1: When I get a chance I will repost this with the changes suggested by 2: you fine Perl Monks. Remember This is my second perl script 3: attempt. I know I have much to learn. Please keep the feedback coming 4: 5: UPDATE[05/15/2002]: I have begun 'fixing' this code. I realize I still have not 6: incorporated the use of strict; and I still have textual 7: passwords that need to be encrypted. I'm still reading! :) 8: 9: UPDATE[05/16/2002]: I have incorporated crypt() into the code. 10: I also am now using alot of the CGI.pm features. 11: I am having one heck of a time adding strict to this though. 12: 13: UPDATE[05/17/2002]: I have actually gotten strict to work! I had to do a little 14: restructuring but it works! I am going to post a Node in SoPW. See if there 15: is anything else I need to change on this before I call it good code! 16: 17: 18: 19: #!/usr/bin/perl -w 20: # (Put the address to the location of PERL on your system. Find 21: # it with 'which perl') 22: use strict; 23: use CGI qw/:standard/; 24: use CGI::Cookie; 25: 26: # Where are you keeping the graphic that will be used in place of of 27: # The requested graphic (thru ubersecure.cgi?img=Name) if password is not found 28: my $imgfile = "/home/user/www/cgi-bin/ubersecure/secure.gif"; 29: 30: # Where you are keeping UberData.txt which holds your KEY|Location 31: my $datafile = "/home/user/www/cgi-bin/ubersecure/uberdata.txt"; 32: 33: # Will You need multiple logins or a single login? (1=multiple,0=single) 34: my $multi_in = 1; 35: 36: # This should point to your uberaccess.txt which holds the name|pass information 37: # This is not required for the single user mode 38: my $accessfile = "/home/user/www/cgi-bin/ubersecure/uberaccess.txt"; 39: 40: # Password required to login for single user mode.(Default pass is: 1234) 41: # This will also be a valid password for multi user mode. 42: # You MUST encrypt this password, you can use the following tool: 43: # http://www.YourSite.com/cgi-bin/ubersecure/ubersecure.cgi?url=passwd 44: my $pass = "USaH0nvPrucUo"; 45: 46: # UserName required to login for single user mode. 47: # This will also be a valid login for multi user mode. 48: my $goodnick = "1234"; 49: 50: # Address to this script. 51: my $thisscript = "http://www.YourSite.com/cgi-bin/ubersecure.cgi"; 52: 53: #Name of the page that you are logging into. 54: my $pagename = "UberSecure Test Page"; 55: 56: #Send mail to YOU when someone logs in? 57: # 1 = On 58: # 0 = Off 59: my $send_mail = 0; 60: 61: #Send mail to YOU when a Keyword / URL isn't found? 62: my $send_mail_badurl = 0; 63: 64: # UNIX path to the mail program on your system. 65: # elm, Mail, etc. If you run into problems, turn mail sending off. 66: my $mail = "/var/qmail/bin/qmail-inject"; 67: 68: #Email address to send mail to (your personal e-mail address.) 69: #You MUST put a backslash (\) in front of the 'at' (@) sign in the e-mail 70: # address. 71: my $to_email = "UberDragon13\@hotmail.com"; 72: 73: # Do you wish to log logins? (1/0) 74: # LOG file is NOT auto cleared. You will have to edit it by hand. If you 75: # delete it, remember to chmod the new file 644 when you re-make it. 76: my $log = 1; 77: 78: #Ask for an e-mail address? (Will be logged.) 79: my $email = 0; 80: 81: # What is the address to the log file? (Remember to create the file and 82: # to chmod it 644) 83: my $log_file = /home/user/www/cgi-bin/ubersecure/ubersecure.log"; 84: 85: # Path to your system's date program for logging. 