Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??
    0: When I get a chance I will repost this with the changes suggested by
    1: you fine Perl Monks.  Remember This is my second perl script
    2: attempt.  I know I have much to learn.  Please keep the feedback coming
    3: 
    4: UPDATE[05/15/2002]: I have begun 'fixing' this code.  I realize I still have not
    5: incorporated the use of strict; and I still have textual
    6:  passwords that need to be encrypted.  I'm still reading! :)
    7: 
    8: UPDATE[05/16/2002]: I have incorporated crypt() into the code.
    9:   I also am now using alot of the CGI.pm features.
    10:  I am having one heck of a time adding strict to this though.
    11: 
    12: UPDATE[05/17/2002]: I have actually gotten strict to work! I had to do a little
    13:  restructuring but it works!  I am going to post a Node in SoPW.  See if there
    14:  is anything else I need to change on this before I call it good code!
    15: 
    16: 
    17: 
    18: #!/usr/bin/perl -w
    19: # (Put the address to the location of PERL on your system.  Find
    20: #  it with 'which perl')
    21: use strict;
    22: use CGI qw/:standard/;
    23: use CGI::Cookie;
    24: 
    25: # Where are you keeping the graphic that will be used in place of of
    26: # The requested graphic (thru ubersecure.cgi?img=Name) if password is not found
    27: my $imgfile = "/home/user/www/cgi-bin/ubersecure/secure.gif";
    28: 
    29: # Where you are keeping UberData.txt which holds your KEY|Location
    30: my $datafile = "/home/user/www/cgi-bin/ubersecure/uberdata.txt";
    31: 
    32: # Will You need multiple logins or a single login?  (1=multiple,0=single)
    33: my $multi_in = 1;
    34: 
    35: # This should point to your uberaccess.txt which holds the name|pass information
    36: # This is not required for the single user mode
    37: my $accessfile = "/home/user/www/cgi-bin/ubersecure/uberaccess.txt";
    38: 
    39: # Password required to login for single user mode.(Default pass is: 1234)
    40: # This will also be a valid password for multi user mode.
    41: # You MUST encrypt this password, you can use the following tool:
    42: # http://www.YourSite.com/cgi-bin/ubersecure/ubersecure.cgi?url=passwd
    43: my $pass = "USaH0nvPrucUo";
    44: 
    45: # UserName required to login for single user mode.
    46: # This will also be a valid login for multi user mode.
    47: my $goodnick = "1234";
    48: 
    49: # Address to this script.
    50: my $thisscript = "http://www.YourSite.com/cgi-bin/ubersecure.cgi";
    51: 
    52: #Name of the page that you are logging into.
    53: my $pagename = "UberSecure Test Page";
    54: 
    55: #Send mail to YOU when someone logs in?
    56: # 1 = On
    57: # 0 = Off
    58: my $send_mail = 0;
    59: 
    60: #Send mail to YOU when a Keyword / URL isn't found?
    61: my $send_mail_badurl = 0;
    62: 
    63: # UNIX path to the mail program on your system.
    64: # elm, Mail, etc.  If you run into problems, turn mail sending off.
    65: my $mail = "/var/qmail/bin/qmail-inject";
    66: 
    67: #Email address to send mail to (your personal e-mail address.)
    68: #You MUST put a backslash (\) in front of the 'at' (@) sign in the e-mail
    69: # address.
    70: my $to_email = "UberDragon13\@hotmail.com";
    71: 
    72: # Do you wish to log logins?  (1/0)
    73: # LOG file is NOT auto cleared.  You will have to edit it by hand.  If you
    74: # delete it, remember to chmod the new file 644 when you re-make it.
    75: my $log = 1;
    76: 
    77: #Ask for an e-mail address?  (Will be logged.)
    78: my $email = 0;
    79: 
    80: # What is the address to the log file?  (Remember to create the file and
    81: #                                         to chmod it 644)
    82: my $log_file = /home/user/www/cgi-bin/ubersecure/ubersecure.log";
    83: 
    84: # Path to your system's date program for logging.
