Looking for Perl CGI script that prompts for User ID & Password

[DPROMICS]

Has anyone written or know where I can find a PERL CGI script that:

1) From a web page prompts a user for a User ID & Password.

2) If a valid User ID/Password is entered then causes a new web page to be displayed?

3) It would be nice if the script used a text file for comparing the User ID/Password entered against a list of valid Users and their Passwords contained in the text file.

Yep, I have sarched Tek-Tips but couldn't find anything near what I am looking for. I have looked at other web pages on CGI scripts as well.

I hate to waste time re-inventing the "wheel". But, If I must I can. Thanks

Best Regards

 

[smah]

I didn't look through them all to see which ones meet your requirements, but it looks like there will be something for you here

http://cgi.resourceindex.com/Remotely_Hosted/Password_Protection/

(Incidentally, there's a similar site for PHP scripts & they tend to be the first place I look for things like this).

Steve

http://www.advancedheaters.com

 

[icrf]

Most web servers should allow you to require HTTP authentication on specific directories or files, and then supply a custom 403 page for those who can't supply correct credentials. Unless you have grander plans that require it, you can get away without any code.

- Andrew
Text::Highlight - A language-neutral syntax highlighting module in Perl
also on SourceForge including demo

 

[DPROMICS]

Basically, the idea is to allow staff to access a section of the practice's web page that is "restricted", by requiring a valid User ID/Password, to any one viewing the web page.

The concept is:

1) To have an entry on the web page i.e. "Staff Access" which, when clicked on, causes an HTML file to be displayed which prompts for a User ID & Password.

2) After the User enteres a User ID/Password, they then click on an "Enter" or "Submit" or whatever the button is labeled. The User ID & Password entered is then passed to a (PERL) CGI script which checks what has been entered against a list of User IDs/Passwords in a text file.

3) If the User ID/Password entered matches an entry in the text file, a new HTML file is displayed which will have entries that link to other HTML pages as necessary and/or desirable. Pages which contain the current Physician/Clinical Staff On-Call list, Personnel Manual,,etc.

If the User ID/Password doen't match an entry in the text file then a HTML file is displayed that looks the same as the original login HTML file but has an error message indicating that an invalid User ID/Password was entered and allowing the User to try again. Perhaps allow three tries and then they are out sort of thing. Not really needed though.

I could figure this out. I have some web page/CGI scripts examples that contain portions of what I actually need. I created a web based data entry form that called a CGI script and sent an EMail, etc. I figured out how to do that from looking at some similar examples. But, if I don't have to re-invent the "wheel" I would prefer not to have to do so. My work load is a little high right now and my time at a premium.

Best Regards.

 

[KevinADC]

barebones:

use strict;
use CGI qw/:standard/;

my $members = 'path/to/members/file.txt');
my $password = param('password');
my $name = param('name');

# here you should validate the password and name,
# if they are valid proceed, if not go to the error page

#assumes a pipe delimted file
#example: John|w4rty4
$good = 0;
open(FH,"<$members") or die "$!";
while(<FH>){
   chomp;
   my($user,$password) = split(/\|/);
   if ($user eq $name and $pass eq $password) {
      $good = 1;
      last;
   }
}
if ($good) {
   print the html page yuo want here
}
else {
   print the login form again
}

 

[icrf]

Really, that sounds like a job for directory security and HTTP authentication. What web server are you on? Apache? IIS?

- Andrew
Text::Highlight - A language-neutral syntax highlighting module in Perl
also on SourceForge including demo

 

[DPROMICS]

KevinADC, icrf

icrf - The (medical practice's) web page is hosted by a Web Hosting (ValueWeb) company. I assume that they are running a flavor of "UNIX" or "LINUX" on their web hosting servers.

Directory security and HTTP authentication are not really needed. There won't be any "business", "staff", or "patient" confidential information on the "restricted" part of their web page that could cause a problem if it were "hacked" in to.

KevibADC - Thanks for sending the code. That is the sort of thing I am looking for. It really helps. I appreciate it.

Documentation is IT's weak spot. For an industry who's sole reason for being is the processing and dissemination of information, it seemingly disdanes documenting how things work and are done. I have always found this amusing and ironic. Oh, over 30 years in the IT industry I do see it getting better. Primarily from the contributions of web sites like Tek-Tips and the people that try to help through replying to posts on it.

Best Regards All and Thanks for your help,

 

[icrf]

Directory security is just access restrictions, it doesn't help if the web server were hacked. In Apache, you can specify that a particular directory requires authentication, and in two plain text files you can have a list of users and (hashed) passwords that can get in. You don't have to worry about checking passwords or their security, Apache handles all that for you. Anything in the directory will be blocked except for those with valid credentials, so you don't have to have every piece of information as a CGI script that checks for a login before serving. It's one of the "features" of a web server and unless you're doing something else with the logins aside from access restrictions, it is reinventing the proverbial wheel to roll your own CGI authentication.

Here's an example tutorial of what I'm talking about:

http://www.devarticles.com/c/a/Apache/Securing-Directories-With-htaccess/

If you don't have shell access to generate passwords, there's various web pages around that can do it for you, eg:

http://www.xs4all.nl/~remcovz/htpasswd.html

A full example from the two links:

/directory/to/secure/.htacess:

AuthUserFile /full/path/to/.htpasswd
AuthGroupFile /dev/null
AuthName "My Secure Directory"
AuthType Basic
<Limit GET>
require valid-user
</Limit>

/full/path/to/.htpasswd:

fred:PLdtT..jcUMI6

Now "fred" can log in with password "asdf" and you didn't have to write any code.

- Andrew
Text::Highlight - A language-neutral syntax highlighting module in Perl
also on SourceForge including demo

 

[icrf]

Oh, and IT loves good documentation, it makes our lives so much easier. However, we tend to be terrible at writing it, and would much rather be writing code. The only saving grace is that we love people to use our code, and code won't be used with proper docs, so it occaisionally does happen.

Munging information == good
Creating information == bad

:-(

- Andrew
Text::Highlight - A language-neutral syntax highlighting module in Perl
also on SourceForge including demo

 

[KevinADC]

you can also check if the website has a control paanel, in the control panel there is usually a very easy way to set up a directory that requires user authentication. It may not be very flexible, but it sounds like it could work.

Note my code has thye same variable twice, $password, the second instance should have been $pass:


my($user,$pass) = split(/\|/);