"Fossies" - the Fresh Open Source Software archive 
Member "SiteMgrYAP/cgi-bin/authsmgryap.cgi" of archive SiteMgrYAP-0.2.0.tar.gz:
#!/usr/bin/perl
# AuthSiteMgr -- Authentication of users bassed on IP and password.
#
# CopyRight 1998 Jose Manuel Macias
# macias@cica.es
#
use CGI;
use strict;
no strict 'vars';
require "/home/httpd/secure/sitemgr.conf";
my($q,$ScriptURL,$from_IP,$state,$logname,$givenpasswd);
$q = new CGI;
### Default paths to 'DocumentRoot' and passwords file, and administrator's
### e-mail or reference
#my $DocumentRoot = "/home/httpd/html/"; # Must end in '/'
#my $SiteMgrPasswd = "/home/httpd/secure/sitemgrpasswd"; # Choose a secure place
# for it, and 'chown'
# it to the server user
#my $SiteMgrURL = "http://www.yoursitenamehere.org/cgi-bin/smgryap.cgi"; # URL to sitemgr.cgi
#my $Administrator = "<a href=mailto:webmaster\@yoursitenamehere.org>webmaster\@yoursitenamehere.org</a>";
my ($f_crpass, $f_vfrom, $f_vdirs, $f_desc, @valid_froms, $valid_from, $env_from, $f_usr);
### INITIALIZATION
$ScriptURL = $ENV{'SCRIPT_NAME'};
$state = $q->param('state') if $q->param('state');
#$from_IP = $q->param('from_IP') if $q->param('from_IP');
$logname = $q->param('logname') if $q->param('logname');
$givenpasswd = $q->param('passwd') if $q->param('passwd');
### Basic security check ...
#if($ENV{'HTTP_X_FORWARDED_FOR'})
# $state = "error 6";
#}
if($ENV{'HTTP_REFERER'}){
if ( ($ENV{'HTTP_REFERER'} !~/$ENV{'SERVER_NAME'}/) &
$ENV{'HTTP_REFERER'} !~/$ENV{'SCRIPT_NAME'}/){
$state = "error 1";
}
}
### Start printing HTML code ... and switch 'state' functions
print "Content-type: text/html\n\r\n";
if ($state =~ "error"){
&print_errors ($state);
}else{
if( $state eq "identification" ){
&check_user_identity ( $logname, $givenpasswd );
}else{
&print_login_form ();
}
}
################################
### Print the login web form ###
################################
sub print_login_form {
print <<"HERE";
<html>
<head>
<!-- AuthSiteMgr.cgi -- Script by Jose Manuel Macias, macias\@cica.es -->
<title>SiteMgr login form</title>
<link rel="stylesheet" href="/smgryap/sitemgr.css" type="text/css">
<script language="JavaScript">
parent.MsgWindow.document.open();
parent.MsgWindow.document.write("<html><body bgcolor=#FFFFFF><blockquote>");
parent.MsgWindow.document.write("Please, enter the user name and password, and press continue. If ");
parent.MsgWindow.document.write("you don't remember your password, put in contact with ");
parent.MsgWindow.document.write("the administrator of this service ($Administrator).");
parent.MsgWindow.document.write("</blockquote></body></html>");
parent.MsgWindow.document.close();
</script>
</head>
<body bgcolor="#FFFFFF">
<div class="green-box">
<form action="http://www.yoursitenamehere.org/cgi-bin/authsmgryap.cgi" method=post>
<table border=0 celspacing=0 cellpading=0 width="100%" height="100%" nosave>
<tr align=center valign=center>
<td align=center valign=center>
<center>
User: <input name=logname type=text size=15> <br>
Password: <input name=passwd type=password size=15> <br>
<input type=hidden name=state value=identification>
<p>
<input type=submit value="Continue">
<input type=reset value="Clear">
</center>
</td>
</tr>
</table>
</form>
</div>
</body>
</html>
HERE
exit;
}
####################################################################
### Check user identity comparing with the one in password file. ###
####################################################################
sub check_user_identity {
my($logname,$givenpasswd) = @_;
my $cr_pass; # Passwd crypted with correct salt
my @valid_dirs; # Valid paths for an identified user
my $valid_dir; # Each one in @valid_dirs
unless(open(FILE,"$SiteMgrPasswd")){
$state = "error 2";
&print_errors ($state);
}
while(<FILE>){
($f_usr,$f_crpass,$f_vfrom,$f_vdirs,$f_desc) = split(/:/,$_); # Split fields
# First we ckeck for user's identity ...
if ($f_usr eq $logname){ # Username is right ?
