Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Comment on

( #3333=superdoc: print w/ replies, xml ) Need Help??
    0: When I get a chance I will repost this with the changes suggested by
    1: you fine Perl Monks.  Remember This is my second perl script
    2: attempt.  I know I have much to learn.  Please keep the feedback coming
    3: 
    4: UPDATE[05/15/2002]: I have begun 'fixing' this code.  I realize I still have not
    5: incorporated the use of strict; and I still have textual
    6:  passwords that need to be encrypted.  I'm still reading! :)
    7: 
    8: UPDATE[05/16/2002]: I have incorporated crypt() into the code.
    9:   I also am now using alot of the CGI.pm features.
    10:  I am having one heck of a time adding strict to this though.
    11: 
    12: UPDATE[05/17/2002]: I have actually gotten strict to work! I had to do a little
    13:  restructuring but it works!  I am going to post a Node in SoPW.  See if there
    14:  is anything else I need to change on this before I call it good code!
    15: 
    16: 
    17: 
    18: #!/usr/bin/perl -w
    19: # (Put the address to the location of PERL on your system.  Find
    20: #  it with 'which perl')
    21: use strict;
    22: use CGI qw/:standard/;
    23: use CGI::Cookie;
    24: 
    25: # Where are you keeping the graphic that will be used in place of of
    26: # The requested graphic (thru ubersecure.cgi?img=Name) if password is not found
    27: my $imgfile = "/home/user/www/cgi-bin/ubersecure/secure.gif";
    28: 
    29: # Where you are keeping UberData.txt which holds your KEY|Location
    30: my $datafile = "/home/user/www/cgi-bin/ubersecure/uberdata.txt";
    31: 
    32: # Will You need multiple logins or a single login?  (1=multiple,0=single)
    33: my $multi_in = 1;
    34: 
    35: # This should point to your uberaccess.txt which holds the name|pass information
    36: # This is not required for the single user mode
    37: my $accessfile = "/home/user/www/cgi-bin/ubersecure/uberaccess.txt";
    38: 
    39: # Password required to login for single user mode.(Default pass is: 1234)
    40: # This will also be a valid password for multi user mode.
    41: # You MUST encrypt this password, you can use the following tool:
    42: # http://www.YourSite.com/cgi-bin/ubersecure/ubersecure.cgi?url=passwd
    43: my $pass = "USaH0nvPrucUo";
    44: 
    45: # UserName required to login for single user mode.
    46: # This will also be a valid login for multi user mode.
    47: my $goodnick = "1234";
    48: 
    49: # Address to this script.
    50: my $thisscript = "http://www.YourSite.com/cgi-bin/ubersecure.cgi";
    51: 
    52: #Name of the page that you are logging into.
    53: my $pagename = "UberSecure Test Page";
    54: 
    55: #Send mail to YOU when someone logs in?
    56: # 1 = On
    57: # 0 = Off
    58: my $send_mail = 0;
    59: 
    60: #Send mail to YOU when a Keyword / URL isn't found?
    61: my $send_mail_badurl = 0;
    62: 
    63: # UNIX path to the mail program on your system.
    64: # elm, Mail, etc.  If you run into problems, turn mail sending off.
    65: my $mail = "/var/qmail/bin/qmail-inject";
    66: 
    67: #Email address to send mail to (your personal e-mail address.)
    68: #You MUST put a backslash (\) in front of the 'at' (@) sign in the e-mail
    69: # address.
    70: my $to_email = "UberDragon13\@hotmail.com";
    71: 
    72: # Do you wish to log logins?  (1/0)
    73: # LOG file is NOT auto cleared.  You will have to edit it by hand.  If you
    74: # delete it, remember to chmod the new file 644 when you re-make it.
    75: my $log = 1;
    76: 
    77: #Ask for an e-mail address?  (Will be logged.)
    78: my $email = 0;
    79: 
    80: # What is the address to the log file?  (Remember to create the file and
    81: #                                         to chmod it 644)
    82: my $log_file = /home/user/www/cgi-bin/ubersecure/ubersecure.log";
    83: 
    84: # Path to your system's date program for logging.