    85: my $date_prog = "/bin/date";
    86: 
    87: # Settings for page colors.
    88: my $text = "#000000";
    89: my $link = "green";
    90: my $vlink = "#663300";
    91: my $bgcolor = "#FFFFFF";
    92: my $background = "http://www.YourSite.com/graphics/rb-bak6.jpg";
    93: my $bgproperties = "fixed";
    94: ##########################################################################
    95: my $date = `$date_prog '+%D %H:%M:%S'`;
    96: my $salt = "US";
    97: my %in = &getcgi;
    98: 
    99: if ($in{'url'} eq "passwd") { &passwd; exit; }
    100: 
    101: # Check for presence of Cookie and Parse info into $in
    102: if ( (cookie('pass')) && (cookie('name')) ) {
    103:    $in{'name'} = cookie('name');
    104:    $in{'pass'} = cookie('pass');
    105: }
    106: 
    107: # Check for presence of Access File and Parse info into name and password
    108: if ($multi_in == 1) {
    109:   open (DATA, "<$accessfile") or access_error and exit;
    110:   while(<DATA>){
    111:     chomp;
    112:     my ($acc,$accpass) = split'\|',$_;
    113:     if ( ($acc eq $in{'name'}) && ($accpass eq $in{'pass'}) ) {
    114:       $goodnick = $acc;$pass = $accpass;
    115:     }
    116:   }
    117:  close(DATA);
    118: 
    119: }
    120: # Check for img link and no password
    121: if ( ($in{'img'}) && ($in{'pass'} ne $pass) ) {
    122:   print header;
    123:   open(FILE,"$imgfile");
    124:   while(<FILE>) { print $_; }
    125:   exit;
    126: }
    127: # Make sure its a valid login then do commands
    128: if ( ($in{'name'} eq $goodnick) && ($in{'pass'} eq $pass) ) {
    129:   &send_mail;&log_in;
    130:   my $cookie_set1 = "Set-Cookie: name=$in{'name'}\n";
    131:   my $cookie_set2 = "Set-Cookie: pass=$in{'pass'}\n";
    132:   print $cookie_set1;
    133:   print $cookie_set2;
    134:   print header;
    135:   open (DATA, "<$datafile") or &data_error and exit;
    136:   while(<DATA>){
    137:     my ($key,$url)=split'\|',$_;
    138:     if($key eq $in{'url'}){
    139:       open(FILE,"$url");
    140:       while(<FILE>) { print $_; }
    141:       exit;
    142:     }
    143:     if($key eq $in{'img'}){
    144:       open(FILE,"$url");
    145:       while(<FILE>) { print $_; }
    146:       exit;
    147:     }
    148: 
    149:   }
    150:   close(DATA); &key_error; exit;
    151: }
    152: # Display Page For Login Error Due to bad pass
    153: elsif ( ($in{'pass'}) && ($in{'pass'} ne $pass) ) {
    154: 	&print_badlogin;exit;
    155: }
    156: # Display Page for Login Error Due to Bad Login Name
    157: elsif ( ($in{'name'}) && ($in{'name'} ne $goodnick) ) {
    158: 	&print_badlogin;exit;
    159: }
    160: # Put up page for user to login
    161: else {
    162: 	print header;&print_login;exit;
    163: }
    164: ##########################################################################
    165: # If Specified Send Email to Webmaster about UberSecure
    166: ##########################################################################
    167: 
    168: sub send_mail {
    169:  if ( cookie() ) { return 1; }
    170:   if ($send_mail == 1) {
    171:    if (-x $mail) {
    172:     open(MAIL, "|$mail");
    173:     print MAIL ("To: $to_email\n",
    174:                 "From: UberSecure_v1.1.0\n",
    175:                 "Subject: Login Detected by $in{'name'}\n",
    176:                 "User has logged in to UberSecure v1.1.0\n\n",
    177:                 "$ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'})\n\n",
    178:                 "$date\n",
    179:                 "  Name: $in{'name'}\n");
    180: 	if ($email == 1) {
    181: 	  print MAIL "  E-mail: $in{'email'}\n";
    182: 	}
    183: 	close(MAIL);
    184:   }
    185:  }
    186: }
    187: sub send_mail_badurl {
    188:  if ($send_mail_badurl == 1) {
    189:   if (-x $mail) {
    190:    open(MAIL, "|$mail");
    191:    print MAIL ("To: $to_email\n",
    192:                "From: UberSecure_v1.1.0\n",
    193:                "Subject: Bad URL Key Attempt at $in{'url'}$in{'img'}\n",
    194:                "$in{'name'} has logged in to UberSecure v1.1.0
    195:                                             to access --\> $in{'url'}\n\n",
    196:                "Unfortunately $in{'url'}$in{'img'} does not exist
    197:                                             in your data file.\n\n",
    198:                "$ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'})\n\n",
    199:                "$date\n",
    200:                "  Name: $in{'name'}\n");
    201: 	if ($email == 1) {
    202: 	  print MAIL "  E-mail: $in{'email'}\n";
    203:    }
    204:    close(MAIL);
    205:   }
    206:  }
    207: }
    208: ##########################################################################
    209: # Display Error Page if The Password is Incorrect
    210: ##########################################################################
    211: 
    212: sub print_badlogin {
    213: &logerror("Login attempt for $in{'name'} Invalid Attempt");
    214: print header;
    215: begin_html("Bad Login Information to $pagename");
    216: 
    217: print <<"html";
    218: <center>
    219: <font size=5>Login Error to: <b>$pagename</b><br><br>
    220: </font>
    221: Please try your Login again!  <a href="$thisscript?url=$in{'url'}">click here!</a>
    222: </center>
    223: html
    224: print end_html;
    225: exit;
    226: }
    227: ##########################################################################
    228: # Display Login Page if No Login/Pass In Cookie
    229: ##########################################################################
    230: 
    231: sub print_login {
    232:   begin_html("Login to $pagename");
    233:   print "<font size=5>Please login to <u>$pagename</u></font>";
    234:   print start_form(-method=>'post',
    235: 			    -action=>"$thisscript?url=$in{'url'}");
    236:   print textfield(-name=>'name',
    237: 			    -size=>25,
    238: 			    -maxlength=>25);print " Login Name<BR>";
    239:   if ($email == 1) {
    240:   print textfield(-name=>'email',
    241: 				-size=>25,
    242: 				-maxlength=>25);print " Email Address<BR>";
    243:   }
    244:   print password_field(-name=>'pass',
    245: 				-size=>25,
    246: 				-maxlength=>25);print " Login Password<BR><BR>";
    247: 
    248:   print hidden(-name=>'url',
    249: 			     -default=>$in{'url'});
    250: 
    251: 
    252:   print submit(-name=>'Submit',
    253:     			-value=>'Submit');
    254: 
    255:   print endform;print end_html;
    256:   exit;
    257: }
    258: ##########################################################################
    259: # Parse Information sent thru the URL Command line into $in{}
    260: ##########################################################################
    261: 
    262: sub getcgi {
    263:     my $cgi = CGI->new();
    264:     my %in = %{$cgi->Vars};
    265:     if ($in{'pass'}){$in{'pass'} = crypt($in{'pass'}, $salt);}
    266:     return %in;
    267: }
    268: 
    269: sub logerror {
    270:   if (! -e "$log_file") {
    271: 		open(FILE, ">$log_file");
    272: 		print FILE "File START $date\n";
    273: 		close(FILE);
    274:   }
    275:   if ($log == 1) {
    276: 	my $error = $_[0];
    277: 	open(FILE, ">>$log_file");
    278: 	print FILE "ERROR: $ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'}) $date";
    279:    print FILE "  Name: $in{'name'}\n";
    280: 	if ($email == 1) {
    281: 		print FILE "  E-mail: $in{'email'}\n";
    282: 	}
    283:    if($in{'url'}){print FILE "  Error Msg: $error [?url=$in{'url'}]\n\n";}
    284:    if($in{'img'}){print FILE "  Error Msg: $error [?img=$in{'img'}]\n\n";}
    285: 	close(FILE);
    286:   }
    287: }
    288: 
    289: sub log_in {
    290:    if ($log == 1) {
    291: 	if (! -e "$log_file") {
