Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re^2: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file

by theravadamonk (Scribe)
on Sep 26, 2018 at 10:17 UTC ( #1223041=note: print w/replies, xml ) Need Help??


in reply to Re: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file
in thread with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file

Hi Grandfather,

Thanks for your effort. I want to understand what you say since it is beneficial for me

What do you actually say?

I included encrypted password in /tmp/password.txt file in following way.

username,c0075ad4e26ec3dee225ccb6387b0b77

Then, I input USERNAME as username and PASSWORD as SamplePassword. But, It won't work. Why?

But, IF I input USERNAME as username and PASSWORD as c0075ad4e26ec3dee225ccb6387b0b77 , it will work..

Is it the way?

> To check a supplied password use the same hash process that was used to generate the hash originally then compare the two hash codes.

How can I do it? Pls help me to complete the code with security.

  • Comment on Re^2: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file
  • Download Code

Replies are listed 'Best First'.
Re^3: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file
by marto (Cardinal) on Sep 26, 2018 at 10:31 UTC

    "Then, I input USERNAME as username and PASSWORD as SamplePassword. But, It won't work. Why?"

    Because you're comparing 'SamplePassword' against 'c0075ad4e26ec3dee225ccb6387b0b77', which isn't the same string.

    "How can I do it? Pls help me to complete the code with security"

    Grandfather explains that you have to do the same process with the user supplied password as you did you generate the password, compare the resulting value against the one you have stored.

      Hi Marto

      Thanks for coming back. you have helped me many times.

      > Grandfather explains that you have to do the same process with the user supplied password as you did you generate the password, compare the resulting value against the one you have stored."

      what's this same process? It's Still a nightmare to me.

      This is the code

      print Digest::MD5::md5_hex("username" . "SamplePassword");
      how to write the other way? I think this is NOT the way.
      print Digest::MD5::md5_hex("username" . "c0075ad4e26ec3dee225ccb6387b0 +b77") ."\n";

      hope to hear from all

        You need to take a step back and think about what you're doing, rather than just copying/pasting things and hoping for the best. You've simply printed a second hash, using the string 'username' combined with the hash you got the first time round. Why would you do this? When reading in the user input you want to generate the hash then compare it to the one stored in your text file. MD5, Digest::MD5.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1223041]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (4)
As of 2022-01-22 20:21 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:












    Results (63 votes). Check out past polls.

    Notices?