Training, Open Source computer languages
PerlPHPPythonMySQLApache / TomcatTclRubyJavaC and C++LinuxCSS 
Search for:
Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
single to multiple users

Posted by TedH (TedH), 7 September 2006
Hi, I have a script which has username and password access. It works fine for just one user. The details pass sucessfully to every sub-routine.

I want to make it so it can work for multiple users (several could be using it at the same time). A flat-file db can hold the details - for instance:

-------
aaa|aaa
bbb|bbb
ccc|ccc

-------
( I can open this and read in all the records - from there on I haven't a clue.)

I don't know how to make it so that the $username and $password variables pick up the input from the form and keep them throughout that user's time in the script. I know cookies are insecure so they're no good. It just seems if I can make this so it retains the details like the original, it should work.


Or am I approaching this all wrong?


This is the scriptthe shortest I can make it for posting here)
------------------------------------------
Code:
#!perl

use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
print "Content-type: text/html\n\n";

# Variables adn settings
$scriptname="aa.pl"; # name of this script.
$username = "123"; # username and password - original setup -- this works great for just one user.
$password = "123";
&parseform; # parses form

# call sub-routines      
$command = $input{'command'};
 if ($command eq '') {&login;}
   elsif ($command eq 'one') {&one;}
   elsif ($command eq 'two') {&two;}

# prints the login page
sub login {
&header;
&parseform;

print <<"EOF";
<form action="$scriptname" method="post"><input type="hidden" name="command" value="one">
username: <input type="text" name="username"><br>password: <input type="password" name="password"><br>
<input type="submit" value="Login"></form>
EOF
&footer;
# open file
}

# checks username and password, called from every sub-routine
sub checkAccess {
     if ($input{'username'} ne $username || $input{'password'} ne $password) {
print "<html><h1>INVALID PASSWORD</html>\n";
           exit(0);
     }
}

## Main subs
# One
sub one {
&checkAccess;
&header;
&nav;
print <<"HTXT";
<b>One</b>  (userID: $username)<br>Home text and code goes here
HTXT
&footer;
}

# Two
sub two {
&checkAccess;
&header;
&nav;
&parseform;
print <<"EDF";
<b>Two</b>  (userID: $username)<br>Two text and code goes here.<br>If it works here it'll work with all subs.
EDF
&footer;
}

#### Common Subs
# Main navigation
sub nav {
print <<"EOF";
<b>Tester Script</b><br><br><table><TR><td>
<form action="$scriptname" method="post"><input type="hidden" name="username" value="$input{username}">
<input type="hidden" name="password" value="$input{password}">
<input type="hidden" name="command" value="one">
<input type="submit" class="btns" value="Home" onFocus="if(this.blur)this.blur()">
</form></td><td>
<form action="$scriptname" method="post">
<input type="hidden" name="username" value="$input{username}">
<input type="hidden" name="password" value="$input{password}">
<input type="hidden" name="command" value="two">
<input type="submit" class="btns" value="Two" onFocus="if(this.blur)this.blur()">
</form></td><td></TR></table>
EOF
}

sub header {print "<html><head><title></title></head><body><div align=center>\n";}
sub footer {print "</div></body></html>\n";}
sub parseform {
  read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
  if (length($buffer) < 5) { $buffer = $ENV{QUERY_STRING}; }
  @pairs = split(/&/, $buffer);
  foreach $pair (@pairs) {
     ($name, $value) = split(/=/, $pair);
     $value =~ tr/+/ /;
     $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
     $in{$name} = $value;
     $input{$name} = $value;
  }
}
#### end

-------

Hope someone can help, many thanks - Ted

Posted by admin (Graham Ellis), 7 September 2006
If you're looking to allow (as I think you are) multiple users to log in, each with there own password, then you need to add a loop into your code to check for each username / password in turn in checkAccess. It would return a true value if ANY of the pairs matched, or false if you didn't get a match.

Multiuser brings a whole lot of other additional issues over single user; will all your users have access to the same data, for example, of each their own data area.  There are whole books written, I suspect, on the subject.   I do think you'll need to think through a lot of issues very carefully as you carry on down this route.  Good luck - and of course do ask further questions as and when you need to.

Graham



Posted by TedH (TedH), 7 September 2006
Hi Graham, I'll have a go at looping the checkAccess. I've just been playing around with matches (m/) and managed to get a response ('cuz I thought why not try this and it worked). That would have to be part of it (I think), as the users will indeed access data.

The database has a user ID as the key for each record and so if a user enters the script only that user's records would show so they can edit or delete them. That side of things is fairly straight forward once I get the validation right.

I hadn't thought of looping in the checkAccess (the brain doesn't work that way) - I was figuring, 'do the stuff then checkAccess'. So I shall set to on that.

many thanks - Ted

Posted by TedH (TedH), 7 September 2006
Did you know that an eternal loop makes the fan on your PC work overtime before 5 o'clock  



This page is a thread posted to the opentalk forum at www.opentalk.org.uk and archived here for reference. To jump to the archive index please follow this link.

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2014: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 899360 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho