I'm trying to password protect my CGI scripts in another way. So far it works, but people cannot access the scripts simutaneously.
The script is named logon.pl.
The script uses a password.cgi which contains the login/password in the form login:password(encrypted). It also uses logon.cgi to keep the IP address. When a person logs to logon.pl, a html page with a form for the user to input their password and login. It will check to see if it equals password.cgi. Then it will add the ENV_HOST(IP) to the logon.cgi. When the same person access a script, it will test logon.cgi's ip # with the one right now. If it matches, then the person get's access.
Here's my problem. I want it so that people can simutaneously login. I want to modify it so that the logon.pl will copy the user's IP # and put it into logon.cgi. It will not delete any previous IP. It will just keep adding. And when a person tries to access the cgi script, it will look in password.cgi to see if any of IP matches. I guess you need to see the code.
logo.pl
$passfile="d:/inetpub/egn/cgi-bin/password.cgi";
$logfile ="d:/inetpub/egn/cgi-bin/logon.cgi";
# Get the input
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
# Split the name-value pairs
@pairs = split(/&/, $buffer);
foreach $pair (@pairs)
{
($name, $value) = split(/=/, $pair);
# Un-Webify plus signs and %-encoding
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}
if ($ENV{'REQUEST_METHOD'} eq "POST") {
# Print out a content-type for HTTP/1.0 compatibility
print "Content-type: text/html\n\n";
open(PASSWD,"$passfile") | | die $!;
$passwd_line = <PASSWD>;
chop($passwd_line) if $passwd_line =~ /\n$/;
close(PASSWD);
($username,$passwd) = split(/:/,$passwd_line);
$test_passwd = crypt($FORM{'password'}, substr($passwd, 0, 2));
open(FILE,">$logfile") | | die $!;
if (!($test_passwd eq $passwd && $FORM{'username'} eq $username)) {
$access="No One";
} else {
$access=$ENV{'REMOTE_HOST'};
}
print FILE "$access";
close(FILE);
print "<Head><Title>DBasics Log In Script</Title></Head>\n";
print "<h1><center>$access Logged On</center></H1>\n";
print "</body></html>\n";
exit;
} else {
# Print out a content-type for HTTP/1.0 compatibility
print "Content-type: text/html\n\n";
print "<Head><Title>DBasics Log In Script</Title></Head>\n";
print "<h1><center>DBasics Log In Script</center></H1>\n";
print "<FORM METHOD=\"POST\" ACTION=\"logon.pl\">\n";
print "<center><p><b>Username: </b><input type=text name=\"username\"> ";
print "<b>Password: </b><input type=password name=\"password\">\n";
print "<P><input type=submit> <input type=reset></center>\n";
print "</form></body></html>\n";
exit;
}
# END OF SCRIPT
Code inserted into the CGI/PL scripts in the CGI-BIN:
$logfile ="d:/inetpub/egn/cgi-bin/logon.cgi";
open(FILE,"$logfile") | | die $!;
$logon=<FILE>;
close(FILE);
if ($ENV{'REMOTE_HOST'} ne $logon) { exit; }
# End of Snippet
Can anyone help me out?
------------------
XanthisHP
boom.home.dhs.org
BOOM! Flash 3 Resource - When there's a Flash, there's a BOOM!
[This message has been edited by XanthisHP (edited June 13, 1999).]
The script is named logon.pl.
The script uses a password.cgi which contains the login/password in the form login:password(encrypted). It also uses logon.cgi to keep the IP address. When a person logs to logon.pl, a html page with a form for the user to input their password and login. It will check to see if it equals password.cgi. Then it will add the ENV_HOST(IP) to the logon.cgi. When the same person access a script, it will test logon.cgi's ip # with the one right now. If it matches, then the person get's access.
Here's my problem. I want it so that people can simutaneously login. I want to modify it so that the logon.pl will copy the user's IP # and put it into logon.cgi. It will not delete any previous IP. It will just keep adding. And when a person tries to access the cgi script, it will look in password.cgi to see if any of IP matches. I guess you need to see the code.
logo.pl
Code:
#!/usr/local/bin/perl $passfile="d:/inetpub/egn/cgi-bin/password.cgi";
$logfile ="d:/inetpub/egn/cgi-bin/logon.cgi";
# Get the input
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
# Split the name-value pairs
@pairs = split(/&/, $buffer);
foreach $pair (@pairs)
{
($name, $value) = split(/=/, $pair);
# Un-Webify plus signs and %-encoding
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}
if ($ENV{'REQUEST_METHOD'} eq "POST") {
# Print out a content-type for HTTP/1.0 compatibility
print "Content-type: text/html\n\n";
open(PASSWD,"$passfile") | | die $!;
$passwd_line = <PASSWD>;
chop($passwd_line) if $passwd_line =~ /\n$/;
close(PASSWD);
($username,$passwd) = split(/:/,$passwd_line);
$test_passwd = crypt($FORM{'password'}, substr($passwd, 0, 2));
open(FILE,">$logfile") | | die $!;
if (!($test_passwd eq $passwd && $FORM{'username'} eq $username)) {
$access="No One";
} else {
$access=$ENV{'REMOTE_HOST'};
}
print FILE "$access";
close(FILE);
print "<Head><Title>DBasics Log In Script</Title></Head>\n";
print "<h1><center>$access Logged On</center></H1>\n";
print "</body></html>\n";
exit;
} else {
# Print out a content-type for HTTP/1.0 compatibility
print "Content-type: text/html\n\n";
print "<Head><Title>DBasics Log In Script</Title></Head>\n";
print "<h1><center>DBasics Log In Script</center></H1>\n";
print "<FORM METHOD=\"POST\" ACTION=\"logon.pl\">\n";
print "<center><p><b>Username: </b><input type=text name=\"username\"> ";
print "<b>Password: </b><input type=password name=\"password\">\n";
print "<P><input type=submit> <input type=reset></center>\n";
print "</form></body></html>\n";
exit;
}
# END OF SCRIPT
Code inserted into the CGI/PL scripts in the CGI-BIN:
Code:
# Place This Snippet At Top of Sensitive Scripts $logfile ="d:/inetpub/egn/cgi-bin/logon.cgi";
open(FILE,"$logfile") | | die $!;
$logon=<FILE>;
close(FILE);
if ($ENV{'REMOTE_HOST'} ne $logon) { exit; }
# End of Snippet
Can anyone help me out?
------------------
XanthisHP
boom.home.dhs.org
BOOM! Flash 3 Resource - When there's a Flash, there's a BOOM!
[This message has been edited by XanthisHP (edited June 13, 1999).]