    85: my $date_prog = "/bin/date";
    86: 
    87: # Settings for page colors.
    88: my $text = "#000000";
    89: my $link = "green";
    90: my $vlink = "#663300";
    91: my $bgcolor = "#FFFFFF";
    92: my $background = "http://www.YourSite.com/graphics/rb-bak6.jpg";
    93: my $bgproperties = "fixed";
    94: ##########################################################################
    95: my $date = `$date_prog '+%D %H:%M:%S'`;
    96: my $salt = "US";
    97: my %in = &getcgi;
    98: 
    99: if ($in{'url'} eq "passwd") { &passwd; exit; }
    100: 
    101: # Check for presence of Cookie and Parse info into $in
    102: if ( (cookie('pass')) && (cookie('name')) ) {
    103:    $in{'name'} = cookie('name');
    104:    $in{'pass'} = cookie('pass');
    105: }
    106: 
    107: # Check for presence of Access File and Parse info into name and password
    108: if ($multi_in == 1) {
    109:   open (DATA, "<$accessfile") or access_error and exit;
    110:   while(<DATA>){
    111:     chomp;
    112:     my ($acc,$accpass) = split'\|',$_;
    113:     if ( ($acc eq $in{'name'}) && ($accpass eq $in{'pass'}) ) {
    114:       $goodnick = $acc;$pass = $accpass;
    115:     }
    116:   }
    117:  close(DATA);
    118: 
    119: }
    120: # Check for img link and no password
    121: if ( ($in{'img'}) && ($in{'pass'} ne $pass) ) {
    122:   print header;
    123:   open(FILE,"$imgfile");
    124:   while(<FILE>) { print $_; }
    125:   exit;
    126: }
    127: # Make sure its a valid login then do commands
    128: if ( ($in{'name'} eq $goodnick) && ($in{'pass'} eq $pass) ) {
    129:   &send_mail;&log_in;
    130:   my $cookie_set1 = "Set-Cookie: name=$in{'name'}\n";
    131:   my $cookie_set2 = "Set-Cookie: pass=$in{'pass'}\n";
    132:   print $cookie_set1;
    133:   print $cookie_set2;
    134:   print header;
    135:   open (DATA, "<$datafile") or &data_error and exit;
    136:   while(<DATA>){
    137:     my ($key,$url)=split'\|',$_;
    138:     if($key eq $in{'url'}){
    139:       open(FILE,"$url");
    140:       while(<FILE>) { print $_; }
    141:       exit;
    142:     }
    143:     if($key eq $in{'img'}){
    144:       open(FILE,"$url");
    145:       while(<FILE>) { print $_; }
    146:       exit;
    147:     }
    148: 
    149:   }
    150:   close(DATA); &key_error; exit;
    151: }
    152: # Display Page For Login Error Due to bad pass
    153: elsif ( ($in{'pass'}) && ($in{'pass'} ne $pass) ) {
    154: 	&print_badlogin;exit;
    155: }
    156: # Display Page for Login Error Due to Bad Login Name
    157: elsif ( ($in{'name'}) && ($in{'name'} ne $goodnick) ) {
    158: 	&print_badlogin;exit;
    159: }
    160: # Put up page for user to login
    161: else {
    162: 	print header;&print_login;exit;
    163: }
    164: ##########################################################################
    165: # If Specified Send Email to Webmaster about UberSecure
    166: ##########################################################################
    167: 
    168: sub send_mail {
    169:  if ( cookie() ) { return 1; }
    170:   if ($send_mail == 1) {
    171:    if (-x $mail) {
    172:     open(MAIL, "|$mail");
    173:     print MAIL ("To: $to_email\n",
    174:                 "From: UberSecure_v1.1.0\n",
    175:                 "Subject: Login Detected by $in{'name'}\n",
    176:                 "User has logged in to UberSecure v1.1.0\n\n",
    177:                 "$ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'})\n\n",
    178:                 "$date\n",
    179:                 "  Name: $in{'name'}\n");
    180: 	if ($email == 1) {
    181: 	  print MAIL "  E-mail: $in{'email'}\n";
    182: 	}
    183: 	close(MAIL);
    184:   }
    185:  }
    186: }
    187: sub send_mail_badurl {
    188:  if ($send_mail_badurl == 1) {
    189:   if (-x $mail) {
    190:    open(MAIL, "|$mail");
    191:    print MAIL ("To: $to_email\n",
