Crowe,
I've implemented your script for the modify.cgi script. I did it a bit differently that you suggested, though.

Rather than create the duplicate of db_utils.pl, I put your two subroutines in modify.cgi, and I renamed them. Then I searched the script for any calls to those 2 subroutines and changed the names of them there too. (Only 3 replacements total) This way I have less duplication than if I duplicate all of db_utils.pl

Works like a dream. Thanks much for the code. One thing for anyone else who is interested in Crowe's code, UBB screwed up and where ever Crowe type pipe pipe, UBB displayed it as pipe space pipe, which causes the script to return a 500 error. Luckily I remembered Alex mentioning this UBB bug before.

I will update the zip file on the links mods page to include this.

Thanks Crowe!

Phoenix

 
Cool.. I was going to try that too! I really like the modify code.. I was going to add a little header/footer routine to have external header/footer files so that its easier to customize it to each site

I'll be sure to send you an mods I make to it.. I really like your modify script.

E-mail me so I can e-mail you!
crowe@darkspiral.com

------------------
The Crowe crowe@darkspiral.com
www.darkspiral.com
www.lit.org

Hi Guys,

After Phoenix posted the original modify.cgi, I know there were other modifications done to the file by others. I was wondering if the zip file is updated. I have a download of the original fiel posted by Phoenix, but have not installed it because I have modified all my scripts to a certain extent and from the download (new modify.cgi) I have no clue what are the new additions to the original file. I have to go through the file and see what was added. So, before doing that I wanted to check and see if the update is available. If so, I will download the file again.

Thanks for your reply.

socrates:

The File in the resource center is current ( as of the 14th ) with all the mods. We are working on an extra step in the security of the password part but it is taking a while, one of us will post the solution when we get it.. It is currently as complete as can be

Crowe

------------------
The Crowe crowe@darkspiral.com
www.darkspiral.com
www.lit.org

Great, thanks for your reply. Will look forward for the update.

Rock On!

I have the download of the old copy and tried to install it. The problem is that when the page is loaded ie when call the 'modify.cgi" the page that is returned does not return any filed for the password to be entered.

Only the text shows up "Password the form field is missing)" followed by if you forgot your password blah balh.

I checked the modify.cgi and see there no "Action" item for the form and hence the missing field/form.

===========
print qq|
<BR>
<$font>
<P>Enter your password to modify your listing.</p>
<font face="verdana,arial,helvetica" size="2">Password:</font><input type=text name="keyword" value="" size="40" maxlength="150">
<INPUT TYPE="Hidden" NAME="mh" VALUE="10">
<INPUT TYPE="Hidden" NAME="sb" VALUE="0">
<INPUT TYPE="Hidden" NAME="so" VALUE="ascend">
<p><center> <INPUT TYPE="SUBMIT" NAME="modify_form" VALUE="Enter"></center></p>
</form>
</td></tr>
<TR><TD BGCOLOR="#9999CC">
<form ACTION="password.cgi" METHOD="POST">
<$font>
<B>Forget your password?</B> Enter your email address in the space below and we it will be emailed to you.<BR>
===============

So, I went back to download the new version posted on the 14th and found this:

"Do not try to use e-mail address as the password... it won't work."

QUESTION: Now, if email is not the password, what exactly is the password supposed to be?

Also, in the modified version description I noted that - " Updated 14 April 1999 to include modifications by Crowe Crowe's additions cause the user's modification form to appear with system fields in uneditable text rather than in form fields."

QUESTION: So, will they be able to modify only certain fields as opposed to all the fields before?

Thanks for your reply.

UBB modified my code. That "irritating face" expression is not something I put in. Don't misunderstand me.

Socrates,

Actually the form method is there, but it is in the form of a variable. Are you using Netscape? There is a bug in Netscape where sometimes it doesn't show all the form fields. If you minimize the browser window and then restore it, you will probably be able to see the form field. I have this problem in Netscape all the time, all over the web. I'm not sure if IE has the same display problem because I don't use it that much.

To use this mod, you have to add a password field to your links database and on the user's Add form, you have to allow them to input a password of their choice.

Crowe's modifications make it impossible for users to modify things like the ID#, the Rating of their link, the isNew and isPopular, etc... the things you don't want them to modify anyway. Actually they couldn't modify those with the first release, but it showed those values in form fields anyway. Crowes changes make it more clear what a user is or is not allowed to modify.