86: my $date_prog = "/bin/date"; 87: 88: # Settings for page colors. 89: my $text = "#000000"; 90: my $link = "green"; 91: my $vlink = "#663300"; 92: my $bgcolor = "#FFFFFF"; 93: my $background = "http://www.YourSite.com/graphics/rb-bak6.jpg"; 94: my $bgproperties = "fixed"; 95: ########################################################################## 96: my $date = `$date_prog '+%D %H:%M:%S'`; 97: my $salt = "US"; 98: my %in = &getcgi; 99: 100: if ($in{'url'} eq "passwd") { &passwd; exit; } 101: 102: # Check for presence of Cookie and Parse info into $in 103: if ( (cookie('pass')) && (cookie('name')) ) { 104: $in{'name'} = cookie('name'); 105: $in{'pass'} = cookie('pass'); 106: } 107: 108: # Check for presence of Access File and Parse info into name and password 109: if ($multi_in == 1) { 110: open (DATA, "<$accessfile") or access_error and exit; 111: while(<DATA>){ 112: chomp; 113: my ($acc,$accpass) = split'\|',$_; 114: if ( ($acc eq $in{'name'}) && ($accpass eq $in{'pass'}) ) { 115: $goodnick = $acc;$pass = $accpass; 116: } 117: } 118: close(DATA); 119: 120: } 121: # Check for img link and no password 122: if ( ($in{'img'}) && ($in{'pass'} ne $pass) ) { 123: print header; 124: open(FILE,"$imgfile"); 125: while(<FILE>) { print $_; } 126: exit; 127: } 128: # Make sure its a valid login then do commands 129: if ( ($in{'name'} eq $goodnick) && ($in{'pass'} eq $pass) ) { 130: &send_mail;&log_in; 131: my $cookie_set1 = "Set-Cookie: name=$in{'name'}\n"; 132: my $cookie_set2 = "Set-Cookie: pass=$in{'pass'}\n"; 133: print $cookie_set1; 134: print $cookie_set2; 135: print header; 136: open (DATA, "<$datafile") or &data_error and exit; 137: while(<DATA>){ 138: my ($key,$url)=split'\|',$_; 139: if($key eq $in{'url'}){ 140: open(FILE,"$url"); 141: while(<FILE>) { print $_; } 142: exit; 143: } 144: if($key eq $in{'img'}){ 145: open(FILE,"$url"); 146: while(<FILE>) { print $_; } 147: exit; 148: } 149: 150: } 151: close(DATA); &key_error; exit; 152: } 153: # Display Page For Login Error Due to bad pass 154: elsif ( ($in{'pass'}) && ($in{'pass'} ne $pass) ) { 155: &print_badlogin;exit; 156: } 157: # Display Page for Login Error Due to Bad Login Name 158: elsif ( ($in{'name'}) && ($in{'name'} ne $goodnick) ) { 159: &print_badlogin;exit; 160: } 161: # Put up page for user to login 162: else { 163: print header;&print_login;exit; 164: } 165: ########################################################################## 166: # If Specified Send Email to Webmaster about UberSecure 167: ########################################################################## 168: 169: sub send_mail { 170: if ( cookie() ) { return 1; } 171: if ($send_mail == 1) { 172: if (-x $mail) { 173: open(MAIL, "|$mail"); 174: print MAIL ("To: $to_email\n", 175: "From: UberSecure_v1.1.0\n", 176: "Subject: Login Detected by $in{'name'}\n", 177: "User has logged in to UberSecure v1.1.0\n\n", 178: "$ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'})\n\n", 179: "$date\n", 180: " Name: $in{'name'}\n"); 181: if ($email == 1) { 182: print MAIL " E-mail: $in{'email'}\n"; 183: } 184: close(MAIL); 185: } 186: } 187: } 188: sub send_mail_badurl { 189: if ($send_mail_badurl == 1) { 190: if (-x $mail) { 191: open(MAIL, "|$mail"); 192: print MAIL ("To: $to_email\n", 193: "From: UberSecure_v1.1.0\n", 194: "Subject: Bad URL Key Attempt at $in{'url'}$in{'img'}\n", 195: "$in{'name'} has logged in to UberSecure v1.1.0 196: to access --\> $in{'url'}\n\n", 197: "Unfortunately $in{'url'}$in{'img'} does not exist 198: in your data file.\n\n", 199: "$ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'})\n\n", 200: "$date\n", 201: " Name: $in{'name'}\n"); 202: if ($email == 1) { 203: print MAIL " E-mail: $in{'email'}\n"; 204: } 205: close(MAIL); 206: } 207: } 208: } 209: ########################################################################## 210: # Display Error Page if The Password is Incorrect 211: ########################################################################## 212: 213: sub print_badlogin { 214: &logerror("Login attempt for $in{'name'} Invalid Attempt"); 215: print header; 216: begin_html("Bad Login Information to $pagename"); 217: 218: print <<"html"; 219: <center> 220: <font size=5>Login Error to: <b>$pagename</b><br><br> 221: </font> 222: Please try your Login again! <a href="$thisscript?url=$in{'url'}">click here!</a> 223: </center> 224: html 225: print end_html; 226: exit; 227: } 228: ########################################################################## 229: # Display Login Page if No Login/Pass In Cookie 230: ########################################################################## 231: 232: sub print_login { 233: begin_html("Login to $pagename"); 234: print "<font size=5>Please login to <u>$pagename</u></font>"; 235: print start_form(-method=>'post', 236: -action=>"$thisscript?url=$in{'url'}"); 237: print textfield(-name=>'name', 238: -size=>25, 239: -maxlength=>25);print " Login Name<BR>"; 240: if ($email == 1) { 241: print textfield(-name=>'email', 242: -size=>25, 243: -maxlength=>25);print " Email Address<BR>"; 244: } 245: print password_field(-name=>'pass', 246: -size=>25, 247: -maxlength=>25);print " Login Password<BR><BR>"; 248: 249: print hidden(-name=>'url', 250: -default=>$in{'url'}); 251: 252: 253: print submit(-name=>'Submit', 254: -value=>'Submit'); 255: 256: print endform;print end_html; 257: exit; 258: } 259: ########################################################################## 260: # Parse Information sent thru the URL Command line into $in{} 261: ########################################################################## 262: 263: sub getcgi { 264: my $cgi = CGI->new(); 265: my %in = %{$cgi->Vars}; 266: if ($in{'pass'}){$in{'pass'} = crypt($in{'pass'}, $salt);} 267: return %in; 268: } 269: 270: sub logerror { 271: if (! -e "$log_file") { 272: open(FILE, ">$log_file"); 273: print FILE "File START $date\n"; 274: close(FILE); 275: } 276: if ($log == 1) { 277: my $error = $_[0]; 278: open(FILE, ">>$log_file"); 279: print FILE "ERROR: $ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'}) $date"; 280: print FILE " Name: $in{'name'}\n"; 281: if ($email == 1) { 282: print FILE " E-mail: $in{'email'}\n"; 283: } 284: if($in{'url'}){print FILE " Error Msg: $error [?url=$in{'url'}]\n\n";} 285: if($in{'img'}){print FILE " Error Msg: $error [?img=$in{'img'}]\n\n";} 286: close(FILE); 287: } 288: } 289: 290: sub log_in { 291: if ($log == 1) { 292: if (! -e "$log_file") { 293: open(FILE, ">$log_file"); 294: print FILE "File START $date\n"; 295: close(FILE); 296: } 297: open(FILE, ">>$log_file"); 298: print FILE "LOGIN: $ENV{'REMOTE_ADDR'} (with $ENV{'HTTP_USER_AGENT'}) $date"; 299: print FILE " Name: $in{'name'}\n"; 300: if ($email == 1) { 301: print FILE " E-mail: $in{'email'}\n"; 302: } 303: if($in{'url'}){print FILE " Command: ?url=$in{'url'}\n\n";} 304: if($in{'img'}){print FILE " Command: ?img=$in{'img'}\n\n";} 305: close(FILE); 306: } 307: } 308: 309: ########################################################################## 310: # Display Error Page if Specified Key is not in Data File 311: ########################################################################## 312: sub key_error { 313: &send_mail_badurl;&logerror("Specified Key Not Found"); 314: my $show; 315: if($in{'img'}){$show = $in{'img'}}; 316: if($in{'url'}){$show = $in{'url'}}; 317: begin_html("Error - Specified Key Not Found"); 318: 319: print <<"EOF"; 320: <p><font size="+5"><b><font face="Geneva, Arial, Helvetica, san-serif"> 321: ERROR 404</font></b></font></p><p><font face="Verdana, Arial, Helvetica, 322: sans-serif" size="4">URL Location Not Found - <b>$show</b></font></p> 323: <p>Email the <a href="mailto:$to_email">WebMaster</A> and let them know!</p> 324: <p> </p> 325: <p> </p> 326: <p> </p> 327: <p><font face="Verdana, Arial, Helvetica, sans-serif" size="-1"> 328: UberSecure v1.3.0 by <a href=" 329: mailto:UberDragon13\@Yahoo.com?subject=UberSecure%20v1.3.0%20-%20$thisscript"> 330: UberDragon13\@Yahoo.com</a></font></p> 331: EOF 332: print end_html; 333: exit; 334: } 335: ########################################################################## 336: # Display Error Page if Data File is Missing 337: ########################################################################## 338: 339: sub data_error { 340: &logerror("Missing Data File at $datafile"); 341: begin_html("Error - Missing Data File"); 342: print <<"EOF"; 343: <p><font size="+5"><b><font face="Geneva, Arial, Helvetica, san-serif"> 344: ERROR 404</font></b></font></p><p><font face="Verdana, Arial, Helvetica, 345: sans-serif" size="4">DataFile Not Found - <b>$datafile</b></font></p> 346: <p>Check your configuration in UberSecure.cgi and verify the file exists 347: where the path says it does.</p> 348: <p> </p> 349: <p> </p> 350: <p> </p> 351: <p><font face="Verdana, Arial, Helvetica, sans-serif" size="-1"> 352: UberSecure v1.3.0 by <a href=" 353: mailto:UberDragon13\@Yahoo.com?subject=UberSecure%20v1.3.0%20-%20$thisscript"> 354: UberDragon13\@Yahoo.com</a></font></p> 355: EOF 356: print end_html; 357: exit; 358: } 359: ########################################################################## 360: # Display Error Page if Access File is Missing 361: ########################################################################## 362: 363: sub access_error { 364: &logerror("Missing Access file at $accessfile"); 365: print header; 366: begin_html("Error - Missing Access List File"); 367: print <<"EOF"; 368: <p><font size="+5"><b><font face="Geneva, Arial, Helvetica, san-serif"> 369: ERROR 404</font></b></font></p><p><font face="Verdana, Arial, Helvetica, 370: sans-serif" size="4">AccessFile Not Found - <b>$accessfile</b></font></p> 371: <p>Check your configuration in UberSecure.cgi and verify the file exists 372: where the path says it does.</p> 373: <p> </p> 374: <p> </p> 375: <p> </p> 376: <p><font face="Verdana, Arial, Helvetica, sans-serif" size="-1"> 377: UberSecure v1.3.0 by <a href=" 378: mailto:UberDragon13\@Yahoo.com?subject=UberSecure%20v1.3.0%20-%20$thisscript"> 379: UberDragon13\@Yahoo.com</a></font></p> 380: EOF 381: print end_html; 382: exit; 383: } 384: ########################################################################## 385: # Begin the HTML Document 386: ########################################################################## 387: sub begin_html { 388: print