"When reading in the user input you want to generate the hash then compare it to the one stored in your text file."
Thanks for the above explanation...
Now, Let's break this statement..
first "When reading in the user input"
In this case, user inputs USERNAME as "username" and PASSWORD as "SamplePassword".
in my login.cgi file, below 2 lines carry them.
my $var_username = param( "USERNAME" );
my $var_password = param( "PASSWORD" );
secondly "you want to generate the hash"
now, $var_password is PLAIN text and NAKED. Now, I will have to use "use Digest::MD5;" to encrypt it.
this is the code for it.
my $encrypted_password = Digest::MD5::md5_hex("$var_username" . "$var_
+password");
#print "encrypted_password : $encrypted_password \n"; # This shows the
+ encrypted password.
Thirdly, "then compare it to the one stored in your text file."
Now, this encrypted password contains the /tmp/password.txt file along with username in this way.
username,c0075ad4e26ec3dee225ccb6387b0b77
Now, Let's apply it to the code. Now I need $encrypted_password instead of $var_password.
( $var_password is PLAIN and not in /tmp/password.txt file. but $encrypted_password is stored in /tmp/password.txt )
here I am gonna apply it.
if ( ( $var_username eq $username ) && ( $encrypted_password eq $pass
+word ) ) {
print "$var_username, $encrypted_password <br>"; # I will remove th
+is in real world
print "Permission has been granted <br>";
print "<META HTTP-EQUIV=refresh CONTENT=\"$t;URL=$url\">\n";
$didmsg=1;
last;
}
Now, It works. thanks a LOT. here's the full code. If there are any issues, Pls come back.
my login.cgi
#!/usr/bin/perl
use CGI qw(:standard);
use strict;
use warnings;
use Digest::MD5;
my $var_username = param( "USERNAME" );
my $var_password = param( "PASSWORD" );
my $encrypted_password = Digest::MD5::md5_hex("$var_username" . "$var_
+password");
my $url="http://host.redirectiondomain.com:9999/";
my $t=1; # time until redirect activates
print "Content-Type: text/html; charset=utf-8\n\n";
open ( FILE, "/tmp/password.txt" ) || die "The file could not be opene
+d";
my $didmsg=0;
while ( my $line = <FILE> )
{
chomp $line;
( my $username, my $password ) = split( ",", $line );
if ( ( $var_username eq $username ) && ( $encrypted_password eq $pa
+ssword ) ) {
print "$var_username, $encrypted_password <br>"; # I will remove th
+is in real world
print "Permission has been granted <br>";
print "<META HTTP-EQUIV=refresh CONTENT=\"$t;URL=$url\">\n";
$didmsg=1;
last;
}
elsif ( ( $var_username eq $username ) && ( $encrypted_password ne
+$password ) ) {
print "$var_username, $encrypted_password <br>"; # I will remove th
+is in real world
print "You entered an invalid password. <br>";
print "Access has been denied. <br>";
$didmsg=1;
last;
}
}
close( FILE );
unless($didmsg) {
print "$var_username, $encrypted_password <br>"; # I will remove th
+is in real world
print "You entered an invalid username. <br>";
print "Access has been denied. <br>";
}
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.