Gossamer Forum
Home : Products : DBMan SQL : Discussion :

Re: [ltillner] upgrade from dbman to dbmansql 1

Quote Reply
Re: [ltillner] upgrade from dbman to dbmansql 1 In reply to
Modified sub signup (for the secure password lookup mod).

I noticed a few problems with the signup subroutine:

1. Emails were sent out with username & generated passwords, no matter what.

2. The previous mod didn't check for duplicate emails.

3. Logging in with username not on file logged you in without any permissions. The fix for that can be found by searching the forums for "login" (should be the first one that comes up). There's a couple of things to change in the auth.pl file.

Replace original sub signup routine with this:

sub signup {
# --------------------------------------------------------
# Allows a user to sign up without admin approval. Must have $auth_signup = 1
# set. The user gets @default_permissions.
#
my ($message,$userid, $pw, $view, $add, $del, $mod, $admin, $email, $password);

# Check to make sure userid is ok, pw ok, and userid is unique.
unless ((length($in{'userid'}) >= 3) and (length($in{'userid'}) <= 20) and ($in{'userid'} =~ /^[a-zA-Z0-9]+$/)) {
$message = "Invalid userid: $in{'userid'}. Must only contain only letters and be less then 20 and greater then 3 characters.";
}

unless ($in{'email'} =~ /.+\@.+\..+/) {
$message = "Invalid email address format: '$in{'email'}'.";
}


if ($message) {
&html_signup_form($message);
return;
}

my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
$in{'pw'} = crypt($in{'pw'}, join '', @salt_chars[rand 64, rand 64]);

my $username_q = $DBH->quote($in{'userid'});
$in{'pw'} = &generate_password;
my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
my $encrypted = crypt($in{'pw'}, $salt);
my $password_q = $DBH->quote($encrypted);
my $email_q = $DBH->quote($in{'email'});
my $permission = join (",", @auth_signup_permissions);

$query = qq!
SELECT * FROM $db_table_user
WHERE username = $username_q OR Email = $email_q
!;
my $sth = $DBH->prepare ($query) or &cgierr("Unable to query database. Reason: $DBI::errstr. Query: $query");
$sth->execute or &cgierr("Unable to query database. Reason: $DBI::errstr. Query: $query");
if ($sth->rows) {
$message = "Username or email address already exists. Please try another.";
}

else {


$query = qq!
INSERT INTO $db_table_user (username, password, Email, per_view, per_add, per_del, per_mod, per_admin)
VALUES ($username_q, $password_q, $email_q, $permission)
!;
$DBH->do ($query) or ($message = "Username $username_q already exists. Please try another.");


open (MAIL, "$mailprog") || &cgierr("Can't start mail program");
print MAIL "To: $in{'email'}\n";
print MAIL "From: $admin_email\n";
print MAIL "Subject: $html_title Account Created\n\n";
print MAIL "-" x 75 . "\n\n";
print MAIL "Your account at $html_title has been created.\n\n";
print MAIL "Your $html_title User ID is: $in{'userid'}\n";
print MAIL "Your $html_title password is: $in{'pw'}\n\n";
print MAIL "Please keep this email for future reference.\n\n";
print MAIL "To log on, go to\n\n";
print MAIL "$db_script_url?db=$db_setup\n";
print MAIL "and enter your User ID and password.\n\n";
print MAIL "Please contact $html_title support at: $admin_email\n";
print MAIL "if you have any questions.\n\n";
close (MAIL);

}
$sth->finish;

$message ?
&html_signup_form ($message) :
&html_signup_success();
}


NOTE: I wasn't sure how to get it to work to show either username or e-mail address already exsists, so at this time it displays this message:

"Username or email address already exists. Please try another."

There's probably something that can be done different with this:

SELECT * FROM $db_table_user
WHERE username = $username_q OR Email = $email_q
my $sth = $DBH->prepare ($query) or &cgierr("Unable to query database. Reason: $DBI::errstr. Query: $query");
$sth->execute or &cgierr("Unable to query database. Reason: $DBI::errstr. Query: $query");
if ($sth->rows) {
$message = "Username or email address already exists. Please try another.";
}

This seems to work for checking for duplicates for either username or email, so I guess as long as it's doing that, then no worries.

I still plan on working on the "change email", "change password", "private mailer" and "Validate Records" mods. Maybe eventually these mods can be added somewhere so it'll be easier to find the changes. Wink *hint hint*


DBMan SQL Version 1 mods available at:
http://dbmansqlmods.rainbowroomies.com
(Mods based on JPDeni's original mods.)

Last edited by:

shann123: Mar 2, 2004, 3:25 AM
Subject Author Views Date
Thread upgrade from dbman to dbmansql 1 shann123 12373 Jan 19, 2004, 5:06 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
ltillner 12156 Jan 22, 2004, 1:37 PM
Thread Re: [ltillner] upgrade from dbman to dbmansql 1
shann123 12209 Jan 22, 2004, 2:18 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 12167 Jan 23, 2004, 6:08 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 12188 Jan 24, 2004, 6:52 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 12143 Jan 24, 2004, 7:08 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 12142 Jan 25, 2004, 4:50 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
ltillner 12168 Jan 26, 2004, 8:37 AM
Thread Re: [ltillner] upgrade from dbman to dbmansql 1
shann123 12135 Jan 26, 2004, 1:08 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 12146 Jan 27, 2004, 4:58 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 12129 Jan 27, 2004, 6:48 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 12121 Jan 30, 2004, 10:06 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
timbo 12092 Feb 5, 2004, 11:13 AM
Post Re: [timbo] upgrade from dbman to dbmansql 1
shann123 12089 Feb 8, 2004, 12:10 AM
Thread Re: [timbo] upgrade from dbman to dbmansql 1
ltillner 12081 Feb 10, 2004, 11:24 AM
Thread Re: [ltillner] upgrade from dbman to dbmansql 1
shann123 11989 Mar 2, 2004, 3:21 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 11996 Mar 2, 2004, 5:54 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 11969 Mar 3, 2004, 2:23 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 11940 Mar 3, 2004, 6:35 PM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 11956 Mar 4, 2004, 4:36 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 11952 Mar 6, 2004, 8:17 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 11933 Mar 7, 2004, 7:20 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 11959 Mar 8, 2004, 4:37 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 11947 Mar 10, 2004, 10:24 AM
Thread Re: [shann123] upgrade from dbman to dbmansql 1
shann123 11912 Mar 11, 2004, 11:59 AM
Post Re: [shann123] upgrade from dbman to dbmansql 1
shann123 1712 Mar 16, 2004, 5:44 AM