#####################################################################
### Add Permission ###
### by JPDeni ###
### Last Modified: 1 Nov 2000 ###
#####################################################################
# This mod is for anyone who wants to add another level of permission
# to their database. You might want to have two levels of users,
# with one level having more restricted access than another. This will
# show you how to create the extra level.
# The mod is quite involved and there are a number of things you must
# change. Each step ends with instructions for testing the progress
# of the mod so far. Please follow those instructions. It is much
# easier to debug any problems you might have if you know at which
# step the problem occurred.
# If you are planning to install the secure password lookup mod, do it
# now before you install this one. There are some places where the
# instructions are different for those who have the password lookup
# mod.
# If you would like to see how the mod developed, go to
# http://www.gossamer-threads.com/scripts/forum/resources/Forum12/HTML/002597.html
#
# If you have any trouble with the mod, though, please start a new
# topic. That topic is long enough as it is. :)
#####################################################################
# Step 1:
# Make backup copies of all of your files and make the changes to the
# backups. Create a new directory in your cgi-bin for the testing of
# this script.
# Replace your .pass file with the following:
# UserID : Password : View : Add : Del : Mod: Member:Admin
admin:A.f0Kvdiyy8q2:1:1:1:1:1:1
author:zs047RckAhJH6:1:1:1:1:1:0
guest:ZX9XTlIfPvdGE:1:0:0:0:0:0
# In $auth.pl, sub check_password, change
my ($view, $add, $mod, $del, $admin);
# to
my ($view, $add, $mod, $del, $mem, $admin);
# and change
($userid, $pw, $view, $add, $del, $mod, $admin) = split (/:/, $pass);
# to
($userid, $pw, $view, $add, $del, $mod, $mem, $admin) = split (/:/, $pass);
# and change
return ('ok', $db_uid, $view, $add, $del, $mod, $admin);
# to
return ('ok', $db_uid, $view, $add, $del, $mod, $mem, $admin);
# In sub auth_check_permissions, change
($name, $pw, $view, $add, $del, $mod, $admin) = split (/:/, $permission);
if ($username eq $name) {
$view = int($view); $add = int($add); # We int everything just in case
$del = int($del); $mod = int($mod); # someone has put spaces after the permssions.
$admin = int($admin);
return ($view, $add, $del, $mod, $admin);
# to
($name, $pw, $view, $add, $del, $mod, $mem, $admin) = split (/:/, $permission);
if ($username eq $name) {
$view = int($view); $add = int($add); # We int everything just in case
$del = int($del); $mod = int($mod); # someone has put spaces after the permssions.
$admin = int($admin); $mem = int($mem);
return ($view, $add, $del, $mod, $mem, $admin);
# In db.cgi, sub main, change
($status, $uid, $per_view, $per_add, $per_del, $per_mod, $per_admin)
= &auth_check_password; # Authenticate User, get permissions and userid.
# to
($status, $uid, $per_view, $per_add, $per_del, $per_mod, $per_mem, $per_admin)
= &auth_check_password; # Authenticate User, get permissions and userid.
# In html.pl, sub html_home, add a print statment somewhere on the
# page where you will be able to see it
print "$db_userid: Member -- $per_mem";
# (This line will not be in the final html.pl file, but it is
# an important debugging line.)
# Upload your auth.pl, db.cgi and html.pl files to your server and
# login with each of the usernames. On the home page, you should see:
When logged on as admin:
admin: Member -- 1
When logged on as author:
author: Member -- 1
When logged on as guest:
guest: Member -- 0
(It's possible when you log on as guest that you will get
guest: Member --
but that's okay, too.)
# If you don't get this result, do not continue with the mod. Check
# that you have entered each line correctly in all three files.
#####################################################################
# Step 2:
# (You can skip this step if you never intend to have users sign up
# for accounts online. However, if you think you might, it's a good
# idea to make the change now.)
#
# In your .cfg file, change the @auth_default_permissions to
@auth_default_permissions = (1,0,0,0,0,0);
# (Basicly, we're just adding a permission level here. Keep what you
# have, but add another ,0 to the end.)
# Do the same thing with @auth_signup_permissions.
######
# For users of the secure password lookup mod only!
#
# In db.cgi, sub signup, change
my ($message,$userid, $pw, $view, $add, $del, $mod, $admin, $email, $password);
# to
my ($message,$userid, $pw, $view, $add, $del, $mod, $mem, $admin, $email, $password);
# and change
($userid, $pw, $view, $add, $del, $mod, $admin, $email) = split (/:/, $pass);
# to
($userid, $pw, $view, $add, $del, $mod, $mem, $admin, $email) = split (/:/, $pass);
#
######
# Upload your .cfg file and db.cgi to your server.
# Go to the login form and sign up for an account. Log in with the
# new username and password and see what you get. You should see
username: Member -- 0
or
username: Member --
# Download the .pass file and change the permission to 1 for the new
# user. Upload the .pass file and log in again as the new user. You
# should see
username: Member -- 1
#####################################################################
# Step 3:
# With the secure password lookup mod, each line includes a variable
# for the email address. If you don't have the password lookup mod,
# it is still okay for you to have this variable in there. It will
# be ignored by the script. You may, if you wish, delete the $email
# and $in{'email'} variables from the lines.
# In db.cgi, sub admin_display, in the section that starts with
# If we've been passed in new_username, then we are adding a new user. Do
# some basic error checking and then add him into the password file.
# change
($userid, $pw, $view, $add, $del, $mod, $admin, $email) = split (/:/, $pass);
# to
($userid, $pw, $view, $add, $del, $mod, $mem, $admin, $email) = split (/:/, $pass);
# and change
print PASS "$in{'new_username'}:$encrypted:$in{'per_view'}:$in{'per_add'}:$in{'per_del'}:$in{'per_mod'}:$in{'per_admin'}:$in{'email'}\n";
# to
print PASS "$in{'new_username'}:$encrypted:$in{'per_view'}:$in{'per_add'}:$in{'per_del'}:$in{'per_mod'}:$in{'per_mem'}:$in{'per_admin'}:$in{'email'}\n";
# In the section that starts with
# If we have a username, and the admin didn't press inquire, then
# we are updating a user.
# change
($userid, $pw, $view, $add, $del, $mod, $admin, $email) = split (/:/, $pass);
# to
($userid, $pw, $view, $add, $del, $mod, $mem, $admin, $email) = split (/:/, $pass);
# and change
print PASS "$in{'username'}:$password:$in{'per_view'}:$in{'per_add'}:$in{'per_del'}:$in{'per_mod'}:$in{'per_admin'}:$in{'email'}\n";
# to
print PASS "$in{'username'}:$password:$in{'per_view'}:$in{'per_add'}:$in{'per_del'}:$in{'per_mod'}:$in{'per_mem'}:$in{'per_admin'}:$in{'email'}\n";
# In the section that begins with
# If we are inquiring, let's look for the specified user.
# change
$email = $data[7]; # Note: this line is only in the script if you have the secure password lookup mod installed.
$perm = qq|
View
Add
Delete
Modify
Admin |;
# to
$email = $data[8];
$perm = qq|
View
Add
Delete
Modify
Member
Admin |;
# In the section that starts with
# Build the permissions list if we haven't inquired in someone.
# change
if (!$perm) {
$perm = qq|
View
Add
Delete
Modify
Admin |;
}
# to
if (!$perm) {
$perm = qq|
View
Add
Delete
Modify
Member
Admin |;
}
# Upload the db.cgi file and log in with the username/password --
# admin/admin. Go to the Admin link and change the permission of the
# user you added in step 2. Go back to the login page and log in as
# that new user. Check to see that the permission is correct. Then
# log in as admin again and change the permission again. Once more,
# log in as the new user and check the permission.
#####################################################################
# Step 4:
# This is only for those with the secure password lookup mod
# installed. If you do not have the mod, you will not have the
# subroutines that are referenced here. If you do not have the
# secure password lookup mod installed, skip to Step 5.
# In db.cgi, sub lookup, change
my ($message, $userid, $pw, $view, $add, $del, $mod, $admin, $email, $password, $found, $output);
# to
my ($message, $userid, $pw, $view, $add, $del, $mod, $mem, $admin, $email, $password, $found, $output);
# and change
($userid, $pw, $view, $add, $del, $mod, $admin, $email) = split (/:/, $found);
# to
($userid, $pw, $view, $add, $del, $mod, $mem, $admin, $email) = split (/:/, $found);
# and change
print PASSWD "$userid:$encrypted:$view:$add:$del:$mod:$admin:$email\n";
# to
print PASSWD "$userid:$encrypted:$view:$add:$del:$mod:$mem:$admin:$email\n";
# If you're using sub get_email, you'll need to make some changes there, too.
# Change
my ($userid, $pw, $view, $add, $del, $mod, $admin, $email);
# to
my ($userid, $pw, $view, $add, $del, $mod, $mem, $admin, $email);
# and change
($userid, $pw, $view, $add, $del, $mod, $admin, $email) = split (/:/, $pass);
# to
($userid, $pw, $view, $add, $del, $mod, $mem, $admin, $email) = split (/:/, $pass);
# If you're using sub change email, make the following adjustments:
# Change
my ($message, $userid, $pw, $view, $add, $del, $mod, $admin, $email, $password, $found, $output, $pass);
# to
my ($message, $userid, $pw, $view, $add, $del, $mod, $mem, $admin, $email, $password, $found, $output, $pass);
# and change
($userid, $pw, $view, $add, $del, $mod, $admin, $email) = split (/:/, $pass);
# to
($userid, $pw, $view, $add, $del, $mod, $mem, $admin, $email) = split (/:/, $pass);
# and change
($userid, $pw, $view, $add, $del, $mod, $admin, $email) = split (/:/, $found);
# to
($userid, $pw, $view, $add, $del, $mod, $mem, $admin, $email) = split (/:/, $found);
# and change
print PASS "$userid:$encrypted:$view:$add:$del:$mod:$admin:$in{'email'}\n";
# to
print PASS "$userid:$encrypted:$view:$add:$del:$mod:$mem:$admin:$in{'email'}\n";
# If you're using sub change_password, make the following adjustments:
# Change
my ($message, $userid, $pw, $view, $add, $del, $mod, $admin, $email, $password, $found, $output);
# to
my ($message, $userid, $pw, $view, $add, $del, $mod, $mem, $admin, $email, $password, $found, $output);
# and change
($userid, $pw, $view, $add, $del, $mod, $admin, $email) = split (/:/, $found);
# to
($userid, $pw, $view, $add, $del, $mod, $mem, $admin, $email) = split (/:/, $found);
# and change
print PASS "$userid:$encrypted:$view:$add:$del:$mod:$admin:$email\n";
# to
print PASS "$userid:$encrypted:$view:$add:$del:$mod:$mem:$admin:$email\n";
