Registration and Passwords

[DOLZero]

Ive been workin on a webgame where i would like anybody to be able to go to my site register an account, and start using it immidiately.

i dont know how to set it up so that other people can make thier own passwords, and store it on the servery my site is on without me having to give them a password every time.

if anyone can help me out with some info on how to get it set up to run automatically, i would appreciate it.

BTW: the site has tons of useful info for any net junkey. thanks for the help i have already recieved.

[jeffmott]

If your building an online game is it safe to assume that you already know and are using a server-side language? If so, which language are you using?

Otherwise the best I can tell you is to check The CGI Resource Index for what you're looking for.

[DOLZero]

Thanks for the link. i seem to have found what i was looking for, not to mention a fue other things i havent thougth of.

DZ

[dalehend]

there are some cgi and php scripts that can setup for registration with autogenerated passwords.
Some that I know of are:
libweb.sf.net
postnuke

[Craiga]

The eaisiest way, if you haven't found one already, then i would suggest a flat-file database:

username:password
username1:password1
username2:password2

Then you can just go through them and check it:

open(DAT,"file.txt");
while(<DAT>){
($username,$password) = split(/:/);
}
close DAT;

Thats how you can check them. To add to it you can just simply do an append:


open(DAT,">>file.txt");
print DAT "$username:$password\n";
close DAT;

And you've added a new record.
You may want to get the username and password from the querysting, if you use CGI.pm:

use CGI;
$query = new CGI;
$username = $query->param('username');
$password = $query->param('password');

And let them submit it from a form.

[jeffmott]

Craiga
username:password
username1:password1
username2:password2

You probably should choose delimiters other than : and \n that won't appear in the user's typed input.

Craiga
open(DAT,"file.txt");
while(<DAT>){
($username,$password) = split(/:/);
}
close DAT;

You should always check the return value of open. You also need to lock the file, otherwise it becomes more and more likely your data will become corrupted the more often it is called. You will also have a newline appended to every password.

Craiga
open(DAT,">>file.txt");
print DAT "$username:$password\n";
close DAT;

Again, _must_ lock the file.

$^W = 1;
use strict;

use CGI;
use Fcntl qw{:flock :seek};

sub UNIT_SEPARATOR() &nbsp; { "\x1f" }
sub RECORD_SEPARATOR() { "\x1e" }

my %user;

# read from flat file db
open DAT, '+>>file.txt' or die $!;
seek DAT, 0, SEEK_SET &nbsp; or die $!;
flock DAT, LOCK_SH &nbsp; &nbsp; &nbsp;or die $!;
{ local $/ = RECORD_SEPARATOR;
&nbsp; while (<DAT>) {
&nbsp; &nbsp; chomp;
&nbsp; &nbsp; my( $user, $pass ) = split(UNIT_SEPARATOR);
&nbsp; &nbsp; $user{$user} = $pass;
&nbsp; }
}
close DAT or warn $!;

# get new user/pass
my $cgi = new CGI;
if ( defined $cgi->param('user') ) {
&nbsp; my( $user, $pass ) = ( $cgi->param('user'), $cgi->param('pass') );
&nbsp; $$_ =~ tr/\x1e\x1f//d for \$user, \$pass;
&nbsp; $user{$user} = $pass;
}

# write to flat file db
open DAT, '>>file.txt' or die $!;
seek DAT, 0, SEEK_SET &nbsp;or die $!;
flock DAT, LOCK_EX &nbsp; &nbsp; or die $!;
truncate DAT, 0 &nbsp; &nbsp; &nbsp; &nbsp;or die $!;
{ local $\ = RECORD_SEPARATOR;
&nbsp; print DAT $_ . UNIT_SEPARATOR . $user{$_} for keys(%user);
}
close DAT or warn $!;

[Craiga]

Yea i was just throwing together a quick example

[Jay5]

I'm new to the CGI/ Perl world and I was under the impression that the simple TXT file for password checking is a minimum level of security.

How would go about offering a higher level of security, but still remaining within the CGI/ Perl world?

For example, could you hide the username/ passwords in another file or a more secure location.

[Craiga]

You could encrypt the username and passwords or just the passwords.

[Jay5]

Mostly just for curiousity sake, but I would guess the encryption/ decryption logic would be somewhere in my cgi source. So using encryption would just be giving somebody another hoop to jump through to get to my data?

Maybe were just at the low end of security here, just making incremental steps towards some ultimate secure thing if there is such.

[jeffmott]

Jay5
using encryption would just be giving somebody another hoop to jump through

But the CGI source is not available to users of the site. The only thing they would be able to access is the encrypted data, which does them no good (assuming you've used an adaquately strong encryption scheme).

[Jay5]

Yea I'm still a little green here. I forgot that. My thinking or train of mind is that everybody is seeing my CGI source and I realize this may not be true. That last repy, created a spark.