UBB.Developers Forums Community Development Programming PHP and Server-side Scripting How do I verify someones forum username and password from another script?

OK, I have about 5 scripts that I use along with my forum. I have a link script, review script, and some other scripts that I use to let users interact more with my site. When I wrote these, I was hoping to be able to verify the username and password of the poster. So if someone wanted to add a link to their page on the link script, they must be registered. I looked through Dave's Login Script, and I have narrowed the code that verifies it down to both ubblibrary.pl scripts. Anyone have an easier way to do this? Any help will be appreciated!

If you know Perl, it's not hard to do.

Use memberslist.cgi to map the username to the 8-digit user number, construct the member's profile filename from the number (e.g., 00000123.cgi), then get the password from that file.

What was more challenging was to do this from a script running on a server different from the one the UBB is on

Damn, your a genius! I will do it tonight, have a dentist appointment right now. Thanks!

Edit: Here is what I have so far:


It works fine. Is there any way to improve it?

This message has been edited by Scud Muffin on January 16, 2001 at 02:08 PM

well I see something that needs improved. I see that after you find the user number you open the member file, but then you use a foreach to check each line with $FORM{'password'}, that's not secure at all. I think the password is on line 2. so you need to do this:


also I suggest you use CGI pm to parse your forms:


that will give you the same results as and it's better:


Mark B. just posted a thread about the use of -wT and other usefull things in perl. It's a very info filled article. I recommend you take a look at it if you want to increase your perl knowledge

Ahhh poo ... I had it working on my old server, I moved it to my new one, and now it doesn't work. I need some help here guys. The problem that I get is it only checks the last line of the memberslist.cgi in the Members directory. The code in the above post is pretty old, here is my new code (this is just a sub):


I am reading the article you recommended. I have heard of tainting and stuff before, just never knew what it did. I would be really grateful if someone could help me out soon. I have dealine to have over 19 scripts for my site done by Feb 1st. The only thing holding me up is this username and password veryfication. I will give you a cookie if you help!

This message has been edited by Scud Muffin on January 26, 2001 at 10:54 PM

because you took an if else statement out of your foreach loop, and you spelled chomp wrong

this code should work just fine:


------------------
Powered by ZCom Bulletin Boards

no reason to loop. One swift motion:

my %FORM = map {$_ => $obj->param($_)} $obj->param;

Personally, I prefer to just work with the objects, rather then move them into a hash, as you already have the values in the object and are thus duplicating data.

As for the rest of the code, i'll try to look later on to see other improvements, if any

--mark

God I love this board. Every time I think I am getting good, I realize I suck, or just ponder the enormity of knowledge I don't possess. You guys are life savers (not the hard candy). I will try the code now and report back.

This message has been edited by Scud Muffin on January 27, 2001 at 06:37 PM

OK, I am back. There is one problem with the code. The username works great, but the password doesn't. It is still opening the last file in memberslist.cgi, not the one adjacent to the username specified in the form. Here is what I am using to verify the username and password (it is a short sub):


Any way to fix this?

i like this one. change $dado{'USER'} and $dado{'PASS'} for something you are using to get the form inputs. then open a loop


------------------

sleepless

*Hails to the king Copycat*

Works great, I am so damn happy!

me too, actually..

------------------

sleepless