords, no matter what.

2. The previous mod didn't check for duplicate emails.

3. Logging in with username not on file logged you in without any permissions. The fix for that can be found by searching the forums for "login" (should be the first one that comes up). There's a couple of things to change in the auth.pl file.

Replace original sub signup routine with this:

sub signup {
# --------------------------------------------------------
# Allows a user to sign up without admin approval. Must have $auth_signup = 1
# set. The user gets @default_permissions.
#
my ($message,$userid, $pw, $view, $add, $del, $mod, $admin, $email, $password);

# Check to make sure userid is ok, pw ok, and userid is unique.
unless ((length($in{'userid'}) >= 3) and (length($in{'userid'}) <= 20) and ($in{'userid'} =~ /^[a-zA-Z0-9]+$/)) {
$message = "Invalid userid: $in{'userid'}. Must only contain only letters and be less then 20 and greater then 3 characters.";
}

unless ($in{'email'} =~ /.+\@.+\..+/) {
$message = "Invalid email address format: '$in{'email'}'.";
}


if ($message) {
&html_signup_form($message);
return;
}

my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
$in{'pw'} = crypt($in{'pw'}, join '', @salt_chars[rand 64, rand 64]);

my $username_q = $DBH->quote($in{'userid'});
$in{'pw'} = &generate_password;
my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
my $encrypted = crypt($in{'pw'}, $salt);
my $password_q = $DBH->quote($encrypted);
my $email_q = $DBH->quote($in{'email'});
my $permission = join (",", @auth_signup_permissions);

$query = qq!
SELECT * FROM $db_table_user
WHERE username = $username_q OR Email = $email_q
!;
my $sth = $DBH->prepare ($query) or &cgierr("Unable to query database. Reason: $DBI::errstr. Query: $query");
$sth->execute or &cgierr("Unable to query database. Reason: $DBI::errstr. Query: $query");
if ($sth->rows) {
$message = "Username or email address already exists. Please try another.";
}

else {


$query = qq!
INSERT INTO $db_table_user (username, password, Email, per_view, per_add, per_del, per_mod, per_admin)
VALUES ($username_q, $password_q, $email_q, $permission)
!;
$DBH->do ($query) or ($message = "Username $username_q already exists. Please try another.");


open (MAIL, "$mailprog") || &cgierr("Can't start mail program");
print MAIL "To: $in{'email'}\n";
print MAIL "From: $admin_email\n";
print MAIL "Subject: $html_title Account Created\n\n";
print MAIL "-" x 75 . "\n\n";
print MAIL "Your account at $html_title has been created.\n\n";
print MAIL "Your $html_title User ID is: $in{'userid'}\n";
print MAIL "Your $html_title password is: $in{'pw'}\n\n";
print MAIL "Please keep this email for future reference.\n\n";
print MAIL "To log on, go to\n\n";
print MAIL "$db_script_url?db=$db_setup\n";
print MAIL "and enter your User ID and password.\n\n";
print MAIL "Please contact $html_title support at: $admin_email\n";
print MAIL "if you have any questions.\n\n";
close (MAIL);

}
$sth->finish;

$message ?
&html_signup_form ($message) :
&html_signup_success();
}


NOTE: I wasn't sure how to get it to work to show either username or e-mail address already exsists, so at this time it displays this message:

"Username or email address already exists. Please try another."

There's probably something that can be done different with this:

SELECT * FROM $db_table_user
WHERE username = $username_q OR Email = $email_q
my $sth = $DBH->prepare ($query) or &cgierr("Unable to query database. Reason: $DBI::errstr. Query: $query");
$sth->execute or &cgierr("Unable to query database. Reason: $DBI::errstr. Query: $query");
if ($sth->rows) {
$message = "Username or email address already exists. Please try another.";
}

This seems to work for checking for duplicates for either username or email, so I guess as long as it's doing that, then no worries.

I still plan on working on the "change email", "change password", "private mailer" and "Validate Records" mods. Maybe eventually these mods can be added somewhere so it'll be easier to find the changes. Wink *hint hint*


DBMan SQL Version 1 mods available at:
http://dbmansqlmods.rainbowroomies.com
(Mods based on JPDeni's original mods.)

Last edited by:

shann123: Mar 2, 2004, 3:25 AM
Subject Author Views Date
Thread upgrade from dbman to dbmansql 1 shann123 12279 Jan 19, 2004, 5:06 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
ltillner 12063 Jan 22, 2004, 1:37 PM
Thread Re: [ltillner] upgrade from dbman to dbmansql 1
shann123 12119 Jan 22, 2004, 2:18 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 12077 Jan 23, 2004, 6:08 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 12097 Jan 24, 2004, 6:52 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 12053 Jan 24, 2004, 7:08 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 12051 Jan 25, 2004, 4:50 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
ltillner 12078 Jan 26, 2004, 8:37 AM
Thread Re: [ltillner] upgrade from dbman to dbmansql 1
shann123 12045 Jan 26, 2004, 1:08 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 12056 Jan 27, 2004, 4:58 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 12039 Jan 27, 2004, 6:48 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 12031 Jan 30, 2004, 10:06 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
timbo 12002 Feb 5, 2004, 11:13 AM
Post Re: [timbo] upgrade from dbman to dbmansql 1
shann123 11999 Feb 8, 2004, 12:10 AM
Thread Re: [timbo] upgrade from dbman to dbmansql 1
ltillner 11991 Feb 10, 2004, 11:24 AM
Thread Re: [ltillner] upgrade from dbman to dbmansql 1
shann123 11898 Mar 2, 2004, 3:21 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 11906 Mar 2, 2004, 5:54 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 11879 Mar 3, 2004, 2:23 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 11850 Mar 3, 2004, 6:35 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 11866 Mar 4, 2004, 4:36 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 11862 Mar 6, 2004, 8:17 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 11843 Mar 7, 2004, 7:20 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 11869 Mar 8, 2004, 4:37 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 11856 Mar 10, 2004, 10:24 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 11822 Mar 11, 2004, 11:59 AM
Post Re: [shann123] upgrade from dbman to dbmansql 1
shann123 1697 Mar 16, 2004, 5:44 AM