Gossamer Forum
(Advanced Search)
for
Home : Products : DBMan SQL : Discussion :

Re: [ltillner] upgrade from dbman to dbmansql 1

Mar 2, 2004, 3:21 AM
shann123
User (86 posts)
Mar 2, 2004, 3:21 AM
Views: 15703
Shortcut
Quote Reply
Re: [ltillner] upgrade from dbman to dbmansql 1 In reply to
Modified sub signup (for the secure password lookup mod).

I noticed a few problems with the signup subroutine:

1. Emails were sent out with username & generated passwords, no matter what.

2. The previous mod didn't check for duplicate emails.

3. Logging in with username not on file logged you in without any permissions. The fix for that can be found by searching the forums for "login" (should be the first one that comes up). There's a couple of things to change in the auth.pl file.

Replace original sub signup routine with this:

sub signup {
# --------------------------------------------------------
# Allows a user to sign up without admin approval. Must have $auth_signup = 1
# set. The user gets @default_permissions.
#
my ($message,$userid, $pw, $view, $add, $del, $mod, $admin, $email, $password);

# Check to make sure userid is ok, pw ok, and userid is unique.
unless ((length($in{'userid'}) >= 3) and (length($in{'userid'}) <= 20) and ($in{'userid'} =~ /^[a-zA-Z0-9]+$/)) {
$message = "Invalid userid: $in{'userid'}. Must only contain only letters and be less then 20 and greater then 3 characters.";
}

unless ($in{'email'} =~ /.+\@.+\..+/) {
$message = "Invalid email address format: '$in{'email'}'.";
}


if ($message) {
&html_signup_form($message);
return;
}

my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
$in{'pw'} = crypt($in{'pw'}, join '', @salt_chars[rand 64, rand 64]);

my $username_q = $DBH->quote($in{'userid'});
$in{'pw'} = &generate_password;
my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
my $encrypted = crypt($in{'pw'}, $salt);
my $password_q = $DBH->quote($encrypted);
my $email_q = $DBH->quote($in{'email'});
my $permission = join (",", @auth_signup_permissions);

$query = qq!
SELECT * FROM $db_table_user
WHERE username = $username_q OR Email = $email_q
!;
my $sth = $DBH->prepare ($query) or &cgierr("Unable to query database. Reason: $DBI::errstr. Query: $query");
$sth->execute or &cgierr("Unable to query database. Reason: $DBI::errstr. Query: $query");
if ($sth->rows) {
$message = "Username or email address already exists. Please try another.";
}

else {


$query = qq!
INSERT INTO $db_table_user (username, password, Email, per_view, per_add, per_del, per_mod, per_admin)
VALUES ($username_q, $password_q, $email_q, $permission)
!;
$DBH->do ($query) or ($message = "Username $username_q already exists. Please try another.");


open (MAIL, "$mailprog") || &cgierr("Can't start mail program");
print MAIL "To: $in{'email'}\n";
print MAIL "From: $admin_email\n";
print MAIL "Subject: $html_title Account Created\n\n";
print MAIL "-" x 75 . "\n\n";
print MAIL "Your account at $html_title has been created.\n\n";
print MAIL "Your $html_title User ID is: $in{'userid'}\n";
print MAIL "Your $html_title password is: $in{'pw'}\n\n";
print MAIL "Please keep this email for future reference.\n\n";
print MAIL "To log on, go to\n\n";
print MAIL "$db_script_url?db=$db_setup\n";
print MAIL "and enter your User ID and password.\n\n";
print MAIL "Please contact $html_title support at: $admin_email\n";
print MAIL "if you have any questions.\n\n";
close (MAIL);

}
$sth->finish;

$message ?
&html_signup_form ($message) :
&html_signup_success();
}


NOTE: I wasn't sure how to get it to work to show either username or e-mail address already exsists, so at this time it displays this message:

"Username or email address already exists. Please try another."

There's probably something that can be done different with this:

SELECT * FROM $db_table_user
WHERE username = $username_q OR Email = $email_q
my $sth = $DBH->prepare ($query) or &cgierr("Unable to query database. Reason: $DBI::errstr. Query: $query");
$sth->execute or &cgierr("Unable to query database. Reason: $DBI::errstr. Query: $query");
if ($sth->rows) {
$message = "Username or email address already exists. Please try another.";
}

This seems to work for checking for duplicates for either username or email, so I guess as long as it's doing that, then no worries.

I still plan on working on the "change email", "change password", "private mailer" and "Validate Records" mods. Maybe eventually these mods can be added somewhere so it'll be easier to find the changes. Wink *hint hint*


DBMan SQL Version 1 mods available at:
http://dbmansqlmods.rainbowroomies.com
(Mods based on JPDeni's original mods.)

Last edited by:

shann123: Mar 2, 2004, 3:25 AM
Subject Author Views Date
Thread upgrade from dbman to dbmansql 1 shann123 16141 Jan 19, 2004, 5:06 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1 		ltillner 15871 Jan 22, 2004, 1:37 PM
Thread Re: [ltillner] upgrade from dbman to dbmansql 1 		shann123 15919 Jan 22, 2004, 2:18 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1 		shann123 15874 Jan 23, 2004, 6:08 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1 		shann123 15897 Jan 24, 2004, 6:52 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1 		shann123 15850 Jan 24, 2004, 7:08 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1 		shann123 15859 Jan 25, 2004, 4:50 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1 		ltillner 15878 Jan 26, 2004, 8:37 AM
Thread Re: [ltillner] upgrade from dbman to dbmansql 1 		shann123 15845 Jan 26, 2004, 1:08 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1 		shann123 15854 Jan 27, 2004, 4:58 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1 		shann123 15835 Jan 27, 2004, 6:48 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1 		shann123 15829 Jan 30, 2004, 10:06 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1 		timbo 15792 Feb 5, 2004, 11:13 AM
Post Re: [timbo] upgrade from dbman to dbmansql 1 		shann123 15797 Feb 8, 2004, 12:10 AM
Thread Re: [timbo] upgrade from dbman to dbmansql 1 		ltillner 15790 Feb 10, 2004, 11:24 AM
Thread Re: [ltillner] upgrade from dbman to dbmansql 1 		shann123 15703 Mar 2, 2004, 3:21 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1 		shann123 15698 Mar 2, 2004, 5:54 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1 		shann123 15676 Mar 3, 2004, 2:23 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1 		shann123 15642 Mar 3, 2004, 6:35 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1 		shann123 15658 Mar 4, 2004, 4:36 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1 		shann123 15659 Mar 6, 2004, 8:17 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1 		shann123 15640 Mar 7, 2004, 7:20 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1 		shann123 15663 Mar 8, 2004, 4:37 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1 		shann123 15653 Mar 10, 2004, 10:24 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1 		shann123 15613 Mar 11, 2004, 11:59 AM
Post Re: [shann123] upgrade from dbman to dbmansql 1 		shann123 2303 Mar 16, 2004, 5:44 AM