I think I have this worked out. It's really just a matter of doing things in different order.
Set up the authorization in your .cfg file as follows:
$db_key = '
the name of your userid field';
$db_key_track = 0;
$auth_no_authentication = 0;
$auth_allow_default = 1;
@auth_default_permissions = (1,1,0,0,0);
$auth_signup = 0;
@auth_signup_permissions = (1,0,1,1,0);
$auth_modify_own = 1;
$auth_user_field =
the number of your userid field;
Be sure to have a field for the user's email address. Set the "valid expr" portion of the field definition to
'.+\@.+\..+'
Add the following line to your .cfg file:
$db_email_field = '
name of your email address field';
Make sure you have a field on your "add" form named
pw for the entry of a password.
You will probably want to have one form for adding and another one for searching and modifying, with the latter one not having the password field.
[After I posted this, I realized that I had more in here than was necessary.]
Replace sub validate_record with the following:
Code:
sub validate_record {
# --------------------------------------------------------
# Verifies that the information passed through the form and stored
# in %in matches a valid record. It checks first to see that if
# we are adding, that a duplicate ID key does not exist. It then
# checks to see that fields specified as not null are indeed not null,
# finally it checks against the reg expression given in the database
# definition.
my ($col, @input_err, $errstr, $err, $line, @lines, @data);
my ($userid, $pw, $view, $add, $del, $mod, $admin, $email);
if ($in{'add_record'}) { # don't need to worry about duplicate key if modifying
open (DB, "<$db_file_name") or &cgierr("error in validate_records. unable to open db file: $db_file_name.\nReason: $!");
if ($db_use_flock) { flock(DB, 1); }
LINE: while (<DB> ) {
(/^#/) and next LINE;
(/^\s*$/) and next LINE;
$line = $_; chomp ($line);
@data = &split_decode($line);
if ($data[$db_key_pos] eq $in{$db_key}) {
push(@input_err, "userid already in use -- try another");
}
}
close DB;
unless ((length($in{$db_key}) >= 3) and (length($in{$db_key}) <= 12) and ($in{$db_key} =~ /^[a-zA-Z0-9]+$/)) {
push(@input_err, "Invalid userid: $in{'userid'}. Must only contain only letters and be less then 12 and greater then 3 characters.");
}
unless ((length($in{'pw'}) >= 3) and (length($in{'pw'}) <= 12)) {
push(@input_err, "Invalid pw: '$in{'pw'}'. Must be less then 12 and greater then 3 characters.");
}
open (PASSWD, "<$auth_pw_file") or &cgierr("unable to open password file. Reason: $!\n");
@passwds = <PASSWD>;
close PASSWD;
foreach $pass (@passwds) { # Go through each pass and see if we match..
next if ($pass =~ /^$/); # Skip blank lines.
next if ($pass =~ /^#/); # Skip Comment lines.
chomp ($pass);
($userid, $pw, $view, $add, $del, $mod, $admin, $email) = split (/:/, $pass);
if (lc($in{$db_email_field}) eq lc($email)) {
push(@input_err, "email address already exists.");
}
}
}
foreach $col (@db_cols) {
if ($in{$col} =~ /^\s*$/) { # entry is null or only whitespace
($db_not_null{$col}) and # entry is not allowed to be null.
push(@input_err, "$col (Can not be left blank)"); # so let's add it as an error
}
else { # else entry is not null.
($db_valid_types{$col} && !($in{$col} =~ /$db_valid_types{$col}/)) and
push(@input_err, "$col (Invalid format)"); # but has failed validation.
(length($in{$col}) > $db_lengths{$col}) and
push (@input_err, "$col (Too long. Max length: $db_lengths{$col})");
if ($db_sort{$col} eq "date") {
push (@input_err, "$col (Invalid date format)") unless &date_to_unix($in{$col});
}
}
}
if ($#input_err+1 > 0) { # since there are errors, let's build
foreach $err (@input_err) { # a string listing the errors
$errstr .= "<li>$err"; # and return it.
}
return "<ul>$errstr</ul>";
}
else {
if ($in{'add_record'}) {
open (PASS, ">>$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
srand( time() ^ ($$ + ($$ << 15)) ); # Seed Random Number
my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
my $encrypted = crypt($in{'pw'}, $salt);
my $permissions = join (":", @auth_signup_permissions);
print PASS "$in{$db_cols[$auth_user_field]}:$encrypted:$permissions:$in{$db_email_field}\n";
close PASS;
}
return "ok"; # no errors, return ok.
}
}
Note that you will not be able to use this db.cgi file or any other databases that you might want to add to your site.
------------------
JPD
[This message has been edited by JPDeni (edited April 15, 2000).]