Re: How to verify a usnername and password?
- From: Bob Walton <see.sig@xxxxxxxxxxxxxxxx>
- Date: Tue, 05 Jun 2007 23:11:57 -0400
nightcats@xxxxxxxxx wrote:
....
I hold an old version of discussion board writen in Perl.
Recently, a guy from Chins violently spams my discussion board to
cause it even malfunctioned.
The only thing I can do is setup a Username/Password verifying
procedure to stop this Chinese from spamming. I am an ordinary girl
who know's nothing about this.
My intention is to add two columns,"username"and"password". When
Vistior post a message, the perl script verify the combination first.
Only the one with the right combination can succesfully post it. And I
intent to get every friends of mine different set of combination.
One place to start is:
perldoc -f crypt
which will provide the capability to store encrypted passwords so that
if your system is compromised to the point where someone gets the
password file, they still won't be able to determine the passwords of
your users. You would start by defining a password for your friends and
storing the crypt'ed version of it in a file. Then let your friends
know the password, and arrange the software so they have to change the
password the first time through. You should arrange a couple of simple
checks so your friends can't use easily-cracked passwords like '' or 'a'
or 'abcde', etc -- if their passwords are easily cracked, you are no
better off than you were before.
Depending upon your software, you may need to lock access to the
password file so multiple instances of your program can't access it
simultaneously, at least not when one or more instances need to write to
it. See:
perldoc -q lock
Regarding the type of file to use: If you have only a few users, you
can probably get away with a plain text file of a form such as:
userID encodedpassword
If you have lots of users, you should consider a DBM-type file tied to a
Perl hash. See:
perldoc DB_File
(you might need to download the DB_File module first).
Note that userID and password administration can be a chore -- users
will forget their userID's and/or passwords, etc.
Question: Is your discussion board web-based, or something else?
I roughly know that the process could be first define a password file:
$passwd_file = "path/to/my_password_file";
Then get the variable,
&check_passwd;
Then define the variable. but I just don't know how to make it happen.
Can anybody PLEASE help me so that I can stop this guy from paralizing
my discussion board. T_T
By the way, there is a short script in my Perl file to keep track of
every aticle:
$tolog = "Post $num|";
$tolog .= "$ENV{'REMOTE_ADDR'}|"; ### IP
$tolog .= "$date";
$tolog .= "\n";
open(LOG,">>$testfile");
print LOG $tolog;
close(LOG);
After I put on the password verifying process, how to also record the
"username" information of evrey article?
Looks to me like a simple addition of:
$tolog .= "$userID|";
at an appropriate place should do it, assuming variable $userID hold the
user's userID.
--
Bob Walton
Email: http://bwalton.com/cgi-bin/emailbob.pl
.
- Follow-Ups:
- Re: How to verify a usnername and password?
- From: nightcats
- Re: How to verify a usnername and password?
- From: nightcats
- Re: How to verify a usnername and password?
- References:
- How to verify a usnername and password?
- From: nightcats
- How to verify a usnername and password?
- Prev by Date: FAQ 9.4 How do I remove HTML from a string?
- Next by Date: Re: Computer List (Pls hlp!)
- Previous by thread: How to verify a usnername and password?
- Next by thread: Re: How to verify a usnername and password?
- Index(es):
Relevant Pages
|
