Paj's Home
About Me
Site Info
Cryptography
RSA
JavaScript MD5
md4.js
md5.js
sha1.js
Instructions
Login System
md5auth.py
History
Vigenere Cipher
Word Patterns
Security
Programming
Web Apps
About MeSite InfoCryptographyRSAJavaScript MD5md4.jsmd5.jssha1.jsInstructionsLogin Systemmd5auth.pyHistoryVigenere CipherWord PatternsSecurityProgrammingWeb Apps
#!/usr/bin/perl use MD5; require 'cgi-lib.pl'; $passwd = "secret"; $msg_file = "/other/home/paj/website/md5_msg"; $log_file = "/other/home/paj/website/md5_msglog"; ReadParse(*cgi_parm); if(defined($cgi_parm{'msg'})) { #---------------------------------------------------------------------------# # If the password field matches the hash, allow but issue warning #---------------------------------------------------------------------------# if($cgi_parm{'password'} eq $passwd) { $stat_warn = "(WARNING: Password was transmitted unencrypted)"; } else { #-------------------------------------------------------------------------# # Calculate what the hash should be, with the correct password #-------------------------------------------------------------------------# $hash_str = $cgi_parm{'msg'} . $cgi_parm{'timestamp'} . $passwd; $hash = MD5->hexhash($hash_str); #-------------------------------------------------------------------------# # If this doesn't match what the user sent as a hash, then the password # was wrong #-------------------------------------------------------------------------# if ($hash ne $cgi_parm{'password'}) { $status = "Bad password, or data corrupted during transmission"; goto UPDATE_ERROR; } #-------------------------------------------------------------------------# # Check the timestamp is in range #-------------------------------------------------------------------------# $cur_time = time; if( ($cgi_parm{'timestamp'} > $cur_time) || ($cgi_parm{'timestamp'} < ($cur_time - 300)) ) { $status = "Time stamp invalid"; goto UPDATE_ERROR; } } #---------------------------------------------------------------------------# # Open message file for writing #---------------------------------------------------------------------------# if(!open(MSG, ">$msg_file")) { $status = "Server error - update rejected"; goto UPDATE_ERROR; } for($cgi_parm{'msg'}) { s/</</g; s/>/>/g; s/"/"/g; s/\n/ /g; s/\r//g; } print MSG $cgi_parm{'msg'}; close(MSG); #---------------------------------------------------------------------------# # Log the change #---------------------------------------------------------------------------# if(open(LOG, ">>$log_file")) { print LOG $cgi_parm{'msg'}."\n"; close(LOG); } #---------------------------------------------------------------------------# # Set status message to "accepted" before we reunite with error path #---------------------------------------------------------------------------# $status = "Message update accepted"; UPDATE_ERROR: } else { #---------------------------------------------------------------------------# # Suitible status message for just viewing the message/page #---------------------------------------------------------------------------# $status = "Please try changing the message"; } if(!open(MSG, "<$msg_file")) { $msg = "Server error - can't access message"; } else { $msg = <MSG>; close(MSG); } #-- # Display the template #-- open(TEMPLATE, "md5auth.html") or die $!; $template = join('', <TEMPLATE>); close(TEMPLATE); $template =~ s/\$\$status/$status/; $template =~ s/\$\$stat_warn/$stat_warn/; $template =~ s/\$\$posted/$msg/g; $template =~ s/\$\$timestamp/time()/e; print "Content-type: text/html\n\n$template";
© 1998 - 2008 Paul Johnston, distributed under the BSD License Updated:15 Dec 2007