    192:                "From: UberSecure_v1.1.0\n",
    193:                "Subject: Bad URL Key Attempt at $in{'url'}$in{'img'}\n",
    194:                "$in{'name'} has logged in to UberSecure v1.1.0
    195:                                             to access --\> $in{'url'}\n\n",
    196:                "Unfortunately $in{'url'}$in{'img'} does not exist
    197:                                             in your data file.\n\n",
    198:                "$ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'})\n\n",
    199:                "$date\n",
    200:                "  Name: $in{'name'}\n");
    201: 	if ($email == 1) {
    202: 	  print MAIL "  E-mail: $in{'email'}\n";
    203:    }
    204:    close(MAIL);
    205:   }
    206:  }
    207: }
    208: ##########################################################################
    209: # Display Error Page if The Password is Incorrect
    210: ##########################################################################
    211: 
    212: sub print_badlogin {
    213: &logerror("Login attempt for $in{'name'} Invalid Attempt");
    214: print header;
    215: begin_html("Bad Login Information to $pagename");
    216: 
    217: print <<"html";
    218: <center>
    219: <font size=5>Login Error to: <b>$pagename</b><br><br>
    220: </font>
    221: Please try your Login again!  <a href="$thisscript?url=$in{'url'}">click here!</a>
    222: </center>
    223: html
    224: print end_html;
    225: exit;
    226: }
    227: ##########################################################################
    228: # Display Login Page if No Login/Pass In Cookie
    229: ##########################################################################
    230: 
    231: sub print_login {
    232:   begin_html("Login to $pagename");
    233:   print "<font size=5>Please login to <u>$pagename</u></font>";
    234:   print start_form(-method=>'post',
    235: 			    -action=>"$thisscript?url=$in{'url'}");
    236:   print textfield(-name=>'name',
    237: 			    -size=>25,
    238: 			    -maxlength=>25);print " Login Name<BR>";
    239:   if ($email == 1) {
    240:   print textfield(-name=>'email',
    241: 				-size=>25,
    242: 				-maxlength=>25);print " Email Address<BR>";
    243:   }
    244:   print password_field(-name=>'pass',
    245: 				-size=>25,
    246: 				-maxlength=>25);print " Login Password<BR><BR>";
    247: 
    248:   print hidden(-name=>'url',
    249: 			     -default=>$in{'url'});
    250: 
    251: 
    252:   print submit(-name=>'Submit',
    253:     			-value=>'Submit');
    254: 
    255:   print endform;print end_html;
    256:   exit;
    257: }
    258: ##########################################################################
    259: # Parse Information sent thru the URL Command line into $in{}
    260: ##########################################################################
    261: 
    262: sub getcgi {
    263:     my $cgi = CGI->new();
    264:     my %in = %{$cgi->Vars};
    265:     if ($in{'pass'}){$in{'pass'} = crypt($in{'pass'}, $salt);}
    266:     return %in;
    267: }
    268: 
    269: sub logerror {
    270:   if (! -e "$log_file") {
    271: 		open(FILE, ">$log_file");
    272: 		print FILE "File START $date\n";
    273: 		close(FILE);
    274:   }
    275:   if ($log == 1) {
    276: 	my $error = $_[0];
    277: 	open(FILE, ">>$log_file");
    278: 	print FILE "ERROR: $ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'}) $date";
    279:    print FILE "  Name: $in{'name'}\n";
    280: 	if ($email == 1) {
    281: 		print FILE "  E-mail: $in{'email'}\n";
    282: 	}
    283:    if($in{'url'}){print FILE "  Error Msg: $error [?url=$in{'url'}]\n\n";}
    284:    if($in{'img'}){print FILE "  Error Msg: $error [?img=$in{'img'}]\n\n";}
    285: 	close(FILE);
    286:   }
    287: }
    288: 
    289: sub log_in {
    290:    if ($log == 1) {
    291: 	if (! -e "$log_file") {
    292: 		open(FILE, ">$log_file");
    293: 		print FILE "File START $date\n";
    294: 		close(FILE);
    295: 	}
    296: 	open(FILE, ">>$log_file");
    297: 	print FILE "LOGIN: $ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'}) $date";
    298:    print FILE "  Name: $in{'name'}\n";
    299: 	if ($email == 1) {
    300: 		print FILE "  E-mail: $in{'email'}\n";
    301: 	}
    302:    if($in{'url'}){print FILE "  Command: ?url=$in{'url'}\n\n";}
    303:    if($in{'img'}){print FILE "  Command: ?img=$in{'img'}\n\n";}
    304: 	close(FILE);
    305:    }
    306: }
    307: 
    308: ##########################################################################
    309: # Display Error Page if Specified Key is not in Data File
    310: ##########################################################################
    311: sub key_error {
    312: &send_mail_badurl;&logerror("Specified Key Not Found");
    313: my $show;
    314: if($in{'img'}){$show = $in{'img'}};
    315: if($in{'url'}){$show = $in{'url'}};
    316: begin_html("Error - Specified Key Not Found");
    317: 
    318: print <<"EOF";
    319: <p><font size="+5"><b><font face="Geneva, Arial, Helvetica, san-serif">
    320: ERROR 404</font></b></font></p><p><font face="Verdana, Arial, Helvetica,
    321:  sans-serif" size="4">URL Location Not Found - <b>$show</b></font></p>
    322: <p>Email the <a href="mailto:$to_email">WebMaster</A> and let them know!</p>
    323: <p>&nbsp;</p>
    324: <p>&nbsp;</p>
    325: <p>&nbsp;</p>
    326: <p><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">
    327:     UberSecure v1.3.0 by <a href="
    328:     mailto:UberDragon13\@Yahoo.com?subject=UberSecure%20v1.3.0%20-%20$thisscript">
    329:     UberDragon13\@Yahoo.com</a></font></p>
    330: EOF
    331: print end_html;
    332: exit;
    333:  }
    334: ##########################################################################
    335: # Display Error Page if Data File is Missing
    336: ##########################################################################
    337: 
    338: sub data_error {
    339: &logerror("Missing Data File at $datafile");
    340: begin_html("Error - Missing Data File");
    341: print <<"EOF";
    342: <p><font size="+5"><b><font face="Geneva, Arial, Helvetica, san-serif">
    343: ERROR 404</font></b></font></p><p><font face="Verdana, Arial, Helvetica,
    344:  sans-serif" size="4">DataFile Not Found - <b>$datafile</b></font></p>
    345: <p>Check your configuration in UberSecure.cgi and verify the file exists
    346:   where the path says it does.</p>
    347: <p>&nbsp;</p>
    348: <p>&nbsp;</p>
    349: <p>&nbsp;</p>
    350: <p><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">
    351:     UberSecure v1.3.0 by <a href="
    352:     mailto:UberDragon13\@Yahoo.com?subject=UberSecure%20v1.3.0%20-%20$thisscript">
    353:     UberDragon13\@Yahoo.com</a></font></p>
    354: EOF
    355: print end_html;
    356: exit;
    357: }
    358: ##########################################################################
    359: # Display Error Page if Access File is Missing
    360: ##########################################################################
    361: 
    362: sub access_error {
    363: &logerror("Missing Access file at $accessfile");
    364: print header;
    365: begin_html("Error - Missing Access List File");
    366: print <<"EOF";
    367: <p><font size="+5"><b><font face="Geneva, Arial, Helvetica, san-serif">
    368: ERROR 404</font></b></font></p><p><font face="Verdana, Arial, Helvetica,
    369:  sans-serif" size="4">AccessFile Not Found  - <b>$accessfile</b></font></p>
    370: <p>Check your configuration in UberSecure.cgi and verify the file exists
    371:   where the path says it does.</p>
    372: <p>&nbsp;</p>
    373: <p>&nbsp;</p>
    374: <p>&nbsp;</p>
    375: <p><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">
    376:     UberSecure v1.3.0 by <a href="
