Home | | Internet & World Wide Web HOW TO PROGRAM | | Internet Programming | | Web Programming | Verifying a Username and Password - Perl

Chapter: Internet & World Wide Web HOW TO PROGRAM - Perl and CGI (Common Gateway Interface)

Study Material, Lecturing Notes, Assignment, Reference, Wiki description explanation, brief detail

Verifying a Username and Password - Perl

It is often desirable to have a private Web site—one that is visible only to certain people. Implementing privacy generally involves username and password verification.

Verifying a Username and Password

 

It is often desirable to have a private Web site—one that is visible only to certain people. Implementing privacy generally involves username and password verification. Figure 27.16 is an XHTML form that queries the user for a username and a password. It posts the fields username and password to the Perl script fig27_17.pl upon submission of the form. Note that for simplicity, this example does not encrypt the data before sending them to the server.

 

The script fig27_17.pl (Fig. 27.17) is responsible for verifying the username and password of the client by crosschecking against values from a database. The database list of valid users and their passwords is a simple text file: password.txt (Fig. 27.18).

 

On line 14 of fig27_17.pl, we open the file password.txt for reading and assign it to the filehandle FILE. To verify that the file was opened successfully, a test is performed using the logical OR operator (or). Operator or returns true if either the left condition or the right condition evaluates to true. If the condition on the left evaluates to true, then the condition on the right is not evaluated. In this case, the function die executes only if open returns false, indicating that the file did not open properly. Function die dis-plays an error message and terminates program execution.

 

          <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"

          "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

         

          <!-- Fig. 27.16: fig27_16.html -->

 

          <html>

          <head>

          <title>Verifying a username and a password</title>

          </head>

 

          <body>

          <p>

          <div style =       "font-family = arial">

          Type in your username and password below.

          </div><br />     

           

          <div style =       "color: #0000ff; font-family: arial;

            font-weight: bold; font-size: x-small">

          Note that the password will be sent as plain text.

          </div>

          </p>

         

          <form action = "/cgi-bin/fig27_17.pl" method = "post">

         

          <table style = "background-color: #dddddd">

          <tr>

          <td style = "font-face: arial;

          font-weight: bold">Username:</td>

          </tr>

          <tr>

          <td>

          <input name = "username" />

          </td>

          </tr>

          <tr>

          <td style = "font-face: arial;

          font-weight: bold">Password:</td>

          </tr>

          <tr>

          <td>

          <input name = "password" type = "password" />

          </td>

          </tr>

          <tr>

          <td>

          <input type = "submit" value = "Enter" />

          </td>

          </tr>

          </table>

          </form>

          </body>

          </html>


 

Fig. 27.16  Entering a username and password

 

 

 

The while structure (lines 17–29) repeatedly executes the code enclosed in curly braces until the condition in parentheses evaluates to false. In this case, the test condition assigns the next unread line of password.txt to $line and evaluates to true as long as a line from the file was successfully read. When the end of the file is reached, <FILE> returns false and the loop terminates.

 

    #!/usr/bin/perl

    # Fig. 27.17: fig27_17.pl

    # Program to search a database for usernames and passwords.

 

    use CGI qw( :standard );

 

    $dtd =

    "-//W3C//DTD XHTML 1.0 Transitional//EN\"

    \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";

 

      $testUsername = param( "username" );

      $testPassword = param( "password" );

 

      open( FILE, "password.txt" ) or

      die( "The database could not be opened." );

 

      while ( $line = <FILE> ) {

      chomp( $line );

          ( $username, $password ) = split( ",", $line );

 

          if ( $testUsername eq $username ) {

          $userVerified = 1;

         

          if ( $testPassword eq $password ) {

          $passwordVerified = 1;

          last;

          }

          }

          }

 

          close( FILE );

 

 

          print( header() );

          print( start_html( { dtd => $dtd,

          title => "Password Analyzed" } ) );

         

          if ( $userVerified && $passwordVerified ) {

          accessGranted();

          }

          elsif ( $userVerified && !$passwordVerified ) {

          wrongPassword();

          }

          else {

          accessDenied();

          }

 

          print( end_html() );

 

 

          sub accessGranted

          {

          print( div( { style => "font-face: arial;

          color: blue;

          font-weight: bold" },

          "Permission has been granted,

          $username.", br(), "Enjoy the site." ) );

          }

 

          sub wrongPassword

          {

          print( div( { style => "font-face: arial;

          color: red;

          font-weight: bold" },

          "You entered an invalid password.", br(),

          "Access has been denied." ) );

          }

 

          sub accessDenied

          {

          print( div( { style => "font-face: arial;

          color: red;

          font-size: larger;           

          font-weight: bold" },   

          "You have been denied access to this site." ) );

          }


Fig. 27.17 Program to analyze the username and password entered into an XHTML form

 

    account1,password1

    account2,password2

    account3,password3

    account4,password4

    account5,password5

    account6,password6

    account7,password7

    account8,password8

    account9,password9

account10,password10

 

Fig. 27.18  Database password.txt containing usernames and passwords.

 

Each line in password.txt (Fig. 27.18) consists of an account name and password pair, separated by a comma, and followed by a newline character. For each line read, func-tion chomp is called (line 18) to remove the newline character at the end of the line. Then split is called to divide the string into substrings at the specified separator or delimiter (in this case, a comma). For example, the split of the first line in password.txt returns the list ("account1", "password1"). The syntax

( $username, $password ) = split( ",", $line );

 

sets $username and $password to the first and second elements returned by split (account1 and password1), respectively.

 

If the username entered is equivalent to the one we have read from the text file, the con-ditional in line 21 returns true. The $userVerified variable is then set to 1. Next, the value of $testPassword is tested against the value in the $password variable (line 24). If the password matches, the $passwordVerified variable is set to 1. In this case, because a successful username–password match has been found, the last statement, used to exit a repetition structure prematurely, allows us to exit the while loop immediately in line 26.

 

We are finished reading from password.txt, and we close the file on line 31. Line 37 checks if both the username and password were verified, by using the Perl logical AND operator (&&). If both conditions are true (that is, if both variables evaluate to nonzero values), then the function accessGranted is called (lines 49–56), which sends a Web page to the client, indicating a successful login.

 

If the if statement evaluates to false, the condition in the following elsif statement is tested. Line 40 tests if the user was verified, but the password was not. In this case, the function wrongPassword is called (lines 58–65). The unary logical negation operator (!) is used in line 40 to negate the value of $passwordVerified and test if it is false. If the user is not recognized, function accessDenied is called, and a message indicating that permission has been denied is sent to the client (lines 67–74).

Perl allows programmers to define their own functions or subroutines. Keyword sub begins a function definition, and curly braces delimit the function body (lines 49, 58 and 67). To call a function (i.e., to execute the code within the function definition), use the func-tion’s name, followed by a pair of parentheses (line 38, 41 and 44).



Study Material, Lecturing Notes, Assignment, Reference, Wiki description explanation, brief detail


Copyright © 2018-2020 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.