##################################################################### # One record per user # Add a record at the time of signup # To be used *without* the password lookup mod # To be used with the *default* html.pl file # # by JPDeni # Created 11-July-2000 ##################################################################### # # You can have the user fill out the form for a new record at the # same time he signs up for an account. # # Install the secure password lookup mod before you install this one. # # Note that this will take away a little bit of security. The user's # email address will not be verified before he signs up for an # account. # # You will not be able to use the autogenerate feature if you use this # mod. # # You must include the following in your .cfg file: #-- a userid field #-- $auth_user_field set to the correct field number #-- $auth_signup = 1; #-- @auth_signup_permissions = (1,0,1,1,0); ##################################################################### # In html.pl, replace sub html_signup with the following: sub html_signup_form { # -------------------------------------------------------- # This form is displayed for new users who want to create an account. # my $error = shift; my %rec; $in{'signup_form'} = 1; &html_print_headers; print qq| $html_title: Create Account.
$html_title: Create Account

<$font_title>Create Account

<$font>To create your own account, simply fill out the following form.

|; if ($error) { print "$error

"; %rec = %in; } else { %rec = &get_defaults; } print qq|
|; &html_record_form(%rec); print qq|

|; } ##################################################################### # Copy sub html_add_success and replace sub html_signup_success with # it. # # You will probably want to change the wording on the subroutine. ##################################################################### # In sub html_record_form, after print qq| # add |; if ($in{'signup_form'}) { print qq| |; } print qq| ##################################################################### # In db.cgi replace sub signup with the following sub signup { # -------------------------------------------------------- # Allows a user to sign up without admin approval. Must have $auth_signup = 1 # set. The user gets @default_permissions. # my ($message,$userid, $pw, $view, $add, $del, $mod, $admin, $password); my ($output, $status, $counter); # Check to make sure userid is ok, pw ok, and userid is unique. unless ((length($in{$db_cols[$auth_user_field]}) >= 3) and (length($in{$db_cols[$auth_user_field]}) <= 12) and ($in{'userid'} =~ /^[a-zA-Z0-9]+$/)) { $message = "Invalid userid: $in{'userid'}. Must only contain only letters and be less than 12 and greater than 3 characters.
"; } unless ((length($in{'pw'}) >= 3) and (length($in{'pw'}) <= 12)) { $message .= "Invalid pw: '$in{'pw'}'. Must be less than 12 and greater than 3 characters.
"; } open (PASSWD, "<$auth_pw_file") || &cgierr("unable to open password file. Reason: $!\n"); @passwds = ; close PASSWD; foreach $pass (@passwds) { # Go through each pass and see if we match.. next if ($pass =~ /^$/); # Skip blank lines. next if ($pass =~ /^#/); # Skip Comment lines. chomp ($pass); ($userid, $pw, $view, $add, $del, $mod, $admin) = split (/:/, $pass); if (lc($in{$db_cols[$auth_user_field]}) eq lc($userid)) { $message = "userid already exists. Please try another.
"; } } if ($message) { &html_signup_form ($message); return; } $status = &validate_record; while ($status eq "duplicate key error" and $db_key_track) { if ($counter++ > 50) { &html_signup_form("duplicate key error"); return; } $in{$db_key}++; $status = &validate_record; } if ($status eq "ok") { open (DB, ">>$db_file_name") or &cgierr("error in add_record. unable to open database: $db_file_name.\nReason: $!"); if ($db_use_flock) { flock(DB, 2) or &cgierr("unable to get exclusive lock on $db_file_name.\nReason: $!"); } print DB &join_encode(%in); close DB; open (ID, ">$db_id_file_name") or &cgierr("error in get_defaults. unable to open id file: $db_id_file_name.\nReason: $!"); if ($db_use_flock) { flock(ID, 2) or &cgierr("unable to get exclusive lock on $db_id_file_name.\nReason: $!"); } print ID $in{$db_key}; close ID; $in{$db_email_field} = lc($in{$db_email_field}); # Add the userid into the file with signup permissions. open (PASS, ">>$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!"); if ($db_use_flock) { flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!"); } srand( time() ^ ($$ + ($$ << 15)) ); # Seed Random Number my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/'); my $salt = join '', @salt_chars[rand 64, rand 64]; my $encrypted = crypt($in{'pw'}, $salt); my $permissions = join (":", @auth_signup_permissions); print PASS "$in{$db_cols[$auth_user_field]}:$encrypted:$permissions\n"; close PASS; $in{'login'} = 1; $db_uid = ""; $in{'userid'} = $in{$db_cols[$auth_user_field]}; ($status, $uid, $per_view, $per_add, $per_del, $per_mod, $per_admin) = &auth_check_password; if ($status eq "ok") { $db_script_link_url = "$db_script_url?db=$db_setup&uid=$db_uid"; ($db_userid) = $db_uid =~ /([A-Za-z0-9]+)\.\d+/; } &auth_logging("added new user: $in{$db_cols[$auth_user_field]}") if ($auth_logging); &html_signup_success; } else { &html_signup_form($status); } } ##################################################################### # To create a link to the signup form-- # from a static .html page -- Sign up # from within DBMan -- Sign up
<$font>Password: