CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
Search Posts SEARCH
Who's Online WHO'S
Log in LOG

Home: Perl Programming Help: Intermediate:
comparing users password to one stored in a database



Sep 18, 2000, 8:42 AM

Post #1 of 2 (1506 views)
comparing users password to one stored in a database Can't Post

I am [trying] to write a script that will allow employees to clock in and out for work, and calculate the work hours for the week. I plan to use a pipe-delimited text file for the database. In the database, I plan to have fields such as username, password, timein, timeout, totaltime, etc.

What I am looking for help on is how to compare and match user input to input already in the database, specifially for login purposes. In other words, I would like to have all users and passwords in the database so that a user can pull up the script/page and type in their username/password and upon clicking submit the script would search the database file, match the username, then compare the passwords (one entered vs one in database) if they match -return page A, if they dont return page B.

Any suggestions/help/references are greatly appreciated!!!

User / Moderator

Sep 22, 2000, 7:39 AM

Post #2 of 2 (1506 views)
Re: comparing users password to one stored in a database [In reply to] Can't Post

Dont save the password to the delimited file as clear text. Do you realize how vulnerable that leaves your application to someone hacking?

Use crypt and a dual character random seed at least to encrypt the password into the data file.

To test the encrypted password for a match, find the encrypted password for the userID, parse of the first two characters, use it as the seed for the crypt function with the password entered and see if the result of this crypt matches the crypted password in the database. Much safer.

Also, depending on the number of employees, you might rather use an SQL compatable database like Sybase, SQL Server, MSAccess, etc.

Hope these ideas help.



Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives