0: When I get a chance I will repost this with the changes suggested by
1: you fine Perl Monks. Remember This is my second perl script
2: attempt. I know I have much to learn. Please keep the feedback coming
3:
4: UPDATE[05/15/2002]: I have begun 'fixing' this code. I realize I still have not
5: incorporated the use of strict; and I still have textual
6: passwords that need to be encrypted. I'm still reading! :)
7:
8: UPDATE[05/16/2002]: I have incorporated crypt() into the code.
9: I also am now using alot of the CGI.pm features.
10: I am having one heck of a time adding strict to this though.
11:
12: UPDATE[05/17/2002]: I have actually gotten strict to work! I had to do a little
13: restructuring but it works! I am going to post a Node in SoPW. See if there
14: is anything else I need to change on this before I call it good code!
15:
16:
17:
18: #!/usr/bin/perl -w
19: # (Put the address to the location of PERL on your system. Find
20: # it with 'which perl')
21: use strict;
22: use CGI qw/:standard/;
23: use CGI::Cookie;
24:
25: # Where are you keeping the graphic that will be used in place of of
26: # The requested graphic (thru ubersecure.cgi?img=Name) if password is not found
27: my $imgfile = "/home/user/www/cgi-bin/ubersecure/secure.gif";
28:
29: # Where you are keeping UberData.txt which holds your KEY|Location
30: my $datafile = "/home/user/www/cgi-bin/ubersecure/uberdata.txt";
31:
32: # Will You need multiple logins or a single login? (1=multiple,0=single)
33: my $multi_in = 1;
34:
35: # This should point to your uberaccess.txt which holds the name|pass information
36: # This is not required for the single user mode
37: my $accessfile = "/home/user/www/cgi-bin/ubersecure/uberaccess.txt";
38:
39: # Password required to login for single user mode.(Default pass is: 1234)
40: # This will also be a valid password for multi user mode.
41: # You MUST encrypt this password, you can use the following tool:
42: # http://www.YourSite.com/cgi-bin/ubersecure/ubersecure.cgi?url=passwd
43: my $pass = "USaH0nvPrucUo";
44:
45: # UserName required to login for single user mode.
46: # This will also be a valid login for multi user mode.
47: my $goodnick = "1234";
48:
49: # Address to this script.
50: my $thisscript = "http://www.YourSite.com/cgi-bin/ubersecure.cgi";
51:
52: #Name of the page that you are logging into.
53: my $pagename = "UberSecure Test Page";
54:
55: #Send mail to YOU when someone logs in?
56: # 1 = On
57: # 0 = Off
58: my $send_mail = 0;
59:
60: #Send mail to YOU when a Keyword / URL isn't found?
61: my $send_mail_badurl = 0;
62:
63: # UNIX path to the mail program on your system.
64: # elm, Mail, etc. If you run into problems, turn mail sending off.
65: my $mail = "/var/qmail/bin/qmail-inject";
66:
67: #Email address to send mail to (your personal e-mail address.)
68: #You MUST put a backslash (\) in front of the 'at' (@) sign in the e-mail
69: # address.
70: my $to_email = "UberDragon13\@hotmail.com";
71:
72: # Do you wish to log logins? (1/0)
73: # LOG file is NOT auto cleared. You will have to edit it by hand. If you
74: # delete it, remember to chmod the new file 644 when you re-make it.
75: my $log = 1;
76:
77: #Ask for an e-mail address? (Will be logged.)
78: my $email = 0;
79:
80: # What is the address to the log file? (Remember to create the file and
81: # to chmod it 644)
82: my $log_file = /home/user/www/cgi-bin/ubersecure/ubersecure.log";
83:
84: # Path to your system's date program for logging.
85: my $date_prog = "/bin/date";
86:
87: # Settings for page colors.
88: my $text = "#000000";
89: my $link = "green";
90: my $vlink = "#663300";
91: my $bgcolor = "#FFFFFF";
92: my $background = "http://www.YourSite.com/graphics/rb-bak6.jpg";
93: my $bgproperties = "fixed";
94: ##########################################################################
95: my $date = `$date_prog '+%D %H:%M:%S'`;
96: my $salt = "US";
97: my %in = &getcgi;
98:
99: if ($in{'url'} eq "passwd") { &passwd; exit; }
100:
101: # Check for presence of Cookie and Parse info into $in
102: if ( (cookie('pass')) && (cookie('name')) ) {
103: $in{'name'} = cookie('name');
104: $in{'pass'} = cookie('pass');
105: }
106:
107: # Check for presence of Access File and Parse info into name and password
108: if ($multi_in == 1) {
109: open (DATA, "<$accessfile") or access_error and exit;
110: while(<DATA>){
111: chomp;
112: my ($acc,$accpass) = split'\|',$_;
113: if ( ($acc eq $in{'name'}) && ($accpass eq $in{'pass'}) ) {
114: $goodnick = $acc;$pass = $accpass;
115: }
116: }
117: close(DATA);
118:
119: }
120: # Check for img link and no password
121: if ( ($in{'img'}) && ($in{'pass'} ne $pass) ) {
122: print header;
123: open(FILE,"$imgfile");
124: while(<FILE>) { print $_; }
125: exit;
126: }
127: # Make sure its a valid login then do commands
128: if ( ($in{'name'} eq $goodnick) && ($in{'pass'} eq $pass) ) {
129: &send_mail;&log_in;
130: my $cookie_set1 = "Set-Cookie: name=$in{'name'}\n";
131: my $cookie_set2 = "Set-Cookie: pass=$in{'pass'}\n";
132: print $cookie_set1;
133: print $cookie_set2;
134: print header;
135: open (DATA, "<$datafile") or &data_error and exit;
136: while(<DATA>){
137: my ($key,$url)=split'\|',$_;
138: if($key eq $in{'url'}){
139: open(FILE,"$url");
140: while(<FILE>) { print $_; }
141: exit;
142: }
143: if($key eq $in{'img'}){
144: open(FILE,"$url");
145: while(<FILE>) { print $_; }
146: exit;
147: }
148:
149: }
150: close(DATA); &key_error; exit;
151: }
152: # Display Page For Login Error Due to bad pass
153: elsif ( ($in{'pass'}) && ($in{'pass'} ne $pass) ) {
154: &print_badlogin;exit;
155: }
156: # Display Page for Login Error Due to Bad Login Name
157: elsif ( ($in{'name'}) && ($in{'name'} ne $goodnick) ) {
158: &print_badlogin;exit;
159: }
160: # Put up page for user to login
161: else {
162: print header;&print_login;exit;
163: }
164: ##########################################################################
165: # If Specified Send Email to Webmaster about UberSecure
166: ##########################################################################
167:
168: sub send_mail {
169: if ( cookie() ) { return 1; }
170: if ($send_mail == 1) {
171: if (-x $mail) {
172: open(MAIL, "|$mail");
173: print MAIL ("To: $to_email\n",
174: "From: UberSecure_v1.1.0\n",
175: "Subject: Login Detected by $in{'name'}\n",
176: "User has logged in to UberSecure v1.1.0\n\n",
177: "$ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'})\n\n",
178: "$date\n",
179: " Name: $in{'name'}\n");
180: if ($email == 1) {
181: print MAIL " E-mail: $in{'email'}\n";
182: }
183: close(MAIL);
184: }
185: }
186: }
187: sub send_mail_badurl {
188: if ($send_mail_badurl == 1) {
189: if (-x $mail) {
190: open(MAIL, "|$mail");
191: print MAIL ("To: $to_email\n",
192: "From: UberSecure_v1.1.0\n",
193: "Subject: Bad URL Key Attempt at $in{'url'}$in{'img'}\n",
194: "$in{'name'} has logged in to UberSecure v1.1.0
195: to access --\> $in{'url'}\n\n",
196: "Unfortunately $in{'url'}$in{'img'} does not exist
197: in your data file.\n\n",
198: "$ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'})\n\n",
199: "$date\n",
200: " Name: $in{'name'}\n");
201: if ($email == 1) {
202: print MAIL " E-mail: $in{'email'}\n";
203: }
204: close(MAIL);
205: }
206: }
207: }
208: ##########################################################################
209: # Display Error Page if The Password is Incorrect
210: ##########################################################################
211:
212: sub print_badlogin {
213: &logerror("Login attempt for $in{'name'} Invalid Attempt");
214: print header;
215: begin_html("Bad Login Information to $pagename");
216:
217: print <<"html";
218: <center>
219: <font size=5>Login Error to: <b>$pagename</b><br><br>
220: </font>
221: Please try your Login again! <a href="$thisscript?url=$in{'url'}">click here!</a>
222: </center>
223: html
224: print end_html;
225: exit;
226: }
227: ##########################################################################
228: # Display Login Page if No Login/Pass In Cookie
229: ##########################################################################
230:
231: sub print_login {
232: begin_html("Login to $pagename");
233: print "<font size=5>Please login to <u>$pagename</u></font>";
234: print start_form(-method=>'post',
235: -action=>"$thisscript?url=$in{'url'}");
236: print textfield(-name=>'name',
237: -size=>25,
238: -maxlength=>25);print " Login Name<BR>";
239: if ($email == 1) {
240: print textfield(-name=>'email',
241: -size=>25,
242: -maxlength=>25);print " Email Address<BR>";
243: }
244: print password_field(-name=>'pass',
245: -size=>25,
246: -maxlength=>25);print " Login Password<BR><BR>";
247:
248: print hidden(-name=>'url',
249: -default=>$in{'url'});
250:
251:
252: print submit(-name=>'Submit',
253: -value=>'Submit');
254:
255: print endform;print end_html;
256: exit;
257: }
258: ##########################################################################
259: # Parse Information sent thru the URL Command line into $in{}
260: ##########################################################################
261:
262: sub getcgi {
263: my $cgi = CGI->new();
264: my %in = %{$cgi->Vars};
265: if ($in{'pass'}){$in{'pass'} = crypt($in{'pass'}, $salt);}
266: return %in;
267: }
268:
269: sub logerror {
270: if (! -e "$log_file") {
271: open(FILE, ">$log_file");
272: print FILE "File START $date\n";
273: close(FILE);
274: }
275: if ($log == 1) {
276: my $error = $_[0];
277: open(FILE, ">>$log_file");
278: print FILE "ERROR: $ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'}) $date";
279: print FILE " Name: $in{'name'}\n";
280: if ($email == 1) {
281: print FILE " E-mail: $in{'email'}\n";
282: }
283: if($in{'url'}){print FILE " Error Msg: $error [?url=$in{'url'}]\n\n";}
284: if($in{'img'}){print FILE " Error Msg: $error [?img=$in{'img'}]\n\n";}
285: close(FILE);
286: }
287: }
288:
289: sub log_in {
290: if ($log == 1) {
291: if (! -e "$log_file") {
292: open(FILE, ">$log_file");
293: print FILE "File START $date\n";
294: close(FILE);
295: }
296: open(FILE, ">>$log_file");
297: print FILE "LOGIN: $ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'}) $date";
298: print FILE " Name: $in{'name'}\n";
299: if ($email == 1) {
300: print FILE " E-mail: $in{'email'}\n";
301: }
302: if($in{'url'}){print FILE " Command: ?url=$in{'url'}\n\n";}
303: if($in{'img'}){print FILE " Command: ?img=$in{'img'}\n\n";}
304: close(FILE);
305: }
306: }
307:
308: ##########################################################################
309: # Display Error Page if Specified Key is not in Data File
310: ##########################################################################
311: sub key_error {
312: &send_mail_badurl;&logerror("Specified Key Not Found");
313: my $show;
314: if($in{'img'}){$show = $in{'img'}};
315: if($in{'url'}){$show = $in{'url'}};
316: begin_html("Error - Specified Key Not Found");
317:
318: print <<"EOF";
319: <p><font size="+5"><b><font face="Geneva, Arial, Helvetica, san-serif">
320: ERROR 404</font></b></font></p><p><font face="Verdana, Arial, Helvetica,
321: sans-serif" size="4">URL Location Not Found - <b>$show</b></font></p>
322: <p>Email the <a href="mailto:$to_email">WebMaster</A> and let them know!</p>
323: <p> </p>
324: <p> </p>
325: <p> </p>
326: <p><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">
327: UberSecure v1.3.0 by <a href="
328: mailto:UberDragon13\@Yahoo.com?subject=UberSecure%20v1.3.0%20-%20$thisscript">
329: UberDragon13\@Yahoo.com</a></font></p>
330: EOF
331: print end_html;
332: exit;
333: }
334: ##########################################################################
335: # Display Error Page if Data File is Missing
336: ##########################################################################
337:
338: sub data_error {
339: &logerror("Missing Data File at $datafile");
340: begin_html("Error - Missing Data File");
341: print <<"EOF";
342: <p><font size="+5"><b><font face="Geneva, Arial, Helvetica, san-serif">
343: ERROR 404</font></b></font></p><p><font face="Verdana, Arial, Helvetica,
344: sans-serif" size="4">DataFile Not Found - <b>$datafile</b></font></p>
