Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

ISO user-registration package

by tlm (Prior)
on Apr 06, 2007 at 20:22 UTC ( [id://608750]=perlquestion: print w/replies, xml ) Need Help??

tlm has asked for the wisdom of the Perl Monks concerning the following question:

Dear bros,

I suddenly find myself needing to add a user-registration functionality to an academic/research-oriented website.

This is one wheel I most definitely do not want to re-invent...

So I'm looking for an off-the-shelf Perl-friendly (and free!) solution. It doesn't have to be snazzy-looking, as long as it works. I'd appreciate your recommendations.

Many thanks in advance.

FWIW, the original website is built using merlyn's CGI::Prototype, it uses a PostgreSQL backend, and runs on Linux.

the lowliest monk

Replies are listed 'Best First'.
Re: ISO user-registration package
by saintly (Scribe) on Apr 06, 2007 at 21:26 UTC
    After browsing around, I found a few URLs with user managers (mostly not free): Following a link or two, I found a free, Perl-based user manager that might do your job (or might be modified to do so): http://www.locked-area.com/Products/DP/

    A 'cheap' setup that wouldn't take much work to create might be a solution that just uses Apache's .htaccess / .htpasswd files and 'Basic' authentication. It's not terribly secure, but it may be appropriate for the job. It doesn't use databases, but doesn't take much time to set up either. It doesn't support some of the fancier features (inactivity timeouts, eavesdropping protection, user self-registration).

    I'm guessing that's what the free product from 'locked-area' does, but haven't downloaded it or used it.

    As wheels go, this one is pretty simple if you have to roll your own.

    The basic flow of a homebrewed login app is something like:
    1. Every page checks the incoming request for a valid authorization cookie, redirect to login screen if not found.
    2. HTTPS Login screen asks for username, password, other data (perhaps a resource or group the user wants to join)
    3. After the username & password are validated and match, record the IP address & username in a token database with a new unique token ID
    4. Send the user their token ID as a cookie
    5. Send them to the page they wanted to see, as long as you keep getting back that valid cookie (and the user's IP address matches the IP you've stored for that token)


    Depending on what resources the site wants to provide, you may be able to install something like PhpBB or one of the free Wikis. Those usually come with a complete user-management system (including self-registration, timeouts, etc...) and write to a MySQL backend, which you can access just as easily with Perl. Some rewriting may let you modify the main functions of the BB or Wiki to use your Perl scripts instead.
    Update: More links:
      Wow, way to go saintly! Even though it wasn't for me, thanks for doing all that research work.

      cat >~/.sig </dev/interesting

Re: ISO user-registration package
by stonecolddevin (Parson) on Apr 06, 2007 at 21:14 UTC

    I'm not so sure you'd be reinventing anything here, seeing as how user registration can be pretty specific from site to site.

    You'll end up doing a lot of HTML customization to get the information you need, and you'll have to set up the database tables respectively, then write the proper perl code to handle form validation, missing fields, data processing, CAPTCHAs, etc.

    Sounds to me like it'd be easier to do yourself from scratch.

    meh.
      I built mine from scratch, and it's not architecturally complicated. For the user login/password, I have a small Storable file that keeps the login/passwd data. I have a simple login page that, upon submit, checks against the fields of the form. If login params match an entry, I create a session-data cookie and place it on the browser. I then create a filename (again, a Storable that holds a hash of the user's ID and any other data I want to hold. cgi scripts check the session-data hash object for info to see if the user is who he says he is, or other data I may log about him.

      but the thing that I'm finding particularly annoying these days is the growing percentage of browsers that don't have cookies turned on. This is especially the case for IE7 with its default security setting having cookies off. (Or, so it seems.) The problem here is that it's not possible to implement shopping cart stuff or other session-tracking activities (for the user's benefit) using session data. I have to start passing data around in form post params, which means they have a single thread of actions that must be taken, or I lose track of what they have.

      I get around 15-20K visitors a day to my site, and I'd say a good 30% or more don't have cookies on.

Re: ISO user-registration package
by kettle (Beadle) on Apr 06, 2007 at 21:22 UTC
    I think you need to be a little bit more specific about what it is that you mean by "user-registration functionality". If you mean a secure login system then this will probably entail doing at least some of the legwork yourself, or finding someone else to do it for you.

    You'll need to write a form, and post its contents to a validation script (perhaps write some javascript to validate prior to initial submission). Then you'll want to store the registration info somewhere, presumably in your postgreSQL db. You'll need to tweak your server for https support, and install or create an ssl certificate. You may opt to use your server's https authentication or you may opt for cookies (which usually provide a smoother user experience).

    It could get fairly complicated depending on what you need to accomplish, and my guess is that you are not going to find a complete, cookie cutter solution.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://608750]
Approved by jonadab
Front-paged by jonadab
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others rifling through the Monastery: (7)
As of 2024-03-28 11:20 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found