start_html( -title=>$_[0], 389: -meta=>{'author'=>'UberSecure HTML Generator', 390: 'copyright'=>'copyright 2002 UberSecure'}, 391: -BGPROPERTIES=>$bgproperties, 392: -BACKGROUND=>$background, 393: -BGCOLOR=>$bgcolor, 394: -TEXT=>$text, 395: -LINK=>$link, 396: -VLINK=>$vlink, 397: -ALIGN=>'center',); 398: } 399: ########################################################################## 400: # Subroutine to help admin encrypt the user file password data 401: ########################################################################## 402: sub passwd { 403: if ($in{'htname'}) { 404: if ($in{'htpass'} ne $in{'htpass2'}) { 405: print header; 406: begin_html('Password Mismatch'); 407: print <<"EOF"; 408: The two passwords you entered DO NOT match!<BR><BR> 409: <a href="$thisscript?url=passwd">Click Here</a> To try again. 410: EOF 411: print end_html; 412: exit; 413: } 414: elsif(($in{'htname'}) && ($in{'htpass'})) { 415: print header; 416: begin_html('Encrypted Results'); 417: my $htpass = crypt($in{'htpass'}, $salt); 418: print <<"EOF"; 419: Simply Copy/Paste the Encrypted Line to your uberaccess.txt<BR><BR> 420: Please NOTE There is no known way to decrypt() this Password!<BR> 421: Make sure your User remembers his/her password.<BR><BR> 422: Encrypted Access line for <code>User[<u>$in{'htname'}</u>]</code> 423: with the <code>password[<u>$in{'htpass'}</u>]</code> is:<BR><BR> 424: <h1>$in{'htname'}|$htpass</h1> 425: EOF 426: print end_html; 427: exit; 428: } 429: } 430: print header; 431: begin_html('Get Encrypted Password'); 432: print "Fill out this form to produce the encrypted 433: password line in your uberaccess.txt<BR>Note: Login Names and 434: Passwords are <u>case sensitive</u>!"; 435: 436: print start_form(-method=>'post', 437: -action=>"$thisscript?url=passwd"); 438: 439: print textfield(-name=>'htname', 440: -size=>25, 441: -maxlength=>25), 442: " Enter Login Name<BR><BR>"; 443: 444: print password_field(-name=>'htpass', 445: -size=>25, 446: -maxlength=>25), 447: " Enter Desired Password<BR><BR>"; 448: 449: print password_field(-name=>'htpass2', 450: -size=>25, 451: -maxlength=>25), 452: " RE-Enter Desired Password<BR><BR>"; 453: 454: print hidden(-name=>'url', 455: -default=>'passwd'); 456: 457: 458: print submit(-name=>'Get Encrypted Line', 459: -value=>'Get Encrypted Line'); 460: 461: print endform, end_html; 462: exit; 463: 464: } 465: 466: ########################################################################## 467: # End of Program 468: ########################################################################## 469:
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: UberSecure v1.5.2
by cjf (Parson) on May 13, 2002 at 12:02 UTC | |
Re: lame site security cgi
by davorg (Chancellor) on May 14, 2002 at 07:43 UTC | |
by UberDragon13 (Acolyte) on May 14, 2002 at 16:27 UTC | |
by rinceWind (Monsignor) on May 14, 2002 at 17:04 UTC | |
by davorg (Chancellor) on May 14, 2002 at 18:15 UTC | |
Be Nice To Newbies!
by mt2k (Hermit) on May 16, 2002 at 00:57 UTC | |
by UberDragon13 (Acolyte) on May 16, 2002 at 08:11 UTC | |
Re: UberSecure v1.5.2
by Anonymous Monk on May 13, 2002 at 11:35 UTC | |
by educated_foo (Vicar) on May 14, 2002 at 19:38 UTC | |
Re: html/file security cgi
by jynx (Priest) on May 17, 2002 at 01:15 UTC | |
Re: UberSecure v1.5.2
by vladb (Vicar) on May 13, 2002 at 17:24 UTC | |
by UberDragon13 (Acolyte) on May 13, 2002 at 21:45 UTC | |
by cjf (Parson) on May 14, 2002 at 02:56 UTC |
Back to
Craft