Приглашаем посетить
AUTH-LIB
############################################################
# AUTH-LIB.PL
#
# This script was written by Selena Sol & Gunther Birznieks.
# Date Created: 5-10-96
# Date Last Modified: 5-14-96
#
# You may copy this under the terms of the GNU General Public
# License or the Artistic License which is distributed with
# copies of Perl v5.x for UNIX.
#
# Selena Sol may be contacted at selena@eff.org
#
# Purpose: Provides a set of library routines to provide
# a standard authentication front_end to CGI Programs
#
# Main Procedures:
# GetSessionInfo - Returns the session information or prompts
# the user to log in.
#
# Special Notes: This script relies on mail-lib.pl for sending
# email (if the feature is activated)
#
# It also uses CRYPT inside the EncrytWrap routine. If your
# OS does not support Crypt, you can write your own inside
# EncryptWrap. The routine resides in auth-extra-lib.pl file.
#
# The script is written to be compact for returning session
# information since that is what the script does 99% of the time
# When the script needs to do more, it does a require on
# a huge auth-extra-lib.pl file that has all sorts of routines
# and options.
#
# The environmental variables that the authentication library
# expects to set are the following:
#
# These variables should be set in the define variables
# part of whatever program you are calling the authentication
# library routines from.
#
# Path To The Where Auth Library Files are stored.
#$auth_lib = ".";
# Are we doing server based authentication?
#$auth_server = "off";
# Are we doing CGI based authentication? IE are
# we logging in eusing a CGI form
#$auth_cgi = "on";
#
# NOTE: If neither CGI or Server auth is ON then
# the program will return a session id with blank
# information for the fields that the application
# is looking for.
#
# Where is the user file stored?
#$auth_user_file = "user.dat";
# If alt_user_file is defined, when a user
# registers, their information will be stored
# in the alternate user file until the system
# admin (you) copies them over. Normally,
# you will just let them register into the
# main file.
#$auth_alt_user_file = "altuser.dat";
#
# Auth_allow_register turns on the ability of a
# user to register to the system
#$auth_allow_register = "on";
#
# Auth_allow_search turns on the ability of a
# user to search through the userlist for their
# username in case they forgot it.
#$auth_allow_search = "on";
#
# Default group is the default name of the group
# variable in the user file when the user gets added.
# Groups are useful for controlling rights in a program
# to certain things like being able to post events.
#$auth_default_group = "normal";
#
# If auth_check_duplicates is on, then the program
# will check for duplicate usernames when a person
# tries to register for the system. Duplicates are
# checked in both the user file and the ALT user file
# described above.
#$auth_check_duplicates = "on";
#
# If auth_use_cleartext is on, then the passwords
# will not be encrypted in the userfile. This
# makes it easier for an admin to maintain their
# own userfile at the risk of security.
#
#$auth_use_cleartext = "off";
#
#
# If auth_generate_password is on, then the program
# will generate a password for the user
#
#$auth_generate_password = "on";
#
# If add_register is on, then the program will
# save the users registration to the user file or
# the alternative user file, depending on the above
# definitions.
#$auth_add_register = "on";
# If email-register is on, then the program will
# email the registration to the sys admin (you)
# depending on the email definitions below.
#$auth_email_register = "on";
# Address to send from. Must be a valid address on the
# machine the web server is on.
#$auth_admin_from_address = "gunther\@foobar.com";
# Address to registration information to.
#$auth_admin_email_address = "gunther\@foobar.com";
# Session files should be kept around until the user
# will not need to get back in with the same id. The
# number is measured in days and keeping the files around
# for 2 days is more than enough.
#$auth_session_length = 2;
# session_dir is where the Sessions are stored.
#$auth_session_dir = "./Sessions";
# register_message is the message that the user sees after
# they have successfully registered onto the system. You
# will want to change this if the user information is not
# stored in the main user data file right away.
#$auth_register_message =
# "Thanks, you may now logon with your new username
# and password.";
#
# Auth_password_message is a message sent to users
# when they apply and their password needs to be sent to
# them. The final part of the message is the password
# itself which gets appended to the message by the program
# when the user registers.
#$auth_password_message =
# "Thanks for applying to our site, your password is";
#
# Auth_extra_fields is an array that contains the name
# of any fields that are kept about the user other than
# username, password, and group.
#
# Note that ALL the extra fields must have the word
# "auth" in them.
#
# Note also that there has to be an auth_email for the
# search function to work in the program.
#
#@auth_extra_fields = ("auth_first_name", "auth_last_name",
# "auth_email");
#
# Auth_extra_desc are the descriptive field names that
# correspond to the same elements in auth_extra_fields.
#
#@auth_extra_desc = ("First Name", "Last Name", "Email");
#
# Auth_logon_title is the title in the HTML for the initial
# logon screen. You might want to change this since people
# may bookmark this screen.
#
#$auth_logon_title = "Submit Logon";
#
# Auth_logon_header is the header in the HTML for the
# initial logon screen.
#
#$auth_logon_header = "Enter your logon information";
#
# NOTE: $auth_logon_title and $auth_logon_header will
# default to generic messages if they are not defined by
# you.
############################################################
############################################################
#
# subroutine: GetSessionInfo
# Usage:
# ($session, $username, $group, @extra_fields,
# = &GetSessionInfo($session, "script name",
# *in);
#
# Parameters:
# $session = session id. Null if it is not defined yet
# $main_script = the script you are calling
# &GetSessionInfo From
# *in = A reference to the form data that was read
# in with &ReadParse.
#
# Output:
# $session = session id
# $username = user name
# $group = group information
# @extra_fields = an array of more fields usually
# consisting of the following:
# $first_name = first name
# $last_name = last name
# $email = email address
############################################################
sub GetSessionInfo {
local($session, $main_script, *in) = @_;
local($session_file, @fields);
local(@fields);
# If the session is not defined, we load in all
# the routines and then call the VerifyUser routine
# which will log the person into the system
#
# If the session id IS defined, then we simply
# read the session file and return the information
# back to the program related to the session.
#
if ($session eq "") {
require "$auth_lib/auth-extra-lib.pl";
@fields = &VerifyUser($main_script, *in);
} # End of if
else {
$session_file = "$session.dat";
open (SESSIONFILE, "$auth_session_dir/$session_file") ||
(require "$auth_lib/auth-lib-fail-html.pl" && exit);
while (<SESSIONFILE>) {
chop;
@fields = split(/\|/);
}
close (SESSIONFILE);
unshift(@fields, $session);
} # End of else
# return the array of fields;
@fields;
} # End of GetSessionInfo
1;