I have a FreeBSD 4.10-SATA-RELEASE server with perl 5.8 installed with a crap load of Modules, and I was wondering if anyone knew a perl or cgi members login script. I already have a form made, but I need a code that remembers the username and password, and redirects that person to there own page automatically. It would be great to have another form to enter each username, password and redirection page manually (Admin Area). I have no idea how to use perl or CGI, so the best way you can help me is to give me descriptions of what Im supposed to do.

My admin area will be a secured access only page.

I also have mysql Ver 12.22 Distrib 4.0.18, but really dont know anything about it, or how it works.

And I do have PHP 4.3.10, but I only use html pages, and Ive heard I cant use PHP on html pages. I have know idea how to use PHP, I only know how to change stuff. Somewhat...


This is the form script Im wanting to work with...


<form action="http://www.bombastic-studios.com/file.pl or .cgi" method="post">

User Name<br>
<input type="text" name="user" size=15><br>

Password<br>
<input type="password" name="pass" size=15><br><br>

<input type="submit" value="Login"><br>

</form>

If anyone can help me with my huge problem, I will be forever grateful.

open a users.txt file, search for username then compare passwords, if pass then {pass routine}, else {fail routine}. As an option, rather than opening a .txt file, you could access a database (Mysql server for example). This is in it's simplest form. You will likely want to provide increased security along with user options. 'Remembering' is typically performed by utilizing cookies. Keeping track of a current user requires IDing the user and passing/reconciling this id on activity.

At the top or your list would be your hosters implementation of the control panel. If you are reselling space, choose a hoster that provides a flexible cpanel.

Second on your list would be proven apps, such as forum/bbs, commerce, wiki's, etc. that provide a fully packaged approach that you could tailor for your needs.

Thirdly would be a custom construction where in you either integrated localized scripts or 'borrowed' the front end of one the packaged scripts.

Lastly would be constructing the script yourself. If security and function are simple, this may be a good route to get your feet wet with some simple routines. Do a google search on 'perl login routines' or similar and you'll be rewarded.

Many would argue that this list is in reverse, that by playing with basic scripts you generate knowledge whereby you can then climb the ladder into more sophisticated scripts. I agree.

One of the earliest scripts that I found useful was commerce.cgi , reason being it's extensive open source documentation. It does not have a login module specifically, but does demonstrate one approach to tracking users. I have laid a very simple login script overtop using the .txt approach. Once a password is confirmed in the login script, 'borrowed' sections of commerce.cgi kick in to generate user id's, manage cookies, and confim user status.

Now, I do have e-commerce and forum capabilities with my host that I can mess with. I dont know if it is in CGI or PHP. I would have to look. But if it was in CGI, would I have to look through the actual files I have on my server and find the login script, user name and password list, and an admin editing section and use certain codes and files that I will need in order for all of this to work? Or do I have to do something else? The shopping carts I have are OSCommerce, Agora, and Paypal. Do you know if any of these will work with what I need? The forum I have is phpBB. Would a php script work on a .html page? or will I have to stick with .cgi or .pl?


I found out that each password list I have is encrypted. How would I make it so its not? The password lists that I looked at was a chat room, and ecommerce username and password list. Would I have to download a password decrypter to find out what each says, if I want to see what they are?

you can use php if the interpreter is installed on your server, same for perl. I can't really answer your question because I don't know what your needs are, and quite frankly, I wouldn't have time to work out a solution for you. You have encrypted lists?, how where these constructed?, use the same apps that created the lists to further provide your required functions.

Generally speaking, to extract functions from within a script or series of scripts, you will have to have a good understanding of their logic and what they require for input and what to expect for ouput.

the password lists on my whole server were encrypted on there own. It happens whenever I create an email account, or someone signs up for chat. In every directory in my control panel that has some page to put in a user name and password, there is a .htaccess link with every username and password for that login form in it. But I can only read the user names. The passwords are encrypted automatically. I had nothing to do with the encryption of anything on my server. I just have the option to add stuff on to it, and it makes its own directory for that certain thing. Then I can edit or change anything I want in the directory.

Lets put it this way I know some CGI. I know how to edit a .cgi file if I find the right one, but the thing is I have no idea what file to look for. For my OsCommerce shopping cart directory, I have over 30 different .CGI files in different directories. But I dont know the right one of hand because I cant login to my admin screen to find out what file the login page is, or the registering page. If I found that out, then I can use the login form, edit the .CGI file for that form. And copy the register a user script to a new page. But I still wont know what the Username and Password file is for quick reference, to change and edit. Would it be in the .cgi file that the login form has? Or would it be where the register a new user .cgi file is in that form? Or would it be in the .htaccess file in another directory with its own .txt file?

This is what every .htaccess file has in it seeing how there isnt any login info yet for the shopping cart:

Options All

AuthType "Basic"
AuthName "Protected Access"

AuthUserFile /dev/null


require valid-user

If you can help me with what Ive told you, that would be great... If not then, thank you for your help. :)

I can't see how logging into your admin will help you. In a sense you become a user, within the confines of the script, where it sounds like you want to manipulate the script. Are you attempting to hack passwords?. The only way that I can see you getting at the script is to log on with your ftp, and edit your files. And of course to do this in a useful way, you'll need a solid understanding of what's doing what.