×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

comparing users password to one stored in a database

comparing users password to one stored in a database

comparing users password to one stored in a database

(OP)
Hello,
I am [trying] to write a script that will allow employees to clock in and out for work, and calculate the work hours for the week. I plan to use a pipe-delimited text file for the database. In the database, I plan to have fields such as username, password, timein, timeout, totaltime, etc.
What I am looking for help on is how to compare and match user input to input already in the database, specifially for login purposes. In other words, I would like to have all users and passwords in the database so that a user can pull up the script/page and type in their username/password and upon clicking submit the script would search the database file, match the username, then compare the passwords (one entered vs one in database) if they match -return page A, if they dont return page B.

Any suggestions/help/references are greatly appreciated!!!
TIA,
Jim

RE: comparing users password to one stored in a database

Ok,

So -- you have a file named 'userstuff' laid out like this:

username|password|timein|timeout|totaltime

with a line in it like this:
mlacey|mrniceguy|0800|1700|0900

# first get the password from the user into the variable $passtry
open(F,'userstuff') || die "Can't open userstuff\n$!\n";
while(<F>){
    if(/^$user\|/){
        ($username,$password,$timein,$timeout,$totaltime) = split(/\|/);
        if($password =~ /^$passtry$/){
            # password matched, return page a
        } else {
            # password did not match, return page b
        }
        last; # exit loop because we found the user in the file
    }
}
close(F);

Mike
michael.j.lacey@ntlworld.com
Cargill's Corporate Web Site
Making mistakes, so you don't have to. <grin>

RE: comparing users password to one stored in a database

I'd like to add something to Mike's code.  You should also use a one-way hashing function for the purposes of encrypting the password in the database.  When creating the database, use crypt($password) to store it.  Then, in order to compare, you write: if (crypt($passtry) =~ /^$password$/){...

This just makes it harder for someone to read the database file if they somehow were able to open it.  Of course if they got full access to your system then they could rewrite your code so you didn't need a password at all, or write their own.  But every step you take is helpful.  Hackers usually break in by a series of security holes, not just one.

Sincerely,

Tom Anderson
CEO, Order amid Chaos, Inc.
http://www.oac-design.com

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login


Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close