homepage Welcome to WebmasterWorld Guest from 54.167.179.48
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
Forum Library, Charter, Moderators: coopster & jatar k & phranque

Perl Server Side CGI Scripting Forum

    
Password generation script
How do they do that?
Mtlinfo

10+ Year Member



 
Msg#: 3240065 posted 10:10 pm on Feb 1, 2007 (gmt 0)

Hi,

I'm trying to duplicate what I see on this website here <snipped> where a form is attached to an autoresponder script from example.com.

It lets people fill out a form going to example.com/scripts/addlead.pl and choose a username and password for themselves. When they click submit example.com redirects that person to the members login page after.

What I don't understand is that when the client is redirected, the username and password is already entered in the system because the client can now login right away.

My question here is: Where is the password generation script here? If a client fill out the form, enters an username and password and then has to pass through example.com first, how can the username and password be generated in my own website htpasswd file?

Is the username and password created on the fly by example.com? Or is the username and password sent back to some other script to modify the htpasswd file and then the client is redirected to my login page?

Thanks

Rick

[edited by: coopster at 2:02 am (utc) on Feb. 2, 2007]
[edit reason] removed specifics TOS [webmasterworld.com] [/edit]

 

perl_diver

5+ Year Member



 
Msg#: 3240065 posted 11:21 pm on Feb 1, 2007 (gmt 0)

are you asking how to do this with perl or php? Your link is to a php page.

Mtlinfo

10+ Year Member



 
Msg#: 3240065 posted 12:58 am on Feb 2, 2007 (gmt 0)

The page where you have the form is a php but when you click the submit button it is going to a perl script but if you look at the the rest of the form code, it's redirected back to that php page.

form name="signup_form" method="post" action="http://www.example.com/scripts/addlead.pl">
<input type="hidden" name="meta_web_form_id" value="1062531085">
<input type="hidden" name="meta_split_id" value="">
<input type="hidden" name="unit" value="desk-top-bucks">
<input type="hidden" name="redirect" value="http://www.example.net/1A6dfZ.php"

Do you have a clue how he makes that work? Does the writing of the passwd file is done when the submit button is clicked or when the perl script redirects the client back to the php page?

Thanks

Rick

[edited by: coopster at 2:03 am (utc) on Feb. 2, 2007]
[edit reason] removed specifics TOS [webmasterworld.com] [/edit]

andreasfriedrich

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3240065 posted 3:38 am on Feb 2, 2007 (gmt 0)

Username and password are probably added once the Perl [perl.com] script is called. It will insert the username and password and then send a redirect header like this:

print "HTTP/1.0 302 Redirected\n" ;
print "Location: " . $ENV{'redirect'} . "\n\n";

Mtlinfo

10+ Year Member



 
Msg#: 3240065 posted 5:25 am on Feb 2, 2007 (gmt 0)

well, here's the thing.

I just got a reply from Aweber and they told me that it's not coming from their perl script!

In other words, when the client fills out the form, the info (including the username and password) may go to Aweber's autorepsonder perl script and then the info entered by the client comes back in his email so that he can remember the username and password he has chosen for his login info.

This still doesn't tell me how the form's username and password got inserted into the Htpasswd file!

Logically, if it's not coming from the perl then it must come from the php page. It's either when the form goes to Aweber or when the client is being redirected back to the guy's website.

I just out the form and notice that when the form goes to Aweber, it's redirected back to that php page but the URL becomes filles with the info filled in the form like this

http://www.example.com/1A6dfZ.php?custom%20password=passwordtest&custom%20username=usernametest&from=joe%40joe%2ecom

Looks like the php page can collect this form info and store it into the Htpasswd file somehow?

Any idea how it does that?

Rick

[edited by: jatar_k at 1:33 pm (utc) on Feb. 2, 2007]

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 3240065 posted 8:55 pm on Feb 3, 2007 (gmt 0)

While the specific programming is beyond the scope of this thread, there are **many** ways to do this. Doing it securely is another matter entirely.

The bottom line is that when someone chooses a name and password, if you are using a scripted user login system, you simply store the user name and password in an encrypted form in a database.

A www authentication scheme is a whole different matter, as this operates on the server system level. This indeed can be done - but it means allowing the script to edit your .htpasswd file. IMO this is a Bad Idea because only root or the direct domain owner should have perms to edit .htaccess or .htpasswd. But it is done, and it is done a lot.

Automatically logging in:

For a scripted system, this is easy. You set a session-only cookie storing the user's login name and the password in encrypted form in the user's browser. Read the cookie first on request, if a user and pass is not found, look for input and read the login input from a form, and if a matching value is found in the database for one or the other, log them into services. If no matching entry is found, return a please log in page.

For www authentication, this is a bit more tricky, and may not evem be possible any more. I can't recall the syntax and I seem to remember something has changed a few years back, but for a while there it was possible to send remote www authentication via a typical query string by doing something like

http://www.example.com/secured_directory/?user=username@domain.com&pass=password

Which is also a Bad Idea because it requires you pass a plain text password via your query string.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved