Login integration with custom Perl scripts

nepenthean · November 05, 2005, 10:21:24 AM

I am the co-webmaster of this site: hxxp:www.rfgeneration.com [nonactive]

We are a video games database. The site is essentially done entirely in Perl, and we run a Perl version of YaBB 1.3.1 Gold right now. One of our custom scripts allows members to keep track of their video game collections and do a number of other things. We've integrated the YaBB logins so that users login once to YaBB and then they are logged in to our custom scripts as well.

However, my host has recently notified me that our YaBB board is causing too much stress on the server. Though I think this is a big load of....., I don't really have a choice but to switch forum software. The host recommended SMF, and it does look promising. However, I MUST be able to integrate the logins with the forums with our custom Perl scripts for the switch to make any sense at all. Rewriting a year's worth of Perl scripts for MySQL would be kind of ridiculous.

So, is there any way to integrate? Does SMF leave a cookie that could be tracked by the Perl scripts? Anything else? PHP and MySQL are 100% new to myself and the script programmer I work with on this site, so if this is a dumb question, I apologize.

Thanks much in advance for any help you may be able to give.

Aquilo · November 06, 2005, 01:36:14 AM

there are no dumb question! cookies are readable from any language, javascript, perl, php can read cookies created from the others.

btw, cool site! also it's realy fast for perl! php will fly on your server!

nepenthean · November 07, 2005, 03:39:50 AM

Thanks for the response and the kind words! Currently what we do is check the username & data from the cookie YaBB uses, but as a security measure, we then check it against the user data file in the YaBB folder. Is there a way to do a similar check against the MySQL database via Perl?

Aquilo · November 07, 2005, 12:13:24 PM

yes perl can work with MySQL the major thing is encrypting the password passed by the member logging in to actually check against the database. but your scripts are not doing the login/out, Yabb is so your scripts just need to see if the cookie is there and valid right?

I'll try to look at and see but if your perl scripts can read Yabb's cookies then it should read SMF as long as it knows the cookie name which you can change in the Admin section to match YaBB'.

but if not, I don't know if I can offer any code I haven't even converted a perl script since Yabb SE came out.

nepenthean · November 07, 2005, 12:27:54 PM

Quote from: Aquilo on November 07, 2005, 12:13:24 PM
but your scripts are not doing the login/out, Yabb is so your scripts just need to see if the cookie is there and valid right?

That's correct. YaBB logs in, then when a user requests our scripts it checks for a cookie. If the cookie is there it then takes the username/password in said cookie and verifies it against the appropriate user data file. Here is the code we are using right now (with Perl YaBB remember):

Code Select

sub CookieParse {
    if ($ENV{'HTTP_COOKIE'}) {
        my @pairs = split(/; /, $ENV{'HTTP_COOKIE'});

        foreach (@pairs) {
            local($key, $val) = split(/=/);
            $mycookie{$key} = $val;
        }
    }

    #Check pass
	my @temp;
    	if (-e "$memberdir/$mycookie{'RFGusername'}.dat"){
		open(A, "$memberdir/$mycookie{'RFGusername'}.dat");
		@temp = <A>;
		close(A);
    		chomp @temp;
    	}
	$postcount = @temp[6];
	$mycookie{'RFGname'} = @temp[1];
	my $pwseed ||= 'yy';
	my $password = crypt(@temp[0],$pwseed);
	$mycookie{'RFGusername'} = '' if ($password ne $mycookie{'RFGpassword'});
}

##############################################################################

sub WriteCookie{
my @temp;

    if (-e "$memberdir/$in{'name'}.dat") {
        open(G, "$memberdir/$in{'name'}.dat") || die &PrintErrorPage("Can't open news file '$consolefile', but it does exist. Are the permissions correct?: $!\n");
        @temp = <G>;
        close(G);
    }
    chomp @temp;

    #encrypt pass
    my $pwseed ||= 'yy';
    my $passwordcrypt = crypt(@temp[0],$pwseed);

    if ($in{'password'} eq @temp[0]){
	print "Set-Cookie: RFGusername=$in{'name'}; path=/; expires=Tue, 04-Oct-2061 12:00:00 GMT;\n";
	print "Set-Cookie: RFGpassword=$passwordcrypt; path=/; expires=Tue, 04-Oct-2061 12:00:00 GMT;\n";
     	$mycookie{'RFGusername'} = $in{'name'};
	$mycookie{'RFGname'} = &ShowName($in{'name'});
	&CreateAccount if ((!(-e "yabb/gamelists/$in{'name'}.list"))||(!(-e "yabb/gamelists/$in{'name'}.ratings")));
    } else {
	$in{'action'} = 1;
	$in{'name'} = "";
	&DisplayError("Incorrect Password");
	exit;
    }

}

#############################################################################

Aquilo · November 07, 2005, 12:34:59 PM

the info you'll be looking for to get the cookie data is in Load.php and is about 5 lines into the loadUserSettings() function

Code Select

	// Check first the cookie, then the session.
	if (isset($_COOKIE[$cookiename]))
	{
		$_COOKIE[$cookiename] = stripslashes($_COOKIE[$cookiename]);

		// Fix a security hole in PHP 4.3.9 and below...
		if (preg_match('~^a:3:\{i:0;(i:\d{1,6}|s:[1-6]:"\d{1,6}");i:1;s:(0|32):"([a-fA-F0-9]{32})?";i:2;i:\d{1,12};\}$~', $_COOKIE[$cookiename]) == 1)
		{
			list ($ID_MEMBER, $password) = @unserialize($_COOKIE[$cookiename]);
			$ID_MEMBER = !empty($ID_MEMBER) ? (int) $ID_MEMBER : 0;
		}
		else
			$ID_MEMBER = 0;
	}
	elseif (isset($_SESSION['login_' . $cookiename]) && ($_SESSION['USER_AGENT'] == $_SERVER['HTTP_USER_AGENT'] || !empty($modSettings['disableCheckUA'])))
	{
		list ($ID_MEMBER, $password, $login_span) = @unserialize(stripslashes($_SESSION['login_' . $cookiename]));
		$ID_MEMBER = !empty($ID_MEMBER) && $login_span > time() ? (int) $ID_MEMBER : 0;
	}
	else
		$ID_MEMBER = 0;

how to convert this to Perl is about 5 years out of date for me!!! but preg_match up there uses regular Perl expresions so that's not going to be hard! but the part you'll be most intrested in after the regex is

Code Select

list ($ID_MEMBER, $password) = @unserialize($_COOKIE[$cookiename]);
			$ID_MEMBER = !empty($ID_MEMBER) ? (int) $ID_MEMBER : 0;

sorry I cant help converting the code but maybe this helps! but once you have the $ID_MEMBER, and encrypted $password you can check the database to see if it's right!

Aquilo · November 07, 2005, 12:39:52 PM

also if your going to write cookies to keep the users logged in that function is setLoginCookie() in Subs-Auth.php

Aquilo · November 07, 2005, 12:43:23 PM

you know on your shtml pages you might me able to use SSI.php like the perl includes, SSI.php takes care of all that stuff!

News:

Login integration with custom Perl scripts