Ok, I've tried the $in{'pw'} but it isn't working for me. I think the problem may be (just guessing here) that since my users have to fill out an add form (automatically sent to add form after signup_success) with their personal information and the welcome email isn't being sent until the add_success page, the $in{'pw'} isn't picking up the password from the signup form and since it isnt contained in the users.db file, it can't find the password to send. So is there anyway to pull this password into the email notification into the add_sucess page without having the password listed in the db because of security concerns? I hope I'm understanding this right. Can anyone help? Thanks!
Mar 11, 2002, 9:35 AM
User (124 posts)
Mar 11, 2002, 9:35 AM
Post #4 of 30
Views: 9004
Thanks Kellner, I tried that, but it still isn't passing the password value to the add form. I wonder if there is something that can be added in this code:
$in{'login'} = 1;
$db_uid = "";
($status, $uid, $per_view, $per_add, $per_del, $per_mod, $per_admin) = &auth_check_password;
if ($status eq "ok") {
$db_script_link_url = "$db_script_url?db=$db_setup&uid=$db_uid";
($db_userid) = $db_uid =~ /([A-Za-z0-9]+)\.\d+/;
}
&html_add_form;
}
that maybe tells it to pass the newly added password to the add_form when it sends the user there with it? Or something that can be added in the signup_success sub? I'm not exactly sure where the $in{'pw'} line is pulling the password out of, but it isn't in the db file and the one in the default.pass file is encrypted. Maybe I am understanding this wrong or something?
Code:
#Send the new signup to add form without having to login. $in{'login'} = 1;
$db_uid = "";
($status, $uid, $per_view, $per_add, $per_del, $per_mod, $per_admin) = &auth_check_password;
if ($status eq "ok") {
$db_script_link_url = "$db_script_url?db=$db_setup&uid=$db_uid";
($db_userid) = $db_uid =~ /([A-Za-z0-9]+)\.\d+/;
}
&html_add_form;
}
that maybe tells it to pass the newly added password to the add_form when it sends the user there with it? Or something that can be added in the signup_success sub? I'm not exactly sure where the $in{'pw'} line is pulling the password out of, but it isn't in the db file and the one in the default.pass file is encrypted. Maybe I am understanding this wrong or something?
Mar 11, 2002, 1:35 PM
Enthusiast (606 posts)
Mar 11, 2002, 1:35 PM
Post #7 of 30
Views: 9049
The code I gave you tests what values were passed to the script through the signup form - assuming, that is, that html_add_form is called DIRECTLY after the signup. So now we know that no values are there, which is strange. If the script goes through the steps (a) process signup form, (b) signup user, (c) send signed up user directly to html_add_form, then all input values from the signup form should be available to the add form. Either there's something wrong with the form, or with the signup process.
Can you post the code of the signup form?
kellner
Can you post the code of the signup form?
kellner
Mar 11, 2002, 3:12 PM
User (124 posts)
Mar 11, 2002, 3:12 PM
Post #8 of 30
Views: 9025
Ok, I saved a copy of my html_signup, html_signup_success and sub_signup from db.cgi here:
http://www.wdu.net/signup.txt
...just in case you needed more and its easier to read. I snipped alot of the html out so it wouldnt output it as a webpage instead of a text file.
Any help you could give would be appreciated. The signup process works fine, but I guess its something in the backend that is just having problems with the values.
http://www.wdu.net/signup.txt
...just in case you needed more and its easier to read. I snipped alot of the html out so it wouldnt output it as a webpage instead of a text file.
Any help you could give would be appreciated. The signup process works fine, but I guess its something in the backend that is just having problems with the values.
Mar 13, 2002, 5:45 PM
User (124 posts)
Mar 13, 2002, 5:45 PM
Post #9 of 30
Views: 9065
Hi Kellner, just checking in to see if you were able to find anything wrong with my coding? I went back over it too and tried to understand as much of it as I could, but being the Perl novice, I am, I didnt catch anything. Thanks for any help you can give.
Mar 14, 2002, 4:25 AM
User (124 posts)
Mar 14, 2002, 4:25 AM
Post #11 of 30
Views: 9058
Sorry bout that. For some reason, its still showing up as a webpage instead of just a text file, but let me see if I can attach it here:
Thanks!
P.S. Even the attachment still is a little off because of the table in the middle of the page to hold the fields, but if you click on view/source you should be able to see all the coding. Thanks again.
Thanks!
P.S. Even the attachment still is a little off because of the table in the middle of the page to hold the fields, but if you click on view/source you should be able to see all the coding. Thanks again.
Mar 14, 2002, 6:32 AM
User (124 posts)
Mar 14, 2002, 6:32 AM
Post #13 of 30
Views: 8986
Unfortunately that didn't work either. The password field in the email notification is still just blank. It is called correctly as $in{'pw'} and I have the hidden field named in add_form. That test line that you gave me the other day is still coming up blank in the add_form though. Just says TEST Userid: so it obviously is still not passing the values of the fields from the signup? My users.db inputs the username next to the record though, so I guess I just dont quite understand.
