Gossamer Forum
(Advanced Search)
for
Home : Products : DBMan : Installation :

generating logins & passw

Mar 2, 1999, 9:48 AM
JJJ Media Partners
Novice (9 posts)
Mar 2, 1999, 9:48 AM
Post #1 of 2
Views: 1932
Shortcut
Quote Reply
generating logins & passw
how do I get the auto function login & passw int the settings of the auth file.
I tried severall things but it won't work what is it that i do wrong?
i.e. I want to generate the program the login and password for a new client.
Mar 1, 1999, 9:55 PM
JPDeni
Veteran / Moderator (8669 posts)
Mar 1, 1999, 9:55 PM
Post #2 of 2
Views: 1899
Shortcut
Quote Reply
Re: generating logins & passw In reply to
You want to generate a login and a password, rather than allowing the user to choose them, right? Do you just want random letters and numbers for them?

I wrote a routine that allows users to enter a login name, but generates the password for them. I don't usually do this, but I'll post my entire sub signup from the db.cgi script. Maybe this will help.

Code:
sub signup {
# --------------------------------------------------------
# Allows a user to sign up without admin approval. Must have $auth_signup = 1
# set. The user gets @default_permissions.
#
my $message;

# Check to make sure userid is ok, and userid is unique.
unless ((length($in{'userid'}) >= 3) and (length($in{'userid'}) <= 12) and ($in{'userid'} =~ /^[a-zA-Z0-9]+$/)) {
$message = "Invalid userid: $in{'userid'}. Must only contain only letters and be less than 12 and greater then 3 characters.";
}
unless ( $in{'email'} =~ /.+\@.+\..+/ ) {
$message = "Invalid email address: '$in{'email'}.'";
}

$in{'email'} = lc($in{'email'});
open (PASSWD, "<$auth_pw_file") &#0124; &#0124; &cgierr("unable to open password file. Reason: $!\n");
@passwds = <PASSWD>; # Let's get the user id and passwords..
close PASSWD;
PASS: foreach $pass (@passwds) { # Go through each pass and see if we match..
next PASS if ($pass =~ /^$/); # Skip blank lines.
next PASS if ($pass =~ /^#/); # Skip Comment lines.
chomp ($pass);
($userid, $pw, $view, $add, $del, $mod, $admin, $email) = split (/:/, $pass);
($in{'userid'} eq $userid) and ($message = "userid already exists<BR>");
($in{'email'} eq $email) and ($message = "email address already exists");
($message) and (last PASS);
}
if ($message) {
&html_signup_form ($message);
return;
}

# Create password

@c = split(/ */, "bcdfghjklmnprstvwxyz");
@v = split(/ */, "aeiou");
for ($i = 1 ; $i <= 4; $i +=1 ) {
$in{'pw'} = $in{'pw'} . $c[int(rand(20))]. $v[int(rand(5))];
}

open (PASS, ">>$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
my $permissions = join (":", @auth_signup_permissions);

print PASS "$in{'userid'}:$in{'pw'}:$permissions:$in{'email'}:\n";
close PASS;

open (MAIL, "|$mail_program") &#0124; &#0124; print "Can't start mail program";

print MAIL "To: $in{'email'}\n";
print MAIL "From: $admin_email\n";
print MAIL "Reply-to: $admin_email\n";
print MAIL "Subject: $db_name Account Created\n\n";

print MAIL "-" x 75 . "\n\n";

print MAIL "Your account at $db_name has been created.\n\n";

print MAIL "Your $db_name User ID is: $in{'userid'}\n";
print MAIL "Your $db_name password is: $in{'pw'}\n\n";

print MAIL "Please keep this email for future reference.\n\n";

print MAIL "To log on, go to\n\n";
print MAIL "$db_script_url?db=$db_setup\n";
print MAIL "and enter your User ID and password.\n\n";

print MAIL "Please contact $db_name support at: $admin_email\n";
print MAIL "if you have any questions.\n\n";

close (MAIL);

&html_signup_success;
}

The user enters his desired username and email address on the signup form.

There are some other things here to watch out for. I didn't encrypt the password (because the client I wrote this for wanted users to be able to have lost passwords sent to the user). Also, the email address is added to the password file, so there are also changes to the auth.pl file -- and other places where the password file is accessed. On html_signup_form, the "password" field is replaced by an "email" field.

Some other little things--I defined
$admin_email
$mail_program
$db_name
in the .cfg file

What I'm saying is that you can't just copy this and put it in place of sub signup. There are other things to do. But it might give you some ideas of how to go about it.

BTW, the password-generating routine gives an 8-letter password in the form of four "syllables" -- one consonant and one vowel each. The place where I got the routine says there are at least 8 million combinations, so it is unlikely there would be a duplication. The passwords are a little easier to remember though, than just random letters and numbers -- things like "hiretuve" that you can sort of pronounce.


------------------
JPD

All my advice is offered on the basis of kindness-ware. If I've helped you to solve a problem, go out of your way to be kind to someone today.