Ok, I've tried the $in{'pw'} but it isn't working for me. I think the problem may be (just guessing here) that since my users have to fill out an add form (automatically sent to add form after signup_success) with their personal information and the welcome email isn't being sent until the add_success page, the $in{'pw'} isn't picking up the password from the signup form and since it isnt contained in the users.db file, it can't find the password to send. So is there anyway to pull this password into the email notification into the add_sucess page without having the password listed in the db because of security concerns? I hope I'm understanding this right. Can anyone help? Thanks!

You could add a hidden input field to the add form.

<input type="hidden" name="pw" value="$in{'pw'}">
kellner

Thanks Kellner, I tried that, but it still isn't passing the password value to the add form. I wonder if there is something that can be added in this code:


that maybe tells it to pass the newly added password to the add_form when it sends the user there with it? Or something that can be added in the signup_success sub? I'm not exactly sure where the $in{'pw'} line is pulling the password out of, but it isn't in the db file and the one in the default.pass file is encrypted. Maybe I am understanding this wrong or something?

In html_add_form, try adding this code somewhere in between all the "print"-statements you have there:

foreach my $key (keys %in) { print qq|TEST $key: $in{$key}<br>|;}

Please post what gets printed.
kellner

On the add_form it only says "TEST UserID:" No values filled out or anything. I assume that this is just testing to see what the key field is which is correct, but how will this affect the password being passed to the form?

The code I gave you tests what values were passed to the script through the signup form - assuming, that is, that html_add_form is called DIRECTLY after the signup. So now we know that no values are there, which is strange. If the script goes through the steps (a) process signup form, (b) signup user, (c) send signed up user directly to html_add_form, then all input values from the signup form should be available to the add form. Either there's something wrong with the form, or with the signup process.

Can you post the code of the signup form?
kellner

Ok, I saved a copy of my html_signup, html_signup_success and sub_signup from db.cgi here:

http://www.wdu.net/signup.txt

...just in case you needed more and its easier to read. I snipped alot of the html out so it wouldnt output it as a webpage instead of a text file.

Any help you could give would be appreciated. The signup process works fine, but I guess its something in the backend that is just having problems with the values.

Hi Kellner, just checking in to see if you were able to find anything wrong with my coding? I went back over it too and tried to understand as much of it as I could, but being the Perl novice, I am, I didnt catch anything. Thanks for any help you can give.

I can't connect to the URL you gave me; I'm getting errors like "the page is currently not available", so I couldn't look at your code yet.
kellner

Sorry bout that. For some reason, its still showing up as a webpage instead of just a text file, but let me see if I can attach it here:



Thanks!


P.S. Even the attachment still is a little off because of the table in the middle of the page to hold the fields, but if you click on view/source you should be able to see all the coding. Thanks again.

Try calling "&html_add_form(%in);" instead of "&html_add_form;" Maybe this helps.
kellner

Unfortunately that didn't work either. The password field in the email notification is still just blank. It is called correctly as $in{'pw'} and I have the hidden field named in add_form. That test line that you gave me the other day is still coming up blank in the add_form though. Just says TEST Userid: so it obviously is still not passing the values of the fields from the signup? My users.db inputs the username next to the record though, so I guess I just dont quite understand.

This is an example line from my db:

wahm10||Steff||smartino@cfl.rr.com|2394 Sweetwater Blvd||Saint Cloud|FL|34772|USA||

the first value is the username which it got from the signup_form since I dont ask for it in the add_form and the second which is blank is where the password would be.

OK, next try. Can you post html_add_form?
kellner

This is the jist of it:


the rest is just straight html.

Just wanted to know something... do you want the email with password to be sent after the user add his record or after he signup for an account? If it's the latter, all you have to do is to put your sendmail codes in the sub signup subroutine, after the lines where the encrypted password is wrotten to the database.

If not, don't know whether this helps but I was wondering, since $in{'pw'} does not seem to be passed on, why don't you try to add this line to the sub signup after the encrypted password is stored in the databse:

$in{'pw'} = $password;

Then where you are printing the line:
<input type=hidden name=pw value=$in{'pw'}>
change it to:
<input type=hidden name=pw value=$password>

Hope this helps.
Julian

Thanks for trying Julian, but unfortunately that didnt work either. Maybe this is some kind of stupid user error LOL. But when I put in the $in{'pw'} = $password into the sub_signup in db.cgi, it throws my whole signup out of whack and ignores my lines that tells it to go directly to the add_form after signup. BTW, I am wanting the email notification to be sent out after the user inputs their record in add_form. The way it works is they signup for a username and password in html_signup which writes to the default.pass file and then they get immediately transferred over to the html_add_form to enter in the rest of their information like name, address, email, phone,etc. This gets written to my users.db file. After they click submit and this writes, that is when the email needs to get sent out that includes their username and password. For some reason, I still cant get it to include the password. Just blank.

Oppss... I just saw what went wrong with what I gave you. It's suppose to be $password = $in{'pw'} and NOT the other way round. That was why after you added my codes it went bonkers. Sorry.

I was thinking unless you can rcall the value of $in{'pw'}, there is no way that the user can get the unencrypted password once it gets our of the sub signup. This is because once it goes to a new subroutnie it cannot remember it's previous values.
Julian

What puzzles me is this: values of %in should be available throughout the ENTIRE script. They should not be restricted to one particular subroutine - at least this is the case with dbman "out of the box".

But to be on the safe side, try adding this line to the top of html_add_form:

my %in = @_;

and be sure to call html_add_form as "&html_add_form(%in)";
kellner

From 'Admin Tidbits' in FAQ posted by Alex:

Passwords are stored encrypted, but you still have access to it once the user is signing up (because it is sent to the script unencrypted). Basically here's the process:

1. User goes to sign up form and enters userid and password.
2. sub signup is run and p/w is in $in{'pw'}.
3. encrypted password is generated and printed to password file.

We still have access to the original password though, and can mail the user (signup success). Once we are done with this request, the password is lost forever.

Alex

It is because of the encryption that it is not available once you get past the signup success sub.

Unoffical DBMan FAQ

http://creativecomputingweb.com/dbman/index.shtml/

LoisC, I don't think that's the problem: the unencrypted password is sent via $in{'pw'}. The authentication script generates the encrypted password and writes it to the password file, but it doesn't delete the value of $in{'pw'}, nor does it change it.

The problem is that the value of $in{'pw'} is not available at a stage where it should be.
kellner

I'm sorry, scratch that last post if you already received it. I mistakenly put that line in add_success instead of add_form. So when I get to add_form, this is what it says at the bottom:


but unfortunately still no password showing up in the email. Now, is this a good sign that the TEST pw: line is showing a password in add_form?

Great. Now we know that the value of "pw" is present in sub html_add_form. Do you have a hidden input field on the add form which passes on the value of "pw"? Like "<input type="hidden" name="pw" value="$in{'pw'}">"? If not, create one, and try running the same "print TEST ...." routine that you now have in html_add_form in add_success.
kellner

Ok, maybe this is where the problem is mainly. The hidden pw field was already in the add_form sub, but when I add the test line into add_success, it recognizes the userID, but nothing else. The line reads TEST UserID: wahm101. So for some reason, it looks like the other values are not being carried over to add_success even though they are in the add_form. Weird??

Oh, BTW, this is the coding from html_add_success. Not sure if this needs to be changed or if it would be something in db.cgi.

Could you post the sub add_record from db.cgi and the sub html_add_success from html.pl, please?
kellner