$cr_pass = crypt($givenpasswd, substr($f_crpass,0,2)); # Crypt given passwd
if($f_crpass eq $cr_pass){ # If passwd is correct
# Then we check if user is conecting from the right place
@valid_froms = split(/,/,$f_vfrom); # Valid origins
$state = "error 5";
for $valid_from (@valid_froms){
if($valid_from =~ /$*/){ # $valid_from ends with '*'
($valid_from,) = split(/\*/,$valid_from);
$env_from = $ENV{'REMOTE_ADDR'};
if($env_from =~ /^$valid_from/){
$state = "";
}
}else{
if($env_from eq $valid_from){
$state = "";
}
}
}
if( $state eq "error 5" ){
&print_errors ($state);
}
# ... and then print directories for the user
my @valid_dirs = split(/,/,$f_vdirs);
print <<"HERE";
<html>
<head>
<!-- AuthSiteMgr.cgi -- script by Jose Manuel Macias, macias\@cica.es -->
<title>SiteMgr directory selection form</title>
<link rel="stylesheet" href="/smgryap/sitemgr.css" type="text/css">
<script language="JavaScript">
parent.MsgWindow.document.open();
parent.MsgWindow.document.write("<html><body bgcolor=#FFFFFF><blockquote>");
parent.MsgWindow.document.write("Now, select the directory in wich you wish to operate with ");
parent.MsgWindow.document.write("SiteMgr and press continue. If the directory doesn't appears ");
parent.MsgWindow.document.write("put in contact with the administrator of this service ($Administrator). ");
parent.MsgWindow.document.write("</blockquote></body></html>");
parent.MsgWindow.document.close();
function DrawCommandWindows(){
parent.MsgWindow.document.open();
parent.MsgWindow.document.write("<html><body bgcolor=#FFFFFF><blockquote>");
parent.MsgWindow.document.write("Use the left button bar for operating with ");
parent.MsgWindow.document.write("the files and directories in central window.");
parent.MsgWindow.document.write("</body></html>");
parent.MsgWindow.document.close();
parent.ButtonBar.document.location = "/smgryap/ButtonBar.html";
parent.Upload.document.location = "/smgryap/UploadForm.html";
}
</script>
</head>
<body bgcolor="#FFFFFF">
<div class="green-box">
<form action="$SiteMgrURL" method=post>
<table border=0 celspacing=0 cellpading=0 width="100%" height="100%" nosave>
<tr align=center valign=center>
<td align=center valign=center>
<center>
<select name="top_dir">
HERE
for $valid_dir (@valid_dirs){
print "<option value=\"$valid_dir\">$valid_dir</option> \n";
};
print "\n</select>\n</center>\n<br>\n<center>\n<input type=submit onClick=\"DrawCommandWindows()\" value=Continue >\n";
print "<input type=hidden name=user value=$logname>\n";
print "<input type=hidden name=crpass value=$cr_pass>\n";
print "</center>\n</td>\n</tr>\n</table>\n</form>\n</div>\n</body>\n</html>\n";
close FILE;
exit;
}else{
close FILE;
$state = "error 4";
&print_errors ($state); # wrong password
}
}
}
close FILE;
$state = "error 3";
&print_errors ($state); # wrong user(user does not exists
exit;
}
###############################
### Print processed errors. ###
###############################
sub print_errors {
my($state) = @_;
print "<html>\n<head>\n<title>\n";
print "Error when processing the submission.\n</title>\n</head>\n";
print "<body bgcolor=#FFFFFF>\n<br><br><br>\n<center>\n";
for ($state){
/^error 1$/ and do {
print "<b>Error 1:</b> You're trying to log by using a form that is not ";
print "the correct one. SiteMgr can't permit this kind of actions for security reasons.";
last; };
/^error 2$/ and do {
print "<b>Error 2:</b> Put in contact with $Administrator for solving this problem.";
last;
};
/^error 3$/ and do {
print "<b>Error 3:</b> Wrong identification. Put in contact with $Administrator for solving this problem.";
last;
};
/^error 4$/ and do {
print "<b>Error 4:</b> Wrong identification. Put in contact with $Administrator for solving this problem.";
last;
};
/^error 5$/ and do {
print "<b>Error 5:</b> Invalid origin. Put in contact with $Administrator for solving this problem.";
last;
};
/^error 6$/ and do {
print "<b>Error 6:</b> SiteMgr has detected you're conecting through a ";
print "proxy server. Please, read the documentation on how to ";
print "disable proxies, and try to log again.";
last;
};
}
print "\n</center>\n</body>\n</html>";
exit;
}