# Test anything that you did before you go on. Do a password lookup
# for the new user. Log on as the new user and change the email
# address, change the password, add a record (which pulls the email
# address from the .pass file). Do not go on until you know that
# everything is working okay.
#####################################################################
# Step 5:
# At this point, you are ready to do some work with your real .pass
# file, if you have one already for the database you're using. You
# will have to go through and manually change the "member" permission
# through the admin display, but first you need to add another field
# to the password file. Save your "real" password file to the
# directory you've been working in.
# Save the script below to the same directory, with the name
# fixpass.cgi
# Note that you may need to change the first line of the script to
# match your path to Perl and, if your .pass file is not called
# "default.pass," you'll have to change the name of the file as well.
# ------ The script starts below this line.-------------
#!/usr/local/bin/perl
$db_script_path = ".";
$auth_pw_file = $db_script_path . "/default.pass";
open (PASSWD, "<$auth_pw_file") or &cgierr("unable to open password file. Reason: $!\n");
@passwds = ;
close PASSWD;
PASS: foreach $pass (@passwds) {
next PASS if ($pass =~ /^$/);
next PASS if ($pass =~ /^#/);
chomp ($pass);
($userid, $pw, $view, $add, $del, $mod, $admin, $email) = split (/:/, $pass);
$output .= "$userid:$pw:$view:$add:$del:$mod:0:$admin:$email\n";
}
open (PASS, ">$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
print PASS $output;
close PASS;
print "Content-type: text/html\n\n";
print qq|Password file fixed
The password file is now fixed. Log on to DBMan to test it out.|;
sub cgierr {
# --------------------------------------------------------
# Displays any errors and prints out FORM and ENVIRONMENT
# information. Useful for debugging.
if (!$html_headers_printed) {
print "Content-type: text/html\n\n";
$html_headers_printed = 1;
}
print "
\n\nCGI ERROR\n==========================================\n";
$_[0] and print "Error Message : $_[0]\n";
$0 and print "Script Location : $0\n";
$] and print "Perl Version : $]\n";
$db_setup and print "Setup File : $db_setup.cfg\n";
$db_userid and print "User ID : $db_userid\n";
$db_uid and print "Session ID : $db_uid\n";
print "\nForm Variables\n-------------------------------------------\n";
foreach $key (sort keys %in) {
my $space = " " x (20 - length($key));
print "$key$space: $in{$key}\n";
}
print "\nEnvironment Variables\n-------------------------------------------\n";
foreach $env (sort keys %ENV) {
my $space = " " x (20 - length($env));
print "$env$space: $ENV{$env}\n";
}
print "\n
";
exit -1;
}
1;
# ------ The script ends above this line.-------------
# Upload the script (in ASCII mode) and set the permission to 755.
# Run it from your browser, using fixpass.cgi.
# After it's finished, log on to DBMan, using one of the
# username/password combinations that you know is in the file.
# Create a new user and try out all of the functions. Change one of
# the current users to "member" status and try out all the functions.
# (You may need to change a password so you'll be able to log in, but
# that's okay. You're not going to be using this file anyway when
# you're all done.)
# Test everything before you go on. Test it again. Test it a third
# time and then once more for good measure. Try to think of anything
# that might be a problem.
###################################################
# Step 6:
# Once you know that everything is working correctly, copy the
# following files from your test directory to your real directory:
#
# auth.pl
# .cfg
# db.cgi
# fixpass.cgi
#
# You may delete the other files in your test directory.
#
# After you replace the files in your real directory, remember to
# set the permission again for the fixpass.cgi file and run it. Once.
# After you run the script, delete the file from your directory.
####################################################
# Step 7:
# Now you can use the new permission. How you use it is up to you.
# If, for example, you are using the short/long display mod and you
# want only those with "member" permission to see the long display,
# edit your html.pl file as follows:
# In sub html_record, change
print qq|
$rec{'Title'}
|;
# to
if ($per_mem) {
print qq|
$rec{'Title'}
|;
}
else {
print qq|$rec{'Title'}|;
}
# And in sub html_view_success, change
if (($db_total_hits == 1) || ($maxhits == 1)) {
# to
if ((($db_total_hits == 1) || ($maxhits == 1)) && ($per_mem)) {
# If you have questions about how to use the permission to work the
# way you want, please post a question at the Gossamer Threads Support
# Forum at
# http://www.gossamer-threads.com/scripts/forum/forum.cgi