Hope this helps.

Phoenix

[This message has been edited by phoenix (edited April 16, 1999).]

Phoenix,

Thanks for your reply. Yes, I am using Netscape 4.08-I hate explorer and only have a 3.0 version to make sure my pages look ok. I have not installed another version, since it screwed my whole setup and eventually crashed my harddisk. Here are a couple more questions:

The password field is already defined in my database (I had done it beforehand). However, I have all the records in my database without a specified password. Bascially, I am entering the records myself, before opening the directory to the public. Once I open to the public anyone can add a record. However, if someone wanted to modify an existing record since the password is blank in the database, is there any way I can let them modify an existing record by matching it against their email address?

What is more important to me is that the modify form extract the available data. I am not really concerned much about the password. By the way, I have already installed the password script by hostglobal, which checks for email and I feel that is sufficient.

Also, I am not able to understand why these forms do not retain any data in the fields, if someone makes a mistake and submits and then clicks the back button following the error message. It is irritating to fill the entire form again. Any idea why this happens (not the case with all forms, but only some)?

Any suggestions and replies are greatly appreciated.

Also another question: Hostglobal password mails only the ID, URL and email, if someone forgot their info. Do I have to modify it to mail the password too?

[This message has been edited by socrates (edited April 16, 1999).]

 
Yes and no, but here is a better suggestion. I made up a password for each account, then used a text editor and placed a password in each field ( I used office to be specific ). IE, passxx001, passx0x002 etc.

This way its not going to be easily hacked. If you alreayd have the password mod by local host then they can just request their info and it will send them their account info ncluding password. ( make sure you mod password.cgi to include that field in the mail back ). There is your solution and its secure as can be.



Its not sufficient. It is for the password.cgi script as it E-Mails the data to the OWNER of that e-mail address.. Imagine if I came to your site and simply tried webmaster@yoursite.com or info@somesite.com .. Not hard to guess. Most webmasters don't want the spam. If you do it with
mailback, it only goes to the mail address. Dig?


Forms generated by CGI will NOT retain the info usually unless it asks you to "REPOST DATA FROM FORM?" Its just a draw back of using dynamically created pages with cgi.


Let me know if you need help with either script, I'll be glad to try and assist.






------------------
The Crowe crowe@darkspiral.com
www.darkspiral.com
www.lit.org


[This message has been edited by Crowe (edited April 16, 1999).]

Crowe,

Thanks for your reply. If you could help me out, here is what I am looking for:

Leaving the password issue aside (again at this point I am not concerned about the security issue as long as they can provide a valid email). The problem is initially I have to put this database out there and I do not want to put out a blank database. So, I am entering necessary information like url, business name and so on and send an emial to the site owner. As soon as they find out that they can input additional info. I want them to come back and complete the forms and it would be easier if the form loads up with existing data. Also, since I have entered and emailed to a handful entries already (without the passowrd), I do not want to irritate them at this point by telling them, that I have modified it and they need to enter a password.

So, my main interest at this point is the form and not the password (security). If it is possible to compare the email address or a specific ID in the database and pull out corresponding records, then I will be OK. Since, you guys know the code I think you might have an answer for me to compare the input ID or email address (instead of the password) and go on from there. What modifications do I have to make to accomplish this? Do you have an answer for this?

Once the database is up and running, at a later date I can substitute a password in the database and email everyone asking them to come back and change it if they want to.

Thanks very much for your help.

[This message has been edited by socrates (edited April 17, 1999).]

 
socrates:

I see what you mean. You want the user friendly modify without the password all together. I'll have to look into how to do the search using instead of password maybe use one of the other fields you suggested.

I'll post the info as soon as I get it done!

Crowe

------------------
The Crowe crowe@darkspiral.com
www.darkspiral.com
www.lit.org

        People, take a look on my Password Modify.
You can find it at www.buscabr.com/modify.html

A thread was started by Kate42 [ www.gossamer-threads.com/scripts/forum/resources/Forum3/HTML/001704.html ] that points out that a null password search brings up every record in the database. Has anyone else come across this behavior?

[This message has been edited by oldmoney (edited May 30, 1999).]