![]() |
![]() |
![]() |
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
![]() |
![]() |
To access the contents, click the chapter and section titles.
Perl CGl Programming: No experience required.
Moving Passwords to the WebThe last step in this section will be to actually password-protect a Web page. Setting up the form for entering a password is not difficult because HTML forms have a password input type that displays only asterisks when something is typed into it. The HTML code that follows shows you how to do it: <HTML> <HEAD> <TITLE>Enter your password, please</TITLE> </HEAD> <BODY> <H1 ALIGN="CENTER">Enter your password, please</H1> <HR> <CENTER> <FORM ACTION="/cgi-bin/chkpwd.pl" METHOD="POST"> <H3>Password:</H3> <INPUT TYPE="password" NAME="password" SIZE="12" MAXLENGTH="12"> <BR> <BR> <INPUT TYPE="submit" VALUE="Enter"> <INPUT TYPE="reset" VALUE="Clear"> </FORM> </CENTER> </BODY> </HTML> Save this code as password.html in your Web servers root directory. Figure 13.10 shows what it will look like in your browser when you type something in the password field.
There is one noteworthy instruction in password.html. Notice that we have chosen the POST method for the form. Why? Two reasons: First, you dont want any visitor to be able to see the forms action posted as a URL, as visitors could if the GET method were specified. Second, you dont want any visitor to attempt to run the forms CGI programchkpwd.plas a URL. Youll see how to guard against this possibility in the script for chkpwd.pl, which follows: #!/perl/bin/perl # chkpwd.pl # Verifies the password sent to it with whats # in the password file. # Get header files. require "html.pm" || die "Cant open Perl header files: $!\n"; $PwdFileName = "password"; # Full path where needed. # Check the REQUEST_METHOD to ensure that its "POST". # Complain and exit if its not. if ($ENV{REQUEST_METHOD} ne "POST") { &HTML_Header ("Unauthorized entry!"); print <<THE_END; <BODY> <H1 ALIGN="CENTER">Unauthorized entry attempt</H1> <H1 ALIGN="CENTER">Goodbye!</H1> </BODY> THE_END &HTML_Footer; exit (0); } # Methods OK. Get the data and try to open the password file # and get the encrypted password. read (STDIN, $QueryString, $ENV{CONTENT_LENGTH}); ($dummy, $PwdString) = split (/=/, $QueryString); open (PWD, $PwdFileName) || die "Cant open $PwdFileName: $!\n"; $EncryptedPwd = <PWD>; close (PWD); # Run everybody by crypt(). if (crypt ($PwdString, $EncryptedPwd) eq $EncryptedPwd) { &HTML_Header ("Welcome"); print <<END_GOOD_PWD; <BODY> <H1 ALIGN="CENTER">Welcome to the restricted Web page</H1> <HR> <H2 ALIGN="CENTER">Your password must have worked </H2> </BODY> END_GOOD_PWD &HTML_Footer; } else # This handles an incorrect password. { &HTML_Header ("Incorrect password"); print <<END_BAD_PWD; <BODY> <H1 ALIGN="CENTER">Incorrect password!</H1> <HR> <H2 ALIGN="CENTER">Hit the "Back" button and try again</H2> </BODY> END_BAD_PWD &HTML_Footer; } # End chkpwd.pl Install chkpwd.pl where your server expects to find CGI applications. Run it by entering passwords in the form created by password.html. A good password results in the display shown in Figure 13.11.
And if a bad password is sent to chkpwd.pl, it draws the page shown in Figure 13.12.
Applying Passwords on Your SiteNow that you can protect a Web page with an encrypted password, what applications can you think of for the concept? You could set up portions of the Web site for selected visitors, of course. Or you could require that visitors get past a protected page before they enter your site at all. One good application would be to use your Web server and browser as an interface for you to perform maintenance functions on your site. Site maintenance is important, but youre the only one who should be performing it. In the next section, youll explore the rudiments of site maintenance by building a system to edit entries out of your guest book from a password-protected Web page. Maintaining a Secure Web SiteA Web installation requires care and feeding. The amount is pretty much up to you, but youll find very soon after building a Web site that you cant just crank it up and walk away. Maintaining adequate security on a site doesnt have to be a matter of constant vigilance, though the more vigilance you apply, the fewer unwanted visitors will drop by. Keep an eye on your servers logs, because they can tell you when and from where an untoward event might have occurred. You can even take the step with many servers of locking out access from specific IP addresses. This is drastic, because lots of visitors come from online services such as America Online and CompuServe, and you would be locking all of them out. But it is an option if you feel that your site is being compromised. Most Web site maintenance doesnt involve stringing up cybernetic barbed wire, however. The more features you have on your site, the more interaction you will have with visitors, which increases the amount of work for you. Visitors might be filling out polls or ordering products; any of this interaction will be stored on your site and you have to do something with it. The Web server and browser give you a built-in graphical user interface that you can useoften with very little programmingto set up modules on the site for maintaining the aspects of your Web pages that need it. Again, the guest book module you built in Skill 7 provides a good place to start.
|
![]() |
Products | Contact Us | About Us | Privacy | Ad Info | Home
Use of this site is subject to certain Terms & Conditions, Copyright © 1996-2000 EarthWeb Inc. All rights reserved. Reproduction whole or in part in any form or medium without express written permission of EarthWeb is prohibited. |