Login/Password redirect script 2

[FrozenLogger]

have a small project that I'm working on. I need to set up a username/password login area that depending on the username/pass, the user will get sent to their specific directory. Essentially this is a client login area.

Does anyone know of a good redirect script that is easy to configure? The Web server is on a Unix Machine.

Many thanks

 

[lagerplease]

I can let you have a simple PERL solution (below) but be aware that it is anything but secure as anyone can access the data file if they know what it's called and where it's located. I would suggest that you name it something obscure that no-one would ever guess at. Also, I'm assuming that you know about PERL and that you can fill in all the required gaps in the sample script. Let me know if any of this is ambiguous or if I'm making too many assumptions.

Phil Wills


### Sample HTML file ###

<form method=&quot;POST&quot; action=&quot;loginscript&quot;>
User name: <input type=&quot;text&quot; name=&quot;username&quot;><br>
Password: <input type=&quot;text&quot; name=&quot;password&quot;><br>
<input type=&quot;submit&quot; value=&quot;Log in&quot; name=&quot;submit&quot;>
</form>

### Sample data file ###

user1|password1|redirect parameters 1|
user2|password2|redirect parameters 2|
user3|password3|redirect parameters 3|

### Sample PERL script ###

#!/usr/bin/perl

$userlist = &quot;/absolute/path/to/userlist.dat&quot;;

print &quot;Content-type: text/html\n\n&quot;;

if ($ENV{'REQUEST_METHOD'} eq 'GET')
{
@pairs = split(/&/, $ENV{'QUERY_STRING'});
}
else
{
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
}

foreach $pair (@pairs)
{
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack(&quot;C&quot;, hex($1))/eg;
$value =~ s/<!--(.|\n)*-->//g;
$value =~ s/<([^>]|\n)*>//g;
$form{$name} = $value;
}

open (USERLIST, &quot;$userlist&quot;
@userlist = <USERLIST>;
close (USERLIST);

$matchfound = &quot;no&quot;;

foreach $dataline (@userlist)
{
chomp $dataline;
($username, $password, $redirect) = split(/\|/, $dataline);

if ($username eq $form{username})
{
$matchfound = &quot;yes&quot;;
}

last if ($username eq $form{username});
}

if ($matchfound eq &quot;no&quot
{
&denyuser;
}
elsif ($form{password} ne $password)
{
&denypassword;
}
else
{
&displaypage;
}

sub displaypage
{
# Display the page which the user now has access to via the $redirect parameter string

exit;
}

sub denyuser
{
# Inform the user that they have entered an invalid user name

exit;
}

sub denypassword
{
# Inform the user that they have entered a valid user name but an invalid password

exit;
}