How to verify a usnername and password?

Discussion in 'Perl Misc' started by nightcats@gmail.com, Jun 5, 2007.

  1. Guest

    Please Help me.

    I hold an old version of discussion board writen in Perl.
    Recently, a guy from Chins violently spams my discussion board to
    cause it even malfunctioned.

    The only thing I can do is setup a Username/Password verifying
    procedure to stop this Chinese from spamming. I am an ordinary girl
    who know's nothing about this.

    My intention is to add two columns,"username"and"password". When
    Vistior post a message, the perl script verify the combination first.
    Only the one with the right combination can succesfully post it. And I
    intent to get every friends of mine different set of combination.

    I roughly know that the process could be first define a password file:
    $passwd_file = "path/to/my_password_file";

    Then get the variable,
    &check_passwd;

    Then define the variable. but I just don't know how to make it happen.
    Can anybody PLEASE help me so that I can stop this guy from paralizing
    my discussion board. T_T

    By the way, there is a short script in my Perl file to keep track of
    every aticle:
    $tolog = "Post $num|";
    $tolog .= "$ENV{'REMOTE_ADDR'}|"; ### IP
    $tolog .= "$date";
    $tolog .= "\n";
    open(LOG,">>$testfile");
    print LOG $tolog;
    close(LOG);

    After I put on the password verifying process, how to also record the
    "username" information of evrey article?

    thanks. Whoever you are who help me out, you are a life savior.
    , Jun 5, 2007
    #1
    1. Advertising

  2. Guest

    On 6 6 , 11 11 , Bob Walton <> wrote:
    > wrote:
    >
    > ...
    >
    > > I hold an old version of discussion board writen in Perl.
    > > Recently, a guy from China violently spams my discussion board to
    > > cause it even malfunctioned.
    > > My intention is to add two columns,"username"and"password". When
    > > Vistior post a message, the perl script verify the combination first.
    > > Only the one with the right combination can succesfully post it. And I
    > > intent to get every friends of mine different set of combination.

    >
    > One place to start is:
    >
    > perldoc -f crypt
    >
    > which will provide the capability to store encrypted passwords so that
    > if your system is compromised to the point where someone gets the
    > password file, they still won't be able to determine the passwords of
    > your users. You would start by defining a password for your friends and
    > storing the crypt'ed version of it in a file. Then let your friends
    > know the password, and arrange the software so they have to change the
    > password the first time through. You should arrange a couple of simple
    > checks so your friends can't use easily-cracked passwords like '' or 'a'
    > or 'abcde', etc -- if their passwords are easily cracked, you are no
    > better off than you were before.
    >
    > Depending upon your software, you may need to lock access to the
    > password file so multiple instances of your program can't access it
    > simultaneously, at least not when one or more instances need to write to
    > it. See:
    >
    > perldoc -q lock
    >
    > Regarding the type of file to use: If you have only a few users, you
    > can probably get away with a plain text file of a form such as:
    >
    > userID encodedpassword
    >
    > If you have lots of users, you should consider a DBM-type file tied to a
    > Perl hash. See:
    >
    > perldoc DB_File
    >
    > (you might need to download the DB_File module first).
    >
    > Note that userID and password administration can be a chore -- users
    > will forget their userID's and/or passwords, etc.
    >
    > Question: Is your discussion board web-based, or something else?
    >


    Yes, it's a web-based discussion board. It is an old WWWboard Board,
    written by a guy Matt from Matt's Script website long tme ago. It's
    so simple that I even have to add up a few advanced function myself(of
    course, with a lot of help). The main struction is the main page of
    board, a wwwboard.pl to process the posting, a message directory to
    store posted messages, that's all.

    I know it's too easy for spamers but I just love the seasiness of it.

    after check out what you said, I crrently host my sebsite in a
    commercial hosting company. I seem to have such write to all that you
    suggest. I'll contact my hosting to see if they can do it for me.

    THanks a lot.

    (frankly, before you tell me this, I didn't think about the file
    security.)


    By the way, can you tell me how to write the Verifying Process of my
    usernames and passwords?

    He is again spaming now. Gosh, I hate this kind of spammer!!!

    >
    >
    >
    >
    >
    >
    > > I roughly know that the process could be first define a password file:
    > > $passwd_file = "path/to/my_password_file";

    >
    > > Then get the variable,
    > > &check_passwd;

    >
    > > Then define the variable. but I just don't know how to make it happen.
    > > Can anybody PLEASE help me so that I can stop this guy from paralizing
    > > my discussion board. T_T

    >
    > > By the way, there is a short script in my Perl file to keep track of
    > > every aticle:
    > > $tolog = "Post $num|";
    > > $tolog .= "$ENV{'REMOTE_ADDR'}|"; ### IP
    > > $tolog .= "$date";
    > > $tolog .= "\n";
    > > open(LOG,">>$testfile");
    > > print LOG $tolog;
    > > close(LOG);

    >
    > > After I put on the password verifying process, how to also record the
    > > "username" information of evrey article?

    >
    > Looks to me like a simple addition of:
    >
    > $tolog .= "$userID|";
    >
    > at an appropriate place should do it, assuming variable $userID hold the
    > user's userID.
    > --
    > Bob Walton
    > Email:http://bwalton.com/cgi-bin/emailbob.pl- -
    >
    > - -
    , Jun 6, 2007
    #2
    1. Advertising

  3. Guest

    > Depending upon your software, you may need to lock access to the
    > password file so multiple instances of your program can't access it
    > simultaneously, at least not when one or more instances need to write to
    > it. See:
    >
    > perldoc -q lock
    >



    By the way, I'll decide the passwoard for everybody (which is about 40
    of them). They just have to use the password I choose. There is no
    written job for visitors. so, do I still need to do this? thanks.

    (I know thess questions could look stupid..........)
    , Jun 6, 2007
    #3
  4. Scott Bryce Guest

    wrote:

    > Yes, it's a web-based discussion board. It is an old WWWboard Board,
    > written by a guy Matt from Matt's Script website long tme ago.


    Do yourself a huge favor and replace it with an updated version found here.

    http://nms-cgi.sourceforge.net/scripts.shtml
    Scott Bryce, Jun 6, 2007
    #4
  5. Guest

    I've got this problem of mine taking cared of. (which, of course,
    created another new problem.I've opened a new thread to ask for
    help... T_T)

    thanks everybody for helping.
    , Jun 8, 2007
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. feng
    Replies:
    4
    Views:
    1,287
  2. pm a
    Replies:
    1
    Views:
    301
    Flash Gordon
    Jul 5, 2005
  3. AAaron123
    Replies:
    2
    Views:
    2,090
    AAaron123
    Jan 16, 2009
  4. AAaron123
    Replies:
    1
    Views:
    1,311
    Oriane
    Jan 16, 2009
  5. John Apps
    Replies:
    0
    Views:
    168
    John Apps
    May 19, 2008
Loading...

Share This Page