Home     |     .Net Programming    |     cSharp Home    |     Sql Server Home    |     Javascript / Client Side Development     |     Ajax Programming

Ruby on Rails Development     |     Perl Programming     |     C Programming Language     |     C++ Programming     |     IT Jobs

Python Programming Language     |     Laptop Suggestions?    |     TCL Scripting     |     Fortran Programming     |     Scheme Programming Language


 
 
Cervo Technologies
The Right Source to Outsource

MS Dynamics CRM 3.0

Perl Programming Language

How to verify a usnername and password?


Please Help me.

I hold an old version of discussion board writen in Perl.
Recently, a guy from Chins violently spams my discussion board to
cause it even malfunctioned.

The only thing I can do is setup a Username/Password verifying
procedure to stop this Chinese from spamming.  I am an ordinary girl
who know's nothing about this.

My intention is to add two columns,"username"and"password".  When
Vistior post a message, the perl script verify the combination first.
Only the one with the right combination can succesfully post it. And I
intent to get every friends of mine different set of combination.

I roughly know that the process could be first define a password file:
$passwd_file = "path/to/my_password_file";

Then get the variable,
&check_passwd;

Then define the variable. but I just don't know how to make it happen.
Can anybody PLEASE help me so that I can stop this guy from paralizing
my discussion board. T_T

By the way, there is a short script in my Perl file to keep track of
every aticle:
  $tolog = "Post $num|";
   $tolog .= "$ENV{'REMOTE_ADDR'}|"; ### IP
   $tolog .= "$date";
   $tolog .= "\n";
   open(LOG,">>$testfile");
   print LOG $tolog;
   close(LOG);

After I put on the password verifying process, how to also record the
"username" information of evrey article?

thanks.  Whoever you are who help me out, you are a life savior.

nightc@gmail.com wrote:

...

> I hold an old version of discussion board writen in Perl.
> Recently, a guy from Chins violently spams my discussion board to
> cause it even malfunctioned.

> The only thing I can do is setup a Username/Password verifying
> procedure to stop this Chinese from spamming.  I am an ordinary girl
> who know's nothing about this.

> My intention is to add two columns,"username"and"password".  When
> Vistior post a message, the perl script verify the combination first.
> Only the one with the right combination can succesfully post it. And I
> intent to get every friends of mine different set of combination.

One place to start is:

   perldoc -f crypt

which will provide the capability to store encrypted passwords so that
if your system is compromised to the point where someone gets the
password file, they still won't be able to determine the passwords of
your users.  You would start by defining a password for your friends and
storing the crypt'ed version of it in a file.  Then let your friends
know the password, and arrange the software so they have to change the
password the first time through.  You should arrange a couple of simple
checks so your friends can't use easily-cracked passwords like '' or 'a'
or 'abcde', etc -- if their passwords are easily cracked, you are no
better off than you were before.

Depending upon your software, you may need to lock access to the
password file so multiple instances of your program can't access it
simultaneously, at least not when one or more instances need to write to
it.  See:

   perldoc -q lock

Regarding the type of file to use:  If you have only a few users, you
can probably get away with a plain text file of a form such as:

   userID encodedpassword

If you have lots of users, you should consider a DBM-type file tied to a
Perl hash.  See:

   perldoc DB_File

(you might need to download the DB_File module first).

Note that userID and password administration can be a chore -- users
will forget their userID's and/or passwords, etc.

Question:  Is your discussion board web-based, or something else?

Looks to me like a simple addition of:

    $tolog .= "$userID|";

at an appropriate place should do it, assuming variable $userID hold the
user's userID.
--
Bob Walton
Email: http://bwalton.com/cgi-bin/emailbob.pl

On 6 6 ,   11 11 , Bob Walton <see.@rochester.rr.com> wrote:

Yes, it's a web-based discussion board.  It is an old WWWboard Board,
written by a guy Matt from Matt's Script website long tme ago.  It's
so simple that I even have to add up a few advanced function myself(of
course, with a lot of help).  The main struction is the main page of
board, a wwwboard.pl to process the posting, a message directory to
store posted messages, that's all.

I know it's too easy for spamers but I just love the seasiness of it.

after check out what you said, I crrently host my sebsite in a
commercial hosting company.  I seem to have such write to all that you
suggest.  I'll contact my hosting to see if they can do it for me.

THanks a lot.

(frankly, before you tell me this, I didn't think about the file
security.)

By the way, can you tell me how to write the Verifying Process of my
usernames and passwords?

He is again  spaming now. Gosh, I hate this kind of spammer!!!

> Depending upon your software, you may need to lock access to the
> password file so multiple instances of your program can't access it
> simultaneously, at least not when one or more instances need to write to
> it.  See:

>    perldoc -q lock

By the way, I'll decide the passwoard for everybody (which is about 40
of them).  They just have to use the password I choose. There is no
written job for visitors.  so, do I still need to do this? thanks.

(I know thess questions could look stupid..........)

nightc@gmail.com wrote:
> Yes, it's a web-based discussion board.  It is an old WWWboard Board,
> written by a guy Matt from Matt's Script website long tme ago.

Do yourself a huge favor and replace it with an updated version found here.

http://nms-cgi.sourceforge.net/scripts.shtml

I've got this problem of mine taking cared of.  (which, of course,
created another new problem.I've opened a new thread to ask for
help... T_T)

thanks everybody for helping.

To the best of my knowledge, if you are only reading a file, there is no
need to lock access to it from CGI scripts.

--
Bob Walton
Email: http://bwalton.com/cgi-bin/emailbob.pl

Add to del.icio.us | Digg this | Stumble it | Powered by Megasolutions Inc