Re^3: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file

in reply to Re^2: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file
in thread with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file

"Then, I input USERNAME as username and PASSWORD as SamplePassword. But, It won't work. Why?"

Because you're comparing 'SamplePassword' against 'c0075ad4e26ec3dee225ccb6387b0b77', which isn't the same string.

"How can I do it? Pls help me to complete the code with security"

Grandfather explains that you have to do the same process with the user supplied password as you did you generate the password, compare the resulting value against the one you have stored.

Comment on Re^3: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file

Replies are listed 'Best First'.
Re^4: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file by theravadamonk (Scribe) on Sep 26, 2018 at 11:00 UTC
Hi Marto Thanks for coming back. you have helped me many times. > Grandfather explains that you have to do the same process with the user supplied password as you did you generate the password, compare the resulting value against the one you have stored." what's this same process? It's Still a nightmare to me. This is the code `print Digest::MD5::md5_hex("username" . "SamplePassword");` [download] how to write the other way? I think this is NOT the way. `print Digest::MD5::md5_hex("username" . "c0075ad4e26ec3dee225ccb6387b0 +b77") ."\n";` [download] hope to hear from all	[reply] [d/l] [select]
Re^5: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file by marto (Cardinal) on Sep 26, 2018 at 11:13 UTC
You need to take a step back and think about what you're doing, rather than just copying/pasting things and hoping for the best. You've simply printed a second hash, using the string 'username' combined with the hash you got the first time round. Why would you do this? When reading in the user input you want to generate the hash then compare it to the one stored in your text file. MD5, Digest::MD5.	[reply]
Re^6: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file by theravadamonk (Scribe) on Sep 27, 2018 at 05:09 UTC
"When reading in the user input you want to generate the hash then compare it to the one stored in your text file." Thanks for the above explanation... Now, Let's break this statement.. first "When reading in the user input" In this case, user inputs USERNAME as "username" and PASSWORD as "SamplePassword". in my login.cgi file, below 2 lines carry them. `my $var_username = param( "USERNAME" ); my $var_password = param( "PASSWORD" );` [download] secondly "you want to generate the hash" now, $var_password is PLAIN text and NAKED. Now, I will have to use "use Digest::MD5;" to encrypt it. this is the code for it. `my $encrypted_password = Digest::MD5::md5_hex("$var_username" . "$var_ +password"); #print "encrypted_password : $encrypted_password \n"; # This shows the + encrypted password.` [download] Thirdly, "then compare it to the one stored in your text file." Now, this encrypted password contains the /tmp/password.txt file along with username in this way. `username,c0075ad4e26ec3dee225ccb6387b0b77` [download] Now, Let's apply it to the code. Now I need $encrypted_password instead of $var_password. ( $var_password is PLAIN and not in /tmp/password.txt file. but $encrypted_password is stored in /tmp/password.txt ) here I am gonna apply it. `if ( ( $var_username eq $username ) && ( $encrypted_password eq $pass +word ) ) { print "$var_username, $encrypted_password <br>"; # I will remove th +is in real world print "Permission has been granted <br>"; print "<META HTTP-EQUIV=refresh CONTENT=\"$t;URL=$url\">\n"; $didmsg=1; last; }` [download] Now, It works. thanks a LOT. here's the full code. If there are any issues, Pls come back. my login.cgi #!/usr/bin/perl use CGI qw(:standard); use strict; use warnings; use Digest::MD5; my $var_username = param( "USERNAME" ); my $var_password = param( "PASSWORD" ); my $encrypted_password = Digest::MD5::md5_hex("$var_username" . "$var_ +password"); my $url="http://host.redirectiondomain.com:9999/"; my $t=1; # time until redirect activates print "Content-Type: text/html; charset=utf-8\n\n"; open ( FILE, "/tmp/password.txt" ) \|\| die "The file could not be opene +d"; my $didmsg=0; while ( my $line = <FILE> ) { chomp $line; ( my $username, my $password ) = split( ",", $line ); if ( ( $var_username eq $username ) && ( $encrypted_password eq $pa +ssword ) ) { print "$var_username, $encrypted_password <br>"; # I will remove th +is in real world print "Permission has been granted <br>"; print "<META HTTP-EQUIV=refresh CONTENT=\"$t;URL=$url\">\n"; $didmsg=1; last; } elsif ( ( $var_username eq $username ) && ( $encrypted_password ne +$password ) ) { print "$var_username, $encrypted_password <br>"; # I will remove th +is in real world print "You entered an invalid password. <br>"; print "Access has been denied. <br>"; $didmsg=1; last; } } close( FILE ); unless($didmsg) { print "$var_username, $encrypted_password <br>"; # I will remove th +is in real world print "You entered an invalid username. <br>"; print "Access has been denied. <br>"; } [download]	[reply] [d/l] [select]
Re^7: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file by marto (Cardinal) on Sep 27, 2018 at 05:55 UTC
Re^8: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file by theravadamonk (Scribe) on Sep 27, 2018 at 11:02 UTC
Some notes below your chosen depth have not been shown here
Re^5: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file by hippo (Bishop) on Sep 26, 2018 at 11:23 UTC
See Password verification for the underlying principles.	[reply]

In Section Seekers of Perl Wisdom