This is an example line from my db:
wahm10||Steff||smartino@cfl.rr.com|2394 Sweetwater Blvd||Saint Cloud|FL|34772|USA||
the first value is the username which it got from the signup_form since I dont ask for it in the add_form and the second which is blank is where the password would be.
This is an example line from my db:
wahm10||Steff||smartino@cfl.rr.com|2394 Sweetwater Blvd||Saint Cloud|FL|34772|USA||
the first value is the username which it got from the signup_form since I dont ask for it in the add_form and the second which is blank is where the password would be.
Mar 14, 2002, 7:53 AM
User (124 posts)
Mar 14, 2002, 7:53 AM
Post #15 of 30
Views: 8960
This is the jist of it:
print qq|
<html>
<head>
<title>$html_title: Add a New Record.</title>
</head>
<body background="http://www.wdu.net/images/sfimages/sf_back.jpg" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0">
<FORM ENCTYPE="multipart/form-data" action="$db_script_url?db=users" method="POST">
<input type=hidden name="db" value="$db_setup">
<input type=hidden name="uid" value="$db_uid">
<input type=hidden name="pw" value="$in{'pw'}">
|; &html_record_form (&get_defaults);
foreach my $key (keys %in) { print qq|TEST $key: $in{$key}<br>|;}
print qq|
</font></p>
<p><center> <INPUT TYPE="SUBMIT" NAME="add_record" VALUE="Add Record"> <INPUT TYPE="RESET" VALUE="Reset Form"></center></p>
the rest is just straight html.
Code:
&html_print_headers; print qq|
<html>
<head>
<title>$html_title: Add a New Record.</title>
</head>
<body background="http://www.wdu.net/images/sfimages/sf_back.jpg" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0">
<FORM ENCTYPE="multipart/form-data" action="$db_script_url?db=users" method="POST">
<input type=hidden name="db" value="$db_setup">
<input type=hidden name="uid" value="$db_uid">
<input type=hidden name="pw" value="$in{'pw'}">
|; &html_record_form (&get_defaults);
foreach my $key (keys %in) { print qq|TEST $key: $in{$key}<br>|;}
print qq|
</font></p>
<p><center> <INPUT TYPE="SUBMIT" NAME="add_record" VALUE="Add Record"> <INPUT TYPE="RESET" VALUE="Reset Form"></center></p>
the rest is just straight html.
Mar 14, 2002, 8:28 AM
User (297 posts)
Mar 14, 2002, 8:28 AM
Post #16 of 30
Views: 9044
Just wanted to know something... do you want the email with password to be sent after the user add his record or after he signup for an account? If it's the latter, all you have to do is to put your sendmail codes in the sub signup subroutine, after the lines where the encrypted password is wrotten to the database.
If not, don't know whether this helps but I was wondering, since $in{'pw'} does not seem to be passed on, why don't you try to add this line to the sub signup after the encrypted password is stored in the databse:
$in{'pw'} = $password;
Then where you are printing the line:
<input type=hidden name=pw value=$in{'pw'}>
change it to:
<input type=hidden name=pw value=$password>
Hope this helps.
Julian
If not, don't know whether this helps but I was wondering, since $in{'pw'} does not seem to be passed on, why don't you try to add this line to the sub signup after the encrypted password is stored in the databse:
$in{'pw'} = $password;
Then where you are printing the line:
<input type=hidden name=pw value=$in{'pw'}>
change it to:
<input type=hidden name=pw value=$password>
Hope this helps.
Julian
Mar 14, 2002, 8:51 AM
User (124 posts)
Mar 14, 2002, 8:51 AM
Post #17 of 30
Views: 9027
Thanks for trying Julian, but unfortunately that didnt work either. Maybe this is some kind of stupid user error LOL. But when I put in the $in{'pw'} = $password into the sub_signup in db.cgi, it throws my whole signup out of whack and ignores my lines that tells it to go directly to the add_form after signup. BTW, I am wanting the email notification to be sent out after the user inputs their record in add_form. The way it works is they signup for a username and password in html_signup which writes to the default.pass file and then they get immediately transferred over to the html_add_form to enter in the rest of their information like name, address, email, phone,etc. This gets written to my users.db file. After they click submit and this writes, that is when the email needs to get sent out that includes their username and password. For some reason, I still cant get it to include the password. Just blank.
Mar 14, 2002, 9:01 AM
User (297 posts)
Mar 14, 2002, 9:01 AM
Post #18 of 30
Views: 8977
Oppss... I just saw what went wrong with what I gave you. It's suppose to be $password = $in{'pw'} and NOT the other way round. That was why after you added my codes it went bonkers. Sorry.
I was thinking unless you can rcall the value of $in{'pw'}, there is no way that the user can get the unencrypted password once it gets our of the sub signup. This is because once it goes to a new subroutnie it cannot remember it's previous values.
Julian
I was thinking unless you can rcall the value of $in{'pw'}, there is no way that the user can get the unencrypted password once it gets our of the sub signup. This is because once it goes to a new subroutnie it cannot remember it's previous values.
Julian
Mar 14, 2002, 10:51 AM
Enthusiast (606 posts)
Mar 14, 2002, 10:51 AM
Post #19 of 30
Views: 9054
What puzzles me is this: values of %in should be available throughout the ENTIRE script. They should not be restricted to one particular subroutine - at least this is the case with dbman "out of the box".
But to be on the safe side, try adding this line to the top of html_add_form:
my %in = @_;
and be sure to call html_add_form as "&html_add_form(%in)";
kellner
But to be on the safe side, try adding this line to the top of html_add_form:
my %in = @_;
and be sure to call html_add_form as "&html_add_form(%in)";
kellner
Mar 14, 2002, 11:12 PM
Veteran / Moderator (3034 posts)
Mar 14, 2002, 11:12 PM
Post #20 of 30
Views: 8933
From 'Admin Tidbits' in FAQ posted by Alex:
Passwords are stored encrypted, but you still have access to it once the user is signing up (because it is sent to the script unencrypted). Basically here's the process:
1. User goes to sign up form and enters userid and password.
2. sub signup is run and p/w is in $in{'pw'}.
3. encrypted password is generated and printed to password file.
We still have access to the original password though, and can mail the user (signup success). Once we are done with this request, the password is lost forever.
Alex
It is because of the encryption that it is not available once you get past the signup success sub.
Unoffical DBMan FAQ
http://creativecomputingweb.com/dbman/index.shtml/
Passwords are stored encrypted, but you still have access to it once the user is signing up (because it is sent to the script unencrypted). Basically here's the process:
1. User goes to sign up form and enters userid and password.
2. sub signup is run and p/w is in $in{'pw'}.
3. encrypted password is generated and printed to password file.
We still have access to the original password though, and can mail the user (signup success). Once we are done with this request, the password is lost forever.
Alex
It is because of the encryption that it is not available once you get past the signup success sub.
Unoffical DBMan FAQ
http://creativecomputingweb.com/dbman/index.shtml/
Mar 15, 2002, 2:28 AM
Enthusiast (606 posts)
Mar 15, 2002, 2:28 AM
Post #21 of 30
Views: 9032
LoisC, I don't think that's the problem: the unencrypted password is sent via $in{'pw'}. The authentication script generates the encrypted password and writes it to the password file, but it doesn't delete the value of $in{'pw'}, nor does it change it.
The problem is that the value of $in{'pw'} is not available at a stage where it should be.
kellner
The problem is that the value of $in{'pw'} is not available at a stage where it should be.
kellner
Mar 17, 2002, 4:30 PM
User (124 posts)
Mar 17, 2002, 4:30 PM
Post #22 of 30
Views: 9031
I'm sorry, scratch that last post if you already received it. I mistakenly put that line in add_success instead of add_form. So when I get to add_form, this is what it says at the bottom:
TEST userid: bella25
TEST signup: Create
TEST db: users
TEST pw: martino
but unfortunately still no password showing up in the email. Now, is this a good sign that the TEST pw: line is showing a password in add_form?
Code:
TEST login: 1 TEST userid: bella25
TEST signup: Create
TEST db: users
TEST pw: martino
but unfortunately still no password showing up in the email. Now, is this a good sign that the TEST pw: line is showing a password in add_form?
Mar 18, 2002, 5:07 AM
Enthusiast (606 posts)
Mar 18, 2002, 5:07 AM
Post #23 of 30
Views: 8990
Great. Now we know that the value of "pw" is present in sub html_add_form. Do you have a hidden input field on the add form which passes on the value of "pw"? Like "<input type="hidden" name="pw" value="$in{'pw'}">"? If not, create one, and try running the same "print TEST ...." routine that you now have in html_add_form in add_success.
kellner
kellner
Mar 18, 2002, 12:51 PM
User (124 posts)
Mar 18, 2002, 12:51 PM
Post #24 of 30
Views: 8915
Ok, maybe this is where the problem is mainly. The hidden pw field was already in the add_form sub, but when I add the test line into add_success, it recognizes the userID, but nothing else. The line reads TEST UserID: wahm101. So for some reason, it looks like the other values are not being carried over to add_success even though they are in the add_form. Weird??
Oh, BTW, this is the coding from html_add_success. Not sure if this needs to be changed or if it would be something in db.cgi.
&html_record(%rec);
Oh, BTW, this is the coding from html_add_success. Not sure if this needs to be changed or if it would be something in db.cgi.
Code:
%rec=&get_record($in{$db_key}); &html_record(%rec);