#!/usr/bin/perl -w ####################################### # SCRIPT NAME : login.cgi # DATE: Sep 2004 # VERSION: 1.0 # AUTHOR: Sarun Chinskul # EMAIL: schinskul@crystalmczieinc.com ####################################### use lib "/home/httpd/vhosts/cminyc.com/httpdocs/admin"; chdir "/home/httpd/vhosts/cminyc.com/httpdocs/"; use CGI; use DBI; use HTML::Template; use Digest::MD5 qw(md5_hex); use cmiModule; use strict; ######################## # Read Config.conf file ######################## my @info = &cmiModule::ReadConfig("config.conf"); ######################## # Logfile config setup ######################## my %Log_Config; # Setting EasyLog is ON or OFF in config.conf file $Log_Config{SWITCH} = $info[0]; $Log_Config{FILENAME} = $info[1]; $Log_Config{MESSAGE} = "-------STARTED LOG [".$0."]-------"; &cmiModule::EasyLog(\%Log_Config); ######################## # Database config setup ######################## my %DB; $DB{DATABASE} = $info[2]; $DB{ACCOUNT} = $info[3]; $DB{PASSWORD} = $info[4]; my $dbh; unless( $dbh = &cmiModule::ConnectToMySQL(\%DB) ) { $Log_Config{"MESSAGE"} = "Bad DBH from ConnectToMySQL."; &cmiModule::EasyLog(\%Log_Config); print "Content-type:text/html\n\n"; print "Bad DBH from ConnectToMySQL."; exit; } ###### End config ###### my $cgi = new CGI; my %LOGINFO; $LOGINFO{login_template} = HTML::Template->new(filename => 'tmpl/login.tmpl'); $LOGINFO{login_header} = "     LOGIN"; $LOGINFO{email_filter} = q{/^([\w-]+(?:\.[\w-]+)*)@((?:[\w-]+\.)*\w[\w-]{0,66})\.([a-z]{2,6}(?:\.[a-z]{2})?)$/i}; $LOGINFO{form_status} = $cgi->param('form_status'); $LOGINFO{email} = $cgi->param('email'); $LOGINFO{password} = $cgi->param('password'); #Read email from Cookie my @cookies = split(/;/,$ENV{HTTP_COOKIE}); my ($name,$value) = split(/=/,$cookies[0]); #$Log_Config{MESSAGE} = "Cookie Name && Cookie Value: $name && $value"; #&cmiModule::EasyLog(\%Log_Config); my ($email,$md5) = split(/&/,$value); #$Log_Config{MESSAGE} = "Email && Md5 : $email && $md5"; #&cmiModule::EasyLog(