Hi, I have a script which has username and password access. It works fine for just one user. The details pass sucessfully to every sub-routine.

I want to make it so it can work for multiple users (several could be using it at the same time). A flat-file db can hold the details - for instance:

-------
aaa|aaa
bbb|bbb
ccc|ccc

-------
( I can open this and read in all the records - from there on I haven't a clue.)

I don't know how to make it so that the $username and $password variables pick up the input from the form and keep them throughout that user's time in the script. I know cookies are insecure so they're no good. It just seems if I can make this so it retains the details like the original, it should work.


Or am I approaching this all wrong?


This is the scriptthe shortest I can make it for posting here)
------------------------------------------
Code:

#!perl use CGI::Carp qw(warningsToBrowser fatalsToBrowser); print "Content-type: text/html\n\n"; # Variables adn settings $scriptname="aa.pl"; # name of this script. $username = "123"; # username and password - original setup -- this works great for just one user. $password = "123"; &parseform; # parses form # call sub-routines       $command = $input{'command'};  if ($command eq '') {&login;}    elsif ($command eq 'one') {&one;}    elsif ($command eq 'two') {&two;} # prints the login page sub login { &header; &parseform; print <<"EOF"; <form action="$scriptname" method="post"><input type="hidden" name="command" value="one"> username: <input type="text" name="username"><br>password: <input type="password" name="password"><br> <input type="submit" value="Login"></form> EOF &footer; # open file } # checks username and password, called from every sub-routine sub checkAccess {      if ($input{'username'} ne $username || $input{'password'} ne $password) { print "<html><h1>INVALID PASSWORD</html>\n";            exit(0);      } } ## Main subs # One sub one { &checkAccess; &header; &nav; print <<"HTXT"; <b>One</b>  (userID: $username)<br>Home text and code goes here HTXT &footer; } # Two sub two { &checkAccess; &header; &nav; &parseform; print <<"EDF"; <b>Two</b>  (userID: $username)<br>Two text and code goes here.<br>If it works here it'll work with all subs. EDF &footer; } #### Common Subs # Main navigation sub nav { print <<"EOF"; <b>Tester Script</b><br><br><table><TR><td> <form action="$scriptname" method="post"><input type="hidden" name="username" value="$input{username}"> <input type="hidden" name="password" value="$input{password}"> <input type="hidden" name="command" value="one"> <input type="submit" class="btns" value="Home" onFocus="if(this.blur)this.blur()"> </form></td><td> <form action="$scriptname" method="post"> <input type="hidden" name="username" value="$input{username}"> <input type="hidden" name="password" value="$input{password}"> <input type="hidden" name="command" value="two"> <input type="submit" class="btns" value="Two" onFocus="if(this.blur)this.blur()"> </form></td><td></TR></table> EOF } sub header {print "<html><head><title></title></head><body><div align=center>\n";} sub footer {print "</div></body></html>\n";} sub parseform {   read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});   if (length($buffer) < 5) { $buffer = $ENV{QUERY_STRING}; }   @pairs = split(/&/, $buffer);   foreach $pair (@pairs) {      ($name, $value) = split(/=/, $pair);      $value =~ tr/+/ /;      $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;      $in{$name} = $value;      $input{$name} = $value;   } } #### end

-------

Hope someone can help, many thanks - Ted

If you're looking to allow (as I think you are) multiple users to log in, each with there own password, then you need to add a loop into your code to check for each username / password in turn in checkAccess. It would return a true value if ANY of the pairs matched, or false if you didn't get a match.

Multiuser brings a whole lot of other additional issues over single user; will all your users have access to the same data, for example, of each their own data area.  There are whole books written, I suspect, on the subject.   I do think you'll need to think through a lot of issues very carefully as you carry on down this route.  Good luck - and of course do ask further questions as and when you need to.

Graham



Hi Graham, I'll have a go at looping the checkAccess. I've just been playing around with matches (m/) and managed to get a response ('cuz I thought why not try this and it worked). That would have to be part of it (I think), as the users will indeed access data.

The database has a user ID as the key for each record and so if a user enters the script only that user's records would show so they can edit or delete them. That side of things is fairly straight forward once I get the validation right.

I hadn't thought of looping in the checkAccess (the brain doesn't work that way) - I was figuring, 'do the stuff then checkAccess'. So I shall set to on that.

many thanks - Ted

Did you know that an eternal loop makes the fan on your PC work overtime before 5 o'clock  

---