    292: 		open(FILE, ">$log_file");
    293: 		print FILE "File START $date\n";
    294: 		close(FILE);
    295: 	}
    296: 	open(FILE, ">>$log_file");
    297: 	print FILE "LOGIN: $ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'}) $date";
    298:    print FILE "  Name: $in{'name'}\n";
    299: 	if ($email == 1) {
    300: 		print FILE "  E-mail: $in{'email'}\n";
    301: 	}
    302:    if($in{'url'}){print FILE "  Command: ?url=$in{'url'}\n\n";}
    303:    if($in{'img'}){print FILE "  Command: ?img=$in{'img'}\n\n";}
    304: 	close(FILE);
    305:    }
    306: }
    307: 
    308: ##########################################################################
    309: # Display Error Page if Specified Key is not in Data File
    310: ##########################################################################
    311: sub key_error {
    312: &send_mail_badurl;&logerror("Specified Key Not Found");
    313: my $show;
    314: if($in{'img'}){$show = $in{'img'}};
    315: if($in{'url'}){$show = $in{'url'}};
    316: begin_html("Error - Specified Key Not Found");
    317: 
    318: print <<"EOF";
    319: <p><font size="+5"><b><font face="Geneva, Arial, Helvetica, san-serif">
    320: ERROR 404</font></b></font></p><p><font face="Verdana, Arial, Helvetica,
    321:  sans-serif" size="4">URL Location Not Found - <b>$show</b></font></p>
    322: <p>Email the <a href="mailto:$to_email">WebMaster</A> and let them know!</p>
    323: <p>&nbsp;</p>
    324: <p>&nbsp;</p>
    325: <p>&nbsp;</p>
    326: <p><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">
    327:     UberSecure v1.3.0 by <a href="
    328:     mailto:UberDragon13\@Yahoo.com?subject=UberSecure%20v1.3.0%20-%20$thisscript">
    329:     UberDragon13\@Yahoo.com</a></font></p>
    330: EOF
    331: print end_html;
    332: exit;
    333:  }
    334: ##########################################################################
    335: # Display Error Page if Data File is Missing
    336: ##########################################################################
    337: 
    338: sub data_error {
    339: &logerror("Missing Data File at $datafile");
    340: begin_html("Error - Missing Data File");
    341: print <<"EOF";
    342: <p><font size="+5"><b><font face="Geneva, Arial, Helvetica, san-serif">
    343: ERROR 404</font></b></font></p><p><font face="Verdana, Arial, Helvetica,
    344:  sans-serif" size="4">DataFile Not Found - <b>$datafile</b></font></p>
    345: <p>Check your configuration in UberSecure.cgi and verify the file exists
    346:   where the path says it does.</p>
    347: <p>&nbsp;</p>
    348: <p>&nbsp;</p>
    349: <p>&nbsp;</p>
    350: <p><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">
    351:     UberSecure v1.3.0 by <a href="
    352:     mailto:UberDragon13\@Yahoo.com?subject=UberSecure%20v1.3.0%20-%20$thisscript">
    353:     UberDragon13\@Yahoo.com</a></font></p>
    354: EOF
    355: print end_html;
    356: exit;
    357: }
    358: ##########################################################################
    359: # Display Error Page if Access File is Missing
    360: ##########################################################################
    361: 
    362: sub access_error {
    363: &logerror("Missing Access file at $accessfile");
    364: print header;
    365: begin_html("Error - Missing Access List File");
    366: print <<"EOF";
    367: <p><font size="+5"><b><font face="Geneva, Arial, Helvetica, san-serif">
    368: ERROR 404</font></b></font></p><p><font face="Verdana, Arial, Helvetica,
    369:  sans-serif" size="4">AccessFile Not Found  - <b>$accessfile</b></font></p>
    370: <p>Check your configuration in UberSecure.cgi and verify the file exists
    371:   where the path says it does.</p>
    372: <p>&nbsp;</p>
    373: <p>&nbsp;</p>
    374: <p>&nbsp;</p>
    375: <p><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">
    376:     UberSecure v1.3.0 by <a href="
    377:     mailto:UberDragon13\@Yahoo.com?subject=UberSecure%20v1.3.0%20-%20$thisscript">
    378:     UberDragon13\@Yahoo.com</a></font></p>
    379: EOF
    380: print end_html;
    381: exit;
    382: }
    383: ##########################################################################
    384: # Begin the HTML Document
    385: ##########################################################################
    386: sub begin_html {
    387: print start_html(           -title=>$_[0],
    388: 			    -meta=>{'author'=>'UberSecure HTML Generator',
    389: 			            'copyright'=>'copyright 2002 UberSecure'},
    390: 			    -BGPROPERTIES=>$bgproperties,
    391:              -BACKGROUND=>$background,
    392: 			    -BGCOLOR=>$bgcolor,
    393: 			    -TEXT=>$text,
    394: 			    -LINK=>$link,
    395: 			    -VLINK=>$vlink,
    396: 			    -ALIGN=>'center',);
    397: }
    398: ##########################################################################
    399: # Subroutine to help admin encrypt the user file password data
    400: ##########################################################################
    401: sub passwd {
    402:   if ($in{'htname'}) {
    403:    if ($in{'htpass'} ne $in{'htpass2'}) {
    404:       print header;
    405:       begin_html('Password Mismatch');
    406:       print <<"EOF";
    407:       The two passwords you entered DO NOT match!<BR><BR>
    408:       <a href="$thisscript?url=passwd">Click Here</a> To try again.
    409: EOF
    410:       print end_html;
    411:       exit;
    412:    }
    413:    elsif(($in{'htname'}) && ($in{'htpass'})) {
    414:       print header;
    415:       begin_html('Encrypted Results');
    416:       my $htpass = crypt($in{'htpass'}, $salt);
    417:       print <<"EOF";
    418:       Simply Copy/Paste the Encrypted Line to your uberaccess.txt<BR><BR>
    419:       Please NOTE There is no known way to decrypt() this Password!<BR>
    420:       Make sure your User remembers his/her password.<BR><BR>
    421:       Encrypted Access line for <code>User[<u>$in{'htname'}</u>]</code>
    422:       with the <code>password[<u>$in{'htpass'}</u>]</code> is:<BR><BR>
    423:       <h1>$in{'htname'}|$htpass</h1>
    424: EOF
    425:       print end_html;
    426:       exit;
    427:    }
    428:   }
    429:   print header;
    430:   begin_html('Get Encrypted Password');
    431:   print "Fill out this form to produce the encrypted
    432:           password line in your uberaccess.txt<BR>Note: Login Names and
    433:           Passwords are <u>case sensitive</u>!";
    434: 
    435:   print start_form(-method=>'post',
    436: 			    -action=>"$thisscript?url=passwd");
    437: 
    438:   print textfield(-name=>'htname',
    439: 			    -size=>25,
    440: 			    -maxlength=>25),
    441: 			    " Enter Login Name<BR><BR>";
    442: 
    443:   print password_field(-name=>'htpass',
    444: 				-size=>25,
    445: 				-maxlength=>25),
    446: 				" Enter Desired Password<BR><BR>";
    447: 
    448:   print password_field(-name=>'htpass2',
    449: 				-size=>25,
    450: 				-maxlength=>25),
    451: 				" RE-Enter Desired Password<BR><BR>";
    452: 
    453:   print hidden(-name=>'url',
    454: 			     -default=>'passwd');
    455: 
    456: 
    457:   print submit(-name=>'Get Encrypted Line',
    458:     			-value=>'Get Encrypted Line');
    459: 
    460:   print endform, end_html;
    461:   exit;
    462: 
    463: }
    464: 
    465: ##########################################################################
    466: # End of Program
    467: ##########################################################################
    468: 
    

In reply to html/file security cgi [revisited] by UberDragon13

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having a coffee break in the Monastery: (3)
As of 2024-03-29 06:30 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found