Question : How to password protect with PWS?

I have PWS on my computer and I want to learn how to password protect some pages much like the way Hotmail or even Experts-Exchange is setup. I want it to be fairly secure too... nothing fancy, but I'd like my password lists and web server in general to remain secure. I have only a rudimentery knowledge of Javascript/VBScript... and I haven't played around with cgi or asp much. If you drop some scripts on me, please explain them... I'm used to cutting and pasting, but I would like to learn what's going on in those scripts/programs...

Answer : How to password protect with PWS?

crimson30,

"..I used the ActivePerl FAQ this time to config since I have PWS 5.0 ..."

Can you post that method here? is it very different from the one i posted before?

Pl. let me know.

"..I ran env.pl and got the all the env var keys..."

Excellent!! Glad to know that PERL scripts are working fine now.

"..On to the text input login/password script? .."

Here is the HTML form and PERL script called by the HTML form that allow a user to select a username/password, check that username is unique and if it is unique store it in a text file.
The password is stored in an encrypted format.

NOTE: i have commented the code so that you will find it easier to understand and maintaint the same.





Enter username

Enter password

======pass.pl
#!/usr/local/bin/perl

use CGI;

$query=new CGI;

print "Content-type: text/html\n\n";

if ($query->param){ ##  User clicked on the submit button.
  $pwd_file="c:\\temp\\passwd.txt";

  ##  Read the username and password from the HTML form
  $username=$query->param('u_name');
  $newuser=$query->param('pass');

  ##  Some basic validations!!
  if ($username=~ /^$/ || $username=~ /^\s+$/){ ##  Reject Empty username
    print "Username cant be blank!!

\n";
  }else{
    if ($newuser=~ /^$/ || $newuser=~ /^\s+$/){ ##  Reject Empty password
      print "Password cant be blank!!

\n";
    }else{

      if (-e $pwd_file){  ##  Open the password file, if it already exist!!
        ##  Check if the username has already been taken
        open(PWD,$pwd_file) || die $!;
        @pwds=;
        close(PWD);
      }

      ##  Store the existing username/passwords in a hash/associative
      ##  Array. the username is the key to the array.
      foreach(@pwds){
        ($uname,$pwd)=split(/\t/,$_);
        chomp($pwd);  ##  Remove the enter char.
        $PASSWD{$uname}=$pwd;
      }

      if ($PASSWD{$username}){  ##  Username already taken!!
        print "Please use some other username

\n";
      }else{  ##  ALL is OK!!
        ##  Use the Process id & time to generate the salt.
        srand($$|time);             # random seed
        @saltchars=(a..z,A..Z,0..9,'.','/');            # valid salt chars
        $salt=$saltchars[int(rand($#saltchars+1))];     # first random salt char
       $salt.=$saltchars[int(rand($#saltchars+1))];    # second random salt char
        ##  Encrypt the password
        $newuser = crypt ($newuser, $salt);

        $PASSWD{$username}=$newuser;

        ##  Write this new username/password to the file
        open(PASS,">$pwd_file") || die $!;
        foreach(keys %PASSWD){
          print PASS $_."\t".$PASSWD{$_},"\n";
        }
        close(PASS);

        print "Welcome, Your account is now ready!!

\n";
        exit;
      }
    }
  }
}

print qq{
 

>
  Enter username

  Enter password

 
 

};