    377:     mailto:UberDragon13\@Yahoo.com?subject=UberSecure%20v1.3.0%20-%20$thisscript">
    378:     UberDragon13\@Yahoo.com</a></font></p>
    379: EOF
    380: print end_html;
    381: exit;
    382: }
    383: ##########################################################################
    384: # Begin the HTML Document
    385: ##########################################################################
    386: sub begin_html {
    387: print start_html(           -title=>$_[0],
    388: 			    -meta=>{'author'=>'UberSecure HTML Generator',
    389: 			            'copyright'=>'copyright 2002 UberSecure'},
    390: 			    -BGPROPERTIES=>$bgproperties,
    391:              -BACKGROUND=>$background,
    392: 			    -BGCOLOR=>$bgcolor,
    393: 			    -TEXT=>$text,
    394: 			    -LINK=>$link,
    395: 			    -VLINK=>$vlink,
    396: 			    -ALIGN=>'center',);
    397: }
    398: ##########################################################################
    399: # Subroutine to help admin encrypt the user file password data
    400: ##########################################################################
    401: sub passwd {
    402:   if ($in{'htname'}) {
    403:    if ($in{'htpass'} ne $in{'htpass2'}) {
    404:       print header;
    405:       begin_html('Password Mismatch');
    406:       print <<"EOF";
    407:       The two passwords you entered DO NOT match!<BR><BR>
    408:       <a href="$thisscript?url=passwd">Click Here</a> To try again.
    409: EOF
    410:       print end_html;
    411:       exit;
    412:    }
    413:    elsif(($in{'htname'}) && ($in{'htpass'})) {
    414:       print header;
    415:       begin_html('Encrypted Results');
    416:       my $htpass = crypt($in{'htpass'}, $salt);
    417:       print <<"EOF";
    418:       Simply Copy/Paste the Encrypted Line to your uberaccess.txt<BR><BR>
    419:       Please NOTE There is no known way to decrypt() this Password!<BR>
    420:       Make sure your User remembers his/her password.<BR><BR>
    421:       Encrypted Access line for <code>User[<u>$in{'htname'}</u>]</code>
    422:       with the <code>password[<u>$in{'htpass'}</u>]</code> is:<BR><BR>
    423:       <h1>$in{'htname'}|$htpass</h1>
    424: EOF
    425:       print end_html;
    426:       exit;
    427:    }
    428:   }
    429:   print header;
    430:   begin_html('Get Encrypted Password');
    431:   print "Fill out this form to produce the encrypted
    432:           password line in your uberaccess.txt<BR>Note: Login Names and
    433:           Passwords are <u>case sensitive</u>!";
    434: 
    435:   print start_form(-method=>'post',
    436: 			    -action=>"$thisscript?url=passwd");
    437: 
    438:   print textfield(-name=>'htname',
    439: 			    -size=>25,
    440: 			    -maxlength=>25),
    441: 			    " Enter Login Name<BR><BR>";
    442: 
    443:   print password_field(-name=>'htpass',
    444: 				-size=>25,
    445: 				-maxlength=>25),
    446: 				" Enter Desired Password<BR><BR>";
    447: 
    448:   print password_field(-name=>'htpass2',
    449: 				-size=>25,
    450: 				-maxlength=>25),
    451: 				" RE-Enter Desired Password<BR><BR>";
    452: 
    453:   print hidden(-name=>'url',
    454: 			     -default=>'passwd');
    455: 
    456: 
    457:   print submit(-name=>'Get Encrypted Line',
    458:     			-value=>'Get Encrypted Line');
    459: 
    460:   print endform, end_html;
    461:   exit;
    462: 
    463: }
    464: 
    465: ##########################################################################
    466: # End of Program
    467: ##########################################################################
    468: 
    

In reply to html/file security cgi [revisited] by UberDragon13

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others rifling through the Monastery: (6)
    As of 2015-07-05 19:46 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









      Results (67 votes), past polls