Training, Open Source computer languages
PerlPHPPythonMySQLApache / TomcatTclRubyJavaC and C++LinuxCSS 
Search for:
Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
 
This week, we're updating our course layouts and descriptions. Presentation and materials always gently change over time, but just occasionally there's a need to make a step change to clear out some of the old and roll in the new. That's now happening - but over a long and complex site it's not instant and you'll see sections of the site changing up to and including 19th September.

See also [here] for status update
 
single to multiple users

Posted by TedH (TedH), 7 September 2006
Hi, I have a script which has username and password access. It works fine for just one user. The details pass sucessfully to every sub-routine.

I want to make it so it can work for multiple users (several could be using it at the same time). A flat-file db can hold the details - for instance:

-------
aaa|aaa
bbb|bbb
ccc|ccc

-------
( I can open this and read in all the records - from there on I haven't a clue.)

I don't know how to make it so that the $username and $password variables pick up the input from the form and keep them throughout that user's time in the script. I know cookies are insecure so they're no good. It just seems if I can make this so it retains the details like the original, it should work.


Or am I approaching this all wrong?


This is the scriptthe shortest I can make it for posting here)
------------------------------------------
Code:
#!perl

use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
print "Content-type: text/html\n\n";

# Variables adn settings
$scriptname="aa.pl"; # name of this script.
$username = "123"; # username and password - original setup -- this works great for just one user.
$password = "123";
&parseform; # parses form

# call sub-routines      
$command = $input{'command'};
 if ($command eq '') {&login;}
   elsif ($command eq 'one') {&one;}
   elsif ($command eq 'two') {&two;}

# prints the login page
sub login {
&header;
&parseform;

print <<"EOF";
<form action="$scriptname" method="post"><input type="hidden" name="command" value="one">
username: <input type="text" name="username"><br>password: <input type="password" name="password"><br>
<input type="submit" value="Login"></form>
EOF
&footer;
# open file
}

# checks username and password, called from every sub-routine
sub checkAccess {
     if ($input{'username'} ne $username || $input{'password'} ne $password) {
print "<html><h1>INVALID PASSWORD</html>\n";
           exit(0);
     }
}

## Main subs
# One
sub one {
&checkAccess;
&header;
&nav;
print <<"HTXT";
<b>One</b>  (userID: $username)<br>Home text and code goes here
HTXT
&footer;
}

# Two
sub two {
&checkAccess;
&header;
&nav;
&parseform;
print <<"EDF";
<b>Two</b>  (userID: $username)<br>Two text and code goes here.<br>If it works here it'll work with all subs.
EDF
&footer;
}

#### Common Subs
# Main navigation
sub nav {
print <<"EOF";
<b>Tester Script</b><br><br><table><TR><td>
<form action="$scriptname" method="post"><input type="hidden" name="username" value="$input{username}">
<input type="hidden" name="password" value="$input{password}">
<input type="hidden" name="command" value="one">
<input type="submit" class="btns" value="Home" onFocus="if(this.blur)this.blur()">
</form></td><td>
<form action="$scriptname" method="post">
<input type="hidden" name="username" value="$input{username}">
<input type="hidden" name="password" value="$input{password}">
<input type="hidden" name="command" value="two">
<input type="submit" class="btns" value="Two" onFocus="if(this.blur)this.blur()">
</form></td><td></TR></table>
EOF
}

sub header {print "<html><head><title></title></head><body><div align=center>\n";}
sub footer {print "</div></body></html>\n";}
sub parseform {
  read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
  if (length($buffer) < 5) { $buffer = $ENV{QUERY_STRING}; }
  @pairs = split(/&/, $buffer);
  foreach $pair (@pairs) {
     ($name, $value) = split(/=/, $pair);
     $value =~ tr/+/ /;
     $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
     $in{$name} = $value;
     $input{$name} = $value;
  }
}
#### end

-------

Hope someone can help, many thanks - Ted

Posted by admin (Graham Ellis), 7 September 2006
If you're looking to allow (as I think you are) multiple users to log in, each with there own password, then you need to add a loop into your code to check for each username / password in turn in checkAccess. It would return a true value if ANY of the pairs matched, or false if you didn't get a match.

Multiuser brings a whole lot of other additional issues over single user; will all your users have access to the same data, for example, of each their own data area.  There are whole books written, I suspect, on the subject.   I do think you'll need to think through a lot of issues very carefully as you carry on down this route.  Good luck - and of course do ask further questions as and when you need to.

Graham



Posted by TedH (TedH), 7 September 2006
Hi Graham, I'll have a go at looping the checkAccess. I've just been playing around with matches (m/) and managed to get a response ('cuz I thought why not try this and it worked). That would have to be part of it (I think), as the users will indeed access data.

The database has a user ID as the key for each record and so if a user enters the script only that user's records would show so they can edit or delete them. That side of things is fairly straight forward once I get the validation right.

I hadn't thought of looping in the checkAccess (the brain doesn't work that way) - I was figuring, 'do the stuff then checkAccess'. So I shall set to on that.

many thanks - Ted

Posted by TedH (TedH), 7 September 2006
Did you know that an eternal loop makes the fan on your PC work overtime before 5 o'clock  



This page is a thread posted to the opentalk forum at www.opentalk.org.uk and archived here for reference. To jump to the archive index please follow this link.

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2014: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 899360 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho