Making an admin password

Top Japanese page




Overview

When a script executed first time, check if there is an administrator's password file. If no password file, generate it. The administrator's password will be used in administration setup or manage the CGI settings. This routine is used in most of my CGIs.

Flow

  1. Check if the password file has already been generated
  2. If there is the password file, do nothing
  3. If no password, execute setting routine and open the setting page
  4. Generate a password from the password input page
  5. Reopen the script

A sample code

 use CGI;
 
 my $q = CGI->new;
 my $adminpwd="adminpwd.dat";
 
 unless (-e "$adminpwd"){
     if ($q->param('mode') eq 'wradminpwd'){
        &wradminpwd;
     } else {
        &setadminpwd;
     }
 }
 
 sub setadminpwd {
  print "Content-Type: text/html\n\n";
  print "<form name=\"setpwd\" action=\"$script\" method=\"post\">\n";
  print "<center>Please set an administrator's password<br>\n";
  print "<input type=input name=\"pwd\" size=20>\n";
  print "<input type=submit name=\"sub\" value=\"Setup\">\n";
  print "<input type=hidden name=\"mode\" value=\"wradminpwd\">\n";
  print "</form>";
 }
 
 sub wradminpwd {
    if (open(FILE,"> $adminpwd")){
        print FILE &makecrypt($q->param('pwd'));
        close(FILE);
    } else {
        print "Content-Type: text/html\n\n";
        print 'Failed to generate a password';
        exit;
    }
  
    print "Location: $script\n\n";
 }
 
 sub makecrypt {
    my $plain = shift;
    my $salt = join "", ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64];
    my $result = crypt($plain,$salt) or crypt($plain,'$1$'.$salt.'$');
    return $result;
 }

Description of the code

 use CGI;
 
 my $q = CGI->new;

This line makes the object $q from CGI.pm. This part is need by most of CGI if they require arguments.

 my $adminpwd="adminpwd.dat";

Sets up a password file name. All password file will be referred by $adminpwd afterward.

 unless (-e "$adminpwd"){
     if ($q->param('mode') eq 'wradminpwd'){
        &wradminpwd;
     } else {
        &setadminpwd;
     }
 }

unless block is the main code. If there is the file $adminpwd, this block will not be executed. If it does not exist, in the first time, the else clause is executed and the script goes to the function &setadminpwd. If the file $adminpwd does not exist and the execution is after entering a password, the if clause will be executed and the password file $adminpwd will be generated by the function &wradminpwd.

 sub setadminpwd {
  print "Content-Type: text/html\n\n";
  print "<form name=\"setpwd\" action=\"$script\" method=\"post\">\n";
  print "<center>Please set an administrator's password<br>\n";
  print "<input type=input name=\"pwd\" size=20>\n";
  print "<input type=submit name=\"sub\" value=\"Setup\">\n";
  print "<input type=hidden name=\"mode\" value=\"wradminpwd\">\n";
  print "</form>";
 }

This function displays the password input form. $script is the script itself. The hidden indicates the next mode to be executed after the button is clicked. Actually, after Content-Type, <html>, <bodY> tags should be there, but they are omitted in this function becasue those are not the point to be explained here.

 sub wradminpwd {
    if (open(FILE,"> $adminpwd")){
        print FILE &makecrypt($q->param('pwd'));
        close(FILE);
    } else {
        print "Content-Type: text/html\n\n";
        print 'Failed to generate a password';
        exit;
    }
  
    print "Location: $script\n\n";
 }

The password generation part. When this part is executed, the parameter passed through "pwd" is encrypted by makecrypt. Then the encrypted text is stored in the file $adminpwd. if $adminpwd is not generated because of some reason, the script is terminated with a message. Once the password file is genearted, the script restarts itself by the Location tag.