Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k & phranque

Message Too Old, No Replies

Password generation script

How do they do that?



10:10 pm on Feb 1, 2007 (gmt 0)

10+ Year Member


I'm trying to duplicate what I see on this website here <snipped> where a form is attached to an autoresponder script from example.com.

It lets people fill out a form going to example.com/scripts/addlead.pl and choose a username and password for themselves. When they click submit example.com redirects that person to the members login page after.

What I don't understand is that when the client is redirected, the username and password is already entered in the system because the client can now login right away.

My question here is: Where is the password generation script here? If a client fill out the form, enters an username and password and then has to pass through example.com first, how can the username and password be generated in my own website htpasswd file?

Is the username and password created on the fly by example.com? Or is the username and password sent back to some other script to modify the htpasswd file and then the client is redirected to my login page?



[edited by: coopster at 2:02 am (utc) on Feb. 2, 2007]
[edit reason] removed specifics TOS [webmasterworld.com] [/edit]


11:21 pm on Feb 1, 2007 (gmt 0)

5+ Year Member

are you asking how to do this with perl or php? Your link is to a php page.


12:58 am on Feb 2, 2007 (gmt 0)

10+ Year Member

The page where you have the form is a php but when you click the submit button it is going to a perl script but if you look at the the rest of the form code, it's redirected back to that php page.

form name="signup_form" method="post" action="http://www.example.com/scripts/addlead.pl">
<input type="hidden" name="meta_web_form_id" value="1062531085">
<input type="hidden" name="meta_split_id" value="">
<input type="hidden" name="unit" value="desk-top-bucks">
<input type="hidden" name="redirect" value="http://www.example.net/1A6dfZ.php"

Do you have a clue how he makes that work? Does the writing of the passwd file is done when the submit button is clicked or when the perl script redirects the client back to the php page?



[edited by: coopster at 2:03 am (utc) on Feb. 2, 2007]
[edit reason] removed specifics TOS [webmasterworld.com] [/edit]


3:38 am on Feb 2, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Username and password are probably added once the Perl [perl.com] script is called. It will insert the username and password and then send a redirect header like this:

print "HTTP/1.0 302 Redirected\n" ;
print "Location: " . $ENV{'redirect'} . "\n\n";


5:25 am on Feb 2, 2007 (gmt 0)

10+ Year Member

well, here's the thing.

I just got a reply from Aweber and they told me that it's not coming from their perl script!

In other words, when the client fills out the form, the info (including the username and password) may go to Aweber's autorepsonder perl script and then the info entered by the client comes back in his email so that he can remember the username and password he has chosen for his login info.

This still doesn't tell me how the form's username and password got inserted into the Htpasswd file!

Logically, if it's not coming from the perl then it must come from the php page. It's either when the form goes to Aweber or when the client is being redirected back to the guy's website.

I just out the form and notice that when the form goes to Aweber, it's redirected back to that php page but the URL becomes filles with the info filled in the form like this


Looks like the php page can collect this form info and store it into the Htpasswd file somehow?

Any idea how it does that?


[edited by: jatar_k at 1:33 pm (utc) on Feb. 2, 2007]


8:55 pm on Feb 3, 2007 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

While the specific programming is beyond the scope of this thread, there are **many** ways to do this. Doing it securely is another matter entirely.

The bottom line is that when someone chooses a name and password, if you are using a scripted user login system, you simply store the user name and password in an encrypted form in a database.

A www authentication scheme is a whole different matter, as this operates on the server system level. This indeed can be done - but it means allowing the script to edit your .htpasswd file. IMO this is a Bad Idea because only root or the direct domain owner should have perms to edit .htaccess or .htpasswd. But it is done, and it is done a lot.

Automatically logging in:

For a scripted system, this is easy. You set a session-only cookie storing the user's login name and the password in encrypted form in the user's browser. Read the cookie first on request, if a user and pass is not found, look for input and read the login input from a form, and if a matching value is found in the database for one or the other, log them into services. If no matching entry is found, return a please log in page.

For www authentication, this is a bit more tricky, and may not evem be possible any more. I can't recall the syntax and I seem to remember something has changed a few years back, but for a while there it was possible to send remote www authentication via a typical query string by doing something like


Which is also a Bad Idea because it requires you pass a plain text password via your query string.


Featured Threads

Hot Threads This Week

Hot Threads This Month