Hi
I am a novice and so far i have done well with customising dbman, but I want people to use their email address as the user ID, to allow this I have added \.\@\-\_ and changed the amount of characters from 12 to 40 in the db.cgi

but when you get to the main menu and click on any of the following add, view, delete, modify, list all i get

Error: Unauthorized Action

The database program received a command that you are not authorized for.

the permissions are View Add Delete and Modify


What have I missed or why will it not work, If the person uses anything but an email address it works I have listed what I have changed in the db.cgi


In the sub main

elsif ($in{'logoff'}) { &auth_logging('logged off') if ($auth_logging); (-e "$auth_dir/$db_uid") and ($db_uid =~ /^[\A-Za-z0-9\.\@\-\_]+\.\d+$/) and unlink ("$auth_dir/$db_uid");



# Set the script link URL with db and user info for links. Use $db_script_url for forms.
$db_script_link_url = "$db_script_url?db=$db_setup&uid=$db_uid";
if ($uid eq "default") { $db_userid = $uid; }
else { ($db_userid) = $db_uid =~ /([A-Za-z0-9\.\@\-\_]+)\.\d+/; }





In the sub admin_display


$in{'new_username'} and do {
unless ((length($in{'new_username'}) >= 3) and (length($in{'new_username'}) <= 40) and ($in{'new_username'} =~ /^[a-zA-Z0-9\.\@\-\_]+$/)) {
$message = "Invalid username: $in{'new_username'}. Must only contain letters and numbers and be less then 40 and greater then 3 characters.";
last CASE;


In the sub signup

unless ((length($in{'userid'}) >= 3) and (length($in{'userid'}) <= 40) and ($in{'userid'} =~ /^[a-zA-Z0-9\.\@\-\_]+$/)) {
$message = "Invalid userid: $in{'userid'}. Must only contain only letters and be less then 40 and greater then 3 characters.";

I did solve it, i forgot to alter the auth.pl to include \.\@\-\_

To all those concerned:

Hi again, after all these years. We discussed email address as userid in another post at this forum and I seem to remember that the mod worked the way you put it in this post. However, when applying this code now, it doesn't work anymore. It is ok to login but after that, DBMan doesn't recognize the email address as the userid.

Now, I think this could have to do with the session number displayed in the URL as http://URL/etcetera?databasename&etcetera&email@emailaddress.com.123456789.etcetera

Is it possible that the code doesn't recognize the dot (.) because there suddenly are two dots in the URL?

Regards
Csky (who lost his old login information and now logs as seasky)

I've never used the email address as the UserID but I'm wondering if you changed your .cfg file to show the field where the email address is located.

$auth_user_field = 1;

Unoffical DBMan FAQ

http://creativecomputingweb.com/dbman/index.shtml/

Thanks, Lois, for your reply.

That solution wouldn't work, because these email addresses entered in the email field of the database are not (or do not have to be) identical with the username email in the password file (at least not in my modified set of DBMan).

So, regretably, the $auth_user_field is not a solution.

As mentioned in my earlier post, everything has done according to the discussion held a few years ago at this forum. Also the URL that transfers the parameters shows the email address as it should (according to my last post). I think a change in the code regarding the dot (.) could be a solution, but I only found one dot that is processed, it's the dot following $userid: "$userid." in auth.pl at the following line:

$db_uid = "$userid." . time() . (int(rand(100000)) + 1);# Build User Id

As I understand this line generates part of the URL that holds the information of what should be done when loading the various pages:

"$userid." contains the USER ID
time() holds the actual time of when the login happens and it also determines the session timeout
and finally int(rand) generates the session ID

Together with the parameters of fields to be searched and other search criteria the URL makes DBMan transfer data from one page to another.

Unfortunately I haven't found the code where the dot is identified to separate USER ID, TIME and SESSION ID, but I am quite certain that the problem lies there, because I think that DBMan can't make the difference between the dot in the email address and the dot that separates "$userid." and time()

I am sure somebody with advanced programming skills and/or knowledge of DBMan can easily find a solution, whether I might be wrong or right with my assumptions above.

Maybe you are the one?

Kindest regards
SeaSky

My suggestion would be to search in the DBMan FAQ.

I am not a programmer and my knowledge of this script comes from creating the FAQ and reading all the posts. But I have to look up often how to do things and then see if I can tweak the functions using tips or tricks found in other threads when I want to change things.

I am in the middle of a project and trying to get a few things going, but did search a little in the FAQ. I found the original thread that was posted here above.

In this code:

$db_uid = "$userid." . time() . (int(rand(100000)) + 1);# Build User Id

why is there a dot after $userid before the quotes? Could that be the problem?

Have you tried using:

$db_uid = "$userid" . time() . (int(rand(100000)) + 1);# Build User Id

Sorry, it's beyond my knowledge. But I do know there are other posts regarding using the email address as a login, so those might help to find a solution.

Unoffical DBMan FAQ

http://creativecomputingweb.com/dbman/index.shtml/

I guess the dot is because of detection of the separation between username and timecode.

Yes, I have read them all, even participated in them earlier, so there is no solution in those.

But I'll wait, somebody might read this post one of these days.

Thanks, Lois, for your concern.

/SeaSky

I finally found this: http://www.gossamer-threads.com/...gi?post=55252#p55252 written by JPD, although I do not quite agree...

@ works fine in URL's and I do not think that the authorization process must be COMPLETELY rewritten. I assume only the dot-problem has to be solved.

/SeaSky

I used the email address a long time ago and it works with the dot(s) in address.. I really don't remember what it took but it still works for me (see example):

http://www.myurl.com/cgi-bin/app/db.cgi?db=default&uid=mike.watts@myurl.com.121683608547218&add_form=1&type=personal&AppType=B1L1P1

I'll be more than happy to provide modified subs if you want to compare them - you'll have to give me specific subs you want to look at and compare since I honestly cannot remember
what's been changed/hacked and what hasn't. This was like 8 years ago, but the db still works. Haven't tried any "weird" characters like underscores or so though.

<edit>Attached mod that I used to allow periods in usernames (though it looks like it was mentioned above)</edit>

Thank you, Watts and Lois!

The big mistake was in an entirely other part of the code. Still, I found it thanks to your dedication (and of course due to my persistance in finding the error).

Short explanation: The code discussed by us and others about 8 years ago still worked without problems at my place as well, although I thought the error was there.

Since that time I had added a textfile containing the user's time limit to being able to add records. It was the left index($sentence, $word) that mistakably was used instead of the right rindex($sentence, $word) in finding the dot in the transmitted email address (since with email addresses now there is not only one dot, but at least 2 or more dots in the userid transmitted in the URL.

The error messages made me finally find the right place to making changes. Again, thanks!