Gossamer Forum
(Advanced Search)
for
Home : General : Perl Programming :

Help on creating a clan script

Apr 17, 2003, 7:39 PM
snowdude14
Novice (10 posts)
Apr 17, 2003, 7:39 PM
Post #1 of 5
Views: 4375
Shortcut
Quote Reply
Help on creating a clan script
Hi I am working on creating a script for my clan. I am having trouble on what to do when people login. When people try to login it brings them to a page inside that script, but only that page is actually protected ex.clan.cgi?members=index. But anyone could just type in like clan.cgi?members=deletemembers without having to login at all, because not all the pages are secure.

Thanks,
Kurt

Last edited by:

snowdude14: Apr 17, 2003, 7:41 PM
Apr 18, 2003, 4:25 PM
Paul
Veteran (19537 posts)
Apr 18, 2003, 4:25 PM
Post #2 of 5
Views: 4226
Shortcut
Quote Reply
Re: [snowdude14] Help on creating a clan script In reply to
If you pass all your requests through a central function you can do security checks there. Ideally you'd want to use unique sessions using cookies and some sort of database.

No matter what URL they try to access the central authentication function will always be called and if they don't have permission to access a certian URL then they will be denied access.
Apr 19, 2003, 10:26 AM
snowdude14
Novice (10 posts)
Apr 19, 2003, 10:26 AM
Post #3 of 5
Views: 4202
Shortcut
Quote Reply
Re: [Paul] Help on creating a clan script In reply to
Thanks Paul.

Kurt
Apr 20, 2003, 2:11 PM
snowdude14
Novice (10 posts)
Apr 20, 2003, 2:11 PM
Post #4 of 5
Views: 4197
Shortcut
Quote Reply
Re: [snowdude14] Help on creating a clan script In reply to
This is the following of the code that i have and it seems to have an error and no debuggers could get anything wrong and neither could I. Could u take a look at it?
Code:
#!/usr/bin/perl

print( "Content-type: text/html\n\n" ) ;

#####
# CGILIB
require "cgi-lib.pl";
&ReadParse(*input);
#####
# Form Parsing
@pairs = split( /&/, $ENV{ 'QUERY_STRING' } ) ;

foreach $pair ( @pairs ){
( $name, $value ) = split( /=/, $pair ) ;
$value =~ tr/+/ / ;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack( "C", hex( $1 ) )/eg ;
$QS{ $name } = $value ;
}
#####
# Variables
$pass= $input{'password'};
$adminpass="crazyboy";
@members = ($pass);

$SecretNum = 45 ;
$QueryStringAddition ="" ; #this must be appended to the end of every link

#####
# Requires

#####
# Calling Subs

#####
# Subs
sub login {
if($members[0] eq $adminpass){
&pageone;
$QueryStringAddition = "&user=" . $input{ 'username' } . "&key=" . crypt( $input{ 'username' }, $SecretNum ) ;

}else{
print "password incorrect!";
}
}

sub checkAuth{
my( $UserName, $SecretKey ) ;

$UserName = $QS{ 'user' } ;
$SecretKey = $QS{ 'key' } ;

if( crypt( $UserName, $SecretNum ) == $SecretKey ){
$QueryStringAddition = "&user=" . $UserName . "&key=" . $SecretKey ;
return( 1 ) ;

}else{
return( 0 ) ;
}
}

sub pageone {
html = qq|
<a href="clan.cgi?admin=index$QueryStringAddition">Link 1</a><br>
<a href="clan.cgi?admin=addlink$QueryStringAddition">Link 2</a><br>
<a href="clan.cgi?admin=two$QueryStringAddition">Link 3</a><br>
| ;
}
#####
# Main
if( $QS{ 'login' } eq "index" ){
&login;

}elsif( &chechAuth() ){
if( $QS{ 'admin' } eq "index" ){

}elsif( $QS{ 'admin' } eq "addlink" ){

}elsif( $QS{ 'admin' } eq "two" ){

}elsif( $QS{ 'admin' } eq "two" ){

}elsif( $QS{ 'admin' } eq "two" ){

}else{ $html = "I dont know"; )

}else{
$html = qq|
<form method="post" action="clan.cgi?login=index">
<input type="text" name="password">
<input type="submit" name="Submit" value="Submit">
</form>
| ;
}

print( $html ) ;

Thanks,
Kurt
Apr 20, 2003, 2:24 PM
Paul
Veteran (19537 posts)
Apr 20, 2003, 2:24 PM
Post #5 of 5
Views: 4197
Shortcut
Quote Reply
Re: [snowdude14] Help on creating a clan script In reply to
What kind of error...what happens?

If it is a fatal error I guarantee your error log will tell you the error =)

Also running:

perl -c your_script.cgi

...will locate syntax errors.