345: <p>Check your configuration in UberSecure.cgi and verify the file exists
346: where the path says it does.</p>
347: <p> </p>
348: <p> </p>
349: <p> </p>
350: <p><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">
351: UberSecure v1.3.0 by <a href="
352: mailto:UberDragon13\@Yahoo.com?subject=UberSecure%20v1.3.0%20-%20$thisscript">
353: UberDragon13\@Yahoo.com</a></font></p>
354: EOF
355: print end_html;
356: exit;
357: }
358: ##########################################################################
359: # Display Error Page if Access File is Missing
360: ##########################################################################
361:
362: sub access_error {
363: &logerror("Missing Access file at $accessfile");
364: print header;
365: begin_html("Error - Missing Access List File");
366: print <<"EOF";
367: <p><font size="+5"><b><font face="Geneva, Arial, Helvetica, san-serif">
368: ERROR 404</font></b></font></p><p><font face="Verdana, Arial, Helvetica,
369: sans-serif" size="4">AccessFile Not Found - <b>$accessfile</b></font></p>
370: <p>Check your configuration in UberSecure.cgi and verify the file exists
371: where the path says it does.</p>
372: <p> </p>
373: <p> </p>
374: <p> </p>
375: <p><font face="Verdana, Arial, Helvetica, sans-serif" size="-1">
376: UberSecure v1.3.0 by <a href="
377: mailto:UberDragon13\@Yahoo.com?subject=UberSecure%20v1.3.0%20-%20$thisscript">
378: UberDragon13\@Yahoo.com</a></font></p>
379: EOF
380: print end_html;
381: exit;
382: }
383: ##########################################################################
384: # Begin the HTML Document
385: ##########################################################################
386: sub begin_html {
387: print start_html( -title=>$_[0],
388: -meta=>{'author'=>'UberSecure HTML Generator',
389: 'copyright'=>'copyright 2002 UberSecure'},
390: -BGPROPERTIES=>$bgproperties,
391: -BACKGROUND=>$background,
392: -BGCOLOR=>$bgcolor,
393: -TEXT=>$text,
394: -LINK=>$link,
395: -VLINK=>$vlink,
396: -ALIGN=>'center',);
397: }
398: ##########################################################################
399: # Subroutine to help admin encrypt the user file password data
400: ##########################################################################
401: sub passwd {
402: if ($in{'htname'}) {
403: if ($in{'htpass'} ne $in{'htpass2'}) {
404: print header;
405: begin_html('Password Mismatch');
406: print <<"EOF";
407: The two passwords you entered DO NOT match!<BR><BR>
408: <a href="$thisscript?url=passwd">Click Here</a> To try again.
409: EOF
410: print end_html;
411: exit;
412: }
413: elsif(($in{'htname'}) && ($in{'htpass'})) {
414: print header;
415: begin_html('Encrypted Results');
416: my $htpass = crypt($in{'htpass'}, $salt);
417: print <<"EOF";
418: Simply Copy/Paste the Encrypted Line to your uberaccess.txt<BR><BR>
419: Please NOTE There is no known way to decrypt() this Password!<BR>
420: Make sure your User remembers his/her password.<BR><BR>
421: Encrypted Access line for <code>User[<u>$in{'htname'}</u>]</code>
422: with the <code>password[<u>$in{'htpass'}</u>]</code> is:<BR><BR>
423: <h1>$in{'htname'}|$htpass</h1>
424: EOF
425: print end_html;
426: exit;
427: }
428: }
429: print header;
430: begin_html('Get Encrypted Password');
431: print "Fill out this form to produce the encrypted
432: password line in your uberaccess.txt<BR>Note: Login Names and
433: Passwords are <u>case sensitive</u>!";
434:
435: print start_form(-method=>'post',
436: -action=>"$thisscript?url=passwd");
437:
438: print textfield(-name=>'htname',
439: -size=>25,
440: -maxlength=>25),
441: " Enter Login Name<BR><BR>";
442:
443: print password_field(-name=>'htpass',
444: -size=>25,
445: -maxlength=>25),
446: " Enter Desired Password<BR><BR>";
447:
448: print password_field(-name=>'htpass2',
449: -size=>25,
450: -maxlength=>25),
451: " RE-Enter Desired Password<BR><BR>";
452:
453: print hidden(-name=>'url',
454: -default=>'passwd');
455:
456:
457: print submit(-name=>'Get Encrypted Line',
458: -value=>'Get Encrypted Line');
459:
460: print endform, end_html;
461: exit;
462:
463: }
464:
465: ##########################################################################
466: # End of Program
467: ##########################################################################
468:
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.