Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

comparing users password to one stored in a database

Status
Not open for further replies.
yim11

yim11

MIS
Jun 26, 2000
35
0
0
US
Hello,
I am [trying] to write a script that will allow employees to clock in and out for work, and calculate the work hours for the week. I plan to use a pipe-delimited text file for the database. In the database, I plan to have fields such as username, password, timein, timeout, totaltime, etc.
What I am looking for help on is how to compare and match user input to input already in the database, specifially for login purposes. In other words, I would like to have all users and passwords in the database so that a user can pull up the script/page and type in their username/password and upon clicking submit the script would search the database file, match the username, then compare the passwords (one entered vs one in database) if they match -return page A, if they dont return page B.

Any suggestions/help/references are greatly appreciated!!!
TIA,
Jim
[sig][/sig]
 
Sort by date Sort by votes
Ok,

So -- you have a file named 'userstuff' laid out like this:

username|password|timein|timeout|totaltime

with a line in it like this:
mlacey|mrniceguy|0800|1700|0900
[tt]
# first get the password from the user into the variable $passtry
open(F,'userstuff') || die "Can't open userstuff\n$!\n";
while(<F>){
[tab]if(/^$user\|/){
[tab][tab]($username,$password,$timein,$timeout,$totaltime) = split(/\|/);
[tab][tab]if($password =~ /^$passtry$/){
[tab][tab][tab]# password matched, return page a
[tab][tab]} else {
[tab][tab][tab]# password did not match, return page b
[tab][tab]}
[tab][tab]last; # exit loop because we found the user in the file
[tab]}
}
close(F);
[/tt] [sig]<p>Mike<br><a href=mailto:michael.j.lacey@ntlworld.com>michael.j.lacey@ntlworld.com</a><br><a href= Cargill's Corporate Web Site</a><br>Making mistakes, so you don't have to. &lt;grin&gt;[/sig]
 
Upvote 0 Downvote
I'd like to add something to Mike's code. You should also use a one-way hashing function for the purposes of encrypting the password in the database. When creating the database, use crypt($password) to store it. Then, in order to compare, you write: if (crypt($passtry) =~ /^$password$/){...

This just makes it harder for someone to read the database file if they somehow were able to open it. Of course if they got full access to your system then they could rewrite your code so you didn't need a password at all, or write their own. But every step you take is helpful. Hackers usually break in by a series of security holes, not just one. [sig]<p> Sincerely,<br><a href=mailto: > </a><br><a href= Anderson</a><br>CEO, Order amid Chaos, Inc.<br>
[/sig]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rob54321
  • Question
Perl how to read line from file with interpolation 1
Replies
6
Views
274
rob54321
rob54321
newbie1238585
  • Locked
  • Question
Perl how to read string in csv file * as wildcard operator
Replies
2
Views
179
mikrom
mikrom
Dino_1000
  • Locked
  • Question
Use the perl debugger to dump all the data in a string variable
Replies
0
Views
133
Dino_1000
Dino_1000
ss_ham
  • Locked
  • Question
in Perl find call looking to exclude folder and ignore duplicate finds.
Replies
2
Views
166
ss_ham
ss_ham
dan
  • Locked
  • Question
add a variable to subject in formmail.pl
Replies
6
Views
166
feherke
feherke

Part and Inventory Search

Sponsor

Back
Top