Since I started programming Perl nearly 3 years ago, I've always though about creating a script to allow users to log into a site, and have an account and do other personalised things.
Many sites allow you to log in these days, but it still seems somewhat mysterious as to the logic behind the program. I've done so many searches for scripts to allow logging into a site but had no luck. Why does this type of program seem so unavailable yet so commonly used?
I've been working on a program which uses a text file to keep a track of who's logged in using their IP adderess, username and password. Each registered user has their own subdirectory (their username) within the 'users' directory. Within here we can have several text files with their profile, messages, preferences etc... When a user requests a page, the script checks to see if their username is in the text file and validates it against their IP.
Anyway, things all seemed to get too complicated and long, and seem as if I was trying to reinvent the wheel but not doing very well. It works fine, but I have a feeling I went about things totally the wrong way!
Does anyone have any nice ideas on the logic behind such a script, or even some resources with information. Is there a Perl module for something like this?
Once a user has authenticated via .htaccess you can grab their username by the 'REMOTE_USER' environment variable, something like:
$username = $ENV{'REMOTE_USER'};
If you want to make tools for the users to use they can also refer to the $username when building or editing files in those users directories.
If possible, it might be better to avoid using the IP address and just go with username and password.
1) Many users may log in from work and home - different IPs.
2) Many users may log in from analog modem pools - different IPs again (and randomly-assigned).
It can be useful to offer the IP-dependent login as an option in some cases where your site design might drive a need for different user-options from different IPs - things like screen resolution, for example. But unless you want to require the user to have separate accounts for each computer, it's simpler to ignore the IP address.
As kenta notes, you can use a PERL script that modifies the contents of .htaccess to add/remove users. One warning though: Be sure to use flock(HTFILE,2); to lock the .htaccess file while you are modifying it. If two instances of your PERL script are trying to read/write the .htaccess file at the same time, you can easily corrupt it - with potentially-disastrous results.
Jim
Yes !
Expect.pm
[sourceforge.net...]
I've used, it's great in log-in/out, creating-deleting users, interacting with system commands etc.
[see also the docs etc. about 'expect':
[expect.nist.gov...] ]
cminblues
[edited by: jatar_k at 6:38 am (utc) on Oct. 28, 2002]
[edit reason] fixed link [/edit]
One of the reasons why I wanted to use a login system is for the trade section for my website, seperate to the normal retail section. As kenta kindly suggested, using a .htaccess file seems like my best option. I'd thought of this one before, but didn't know if there was any other way of doing things.
jdMorgan, I use the IP address per-session, and just use it to be sure people don't log in from two locations simultaniously.
cminblues, I'll take a good look at this module in a bit!
Thanks for your help, I think I'll go with the .htaccess route, and use the $username = $ENV{'REMOTE_USER'}; to retrieve the username and their directory, and work with it from there. Cheers folks! :)
