<input type="hidden" name="pw" value=$in{'pw'}>

sub validate_record {
# --------------------------------------------------------
# Verifies that the information passed through the form and stored
# in %in matches a valid record. It checks first to see that if
# we are adding, that a duplicate ID key does not exist. It then
# checks to see that fields specified as not null are indeed not null,
# finally it checks against the reg expression given in the database
# definition.

my ($col, @input_err, $errstr, $err, $line, @lines, @data);
my ($userid, $pw, $view, $add, $del, $mod, $admin, $email);


if ($in{'add_record'}) { # don't need to worry about duplicate key if modifying
open (DB, "<$db_file_name") or &cgierr("error in validate_records. unable to open db file: $db_file_name.\nReason: $!");
if ($db_use_flock) { flock(DB, 1); }
LINE: while (<DB> ) {
(/^#/) and next LINE;
(/^\s*$/) and next LINE;
$line = $_; chomp ($line);
@data = &split_decode($line);
if ($data[$db_key_pos] eq $in{$db_key}) {
push(@input_err, "userid already in use -- try another");
}
}
close DB;
unless ((length($in{$db_key}) >= 3) and (length($in{$db_key}) <= 12) and ($in{$db_key} =~ /^[a-zA-Z0-9]+$/)) {
push(@input_err, "Invalid userid: $in{'userid'}. Must only contain only letters and be less then 12 and greater then 3 characters.");
}
unless ((length($in{'pw'}) >= 3) and (length($in{'pw'}) <= 12)) {
push(@input_err, "Invalid pw: '$in{'pw'}'. Must be less then 12 and greater then 3 characters.");
}
open (PASSWD, "<$auth_pw_file") or &cgierr("unable to open password file. Reason: $!\n");
@passwds = <PASSWD>;
close PASSWD;
foreach $pass (@passwds) { # Go through each pass and see if we match..
next if ($pass =~ /^$/); # Skip blank lines.
next if ($pass =~ /^#/); # Skip Comment lines.
chomp ($pass);
($userid, $pw, $view, $add, $del, $mod, $admin, $email) = split (/:/, $pass);
if (lc($in{$db_email_field}) eq lc($email)) {
push(@input_err, "email address already exists.");
}
}
}
foreach $col (@db_cols) {
if ($in{$col} =~ /^\s*$/) { # entry is null or only whitespace
($db_not_null{$col}) and # entry is not allowed to be null.
push(@input_err, "$col (Can not be left blank)"); # so let's add it as an error
}
else { # else entry is not null.
($db_valid_types{$col} && !($in{$col} =~ /$db_valid_types{$col}/)) and
push(@input_err, "$col (Invalid format)"); # but has failed validation.
(length($in{$col}) > $db_lengths{$col}) and
push (@input_err, "$col (Too long. Max length: $db_lengths{$col})");
if ($db_sort{$col} eq "date") {
push (@input_err, "$col (Invalid date format)") unless &date_to_unix($in{$col});
}
}
}

if ($#input_err+1 > 0) { # since there are errors, let's build
foreach $err (@input_err) { # a string listing the errors
$errstr .= "<li>$err"; # and return it.
}
return "<ul>$errstr</ul>";
}
else {
if ($in{'add_record'}) {
open (PASS, ">>$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
srand( time() ^ ($$ + ($$ << 15)) ); # Seed Random Number
my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
my $encrypted = crypt($in{'pw'}, $salt);
my $permissions = join (":", @auth_signup_permissions);
print PASS "$in{$db_cols[$auth_user_field]}:$encrypted:$permissions:$in{$db_email_field}\n";
close PASS;
}
return "ok"; # no errors, return ok.
}
}

if (lc($in{$db_email_field}) eq lc($email)) {
push(@input_err, "email address already exists.");
}

($auth_user_field >= 0) and ($in{$db_cols[$auth_user_field]} = $db_userid);

$in{'login'} = 1;
$db_uid = "";
$in{'userid'} = $in{$db_cols[$auth_user_field]};

($status, $uid, $per_view, $per_add, $per_del, $per_mod, $per_admin) = &auth_check_password;

if ($status eq "ok") {
$db_script_link_url = "$db_script_url?db=$db_setup&uid=$db_uid";
($db_userid) = $db_uid =~ /([A-Za-z0-9]+)\.\d+/;
}