Directories with PERL
BumbleBeeWare.com has become
extremly popular primarily because of the captcha for perl script.
Since we are one of the few sites with an understandable captcha
solution and it's a free one at that, more and more webmasters
are turning to this site as a resource for perl scripts.
Therefore we are developing some more advanced scripts that are
ready to use.
This ready to go simple perl
script is a password management system. Although I have offered a
simple password script to show how to add passwords, many people
have asked for a complete program to add, remove and manage
passwords for multiple directories.
This program will manage any
number of password files for extensive sites with many sensitive
areas. All the password files will be in in a data directory and
will be updated by the program. Each coresponding directory must
have a .htaccess file in it with the path to the password file
for that directory.
This program offers very
little error checking since it is for administration. But it is,
like the other programs here, it is a great starting point to
build on. It will do everything you need to manage users manually.
It allows you to add users, remove users, lookup passwords and
list all users in each file.
the Password Management Script
To configure the program you
only need to adjust 2 things. The names of the password files and
the path to the data directory where the files will be stored.
The data directory must be web writeable or chmod 0777.
# main data director
to store password files in
$datadir = "/var/www/website/data";
# list of password files
@securepassfiles = ("admin","secure");
The pass files should be user
friendly names like admin
or secure or members.
Those will be the names you will use when constructing the .htaccess
files, we will add the extension .pass on the password
file and .data on the data file which contains the actual
The .htaccess file is a
standard file pointing to the password file in the data directory.
Just use a text editor and create a file called .htaccess with
the following text.
Just replace the path_to_passfile with the actual path to the file in the data
directory that coresponds with the directory you are password
If the path to your data
directory is /var/www/website/data and
you want to use the file name "secure" then the full
path would be /var/www/website/data/secure.pass
Save the file in the directory
you want to password protect allowing access to all the people
listed in the secure.pass file.
Upload the pwdmanage.cgi in
text format to your cgi-bin or any directory that allows you to
run perl scripts. You will want to password protect the directory
that the script is in so other people can't make their own
passwords. If you can only run scripts in the cgi-bin, then make
a sub directory like /cgi-bin/passwords and then password protect
only the password directory so you don't password protect the
Make the script executable or
Then just use it to create the
passwords for your directories. For each new password file add to
the @securepassfiles = ("admin","secure");.
The new names will now appear in your main page and the files
will be created automatically.
- This program is not written in the most efficient manner but
rather the most workable format. With each function such as
adding users a separate subroutine, you can easily modify the
html and form fields for each action. The program is not going to
have heavy use, so there is no need to streamline the code like
you would with general access. The important part is making the
program the most useful and the least complicated.
The .data files can of course
contain much more data such as name, address, phone, address and
so on. The sub that accesses the passwords can be expanded to
show the additional data so the program is more functional.
In a secure situation, you
would not keep the actual passwords. But for most applications it
is fine. Since the file can be kept in a non web readable
directory, the only other people with access are other websites
sharing your server. In the case of shared hosting if you are
concerned about security, then don't use the password data file.
Anyone sharing your server can easily access any of your files.
If you only use the .pass file, all passwords are encrypted and
cannot be read. So use the files accordingly.
This is a great quick and
dirty little script that you could use as the starting point for
a full scale membership system with automated payments and
If you already understand .htaccess
files, this script will be very useful. If you don't, then do
some additional research and find out what .htaccess files are
and how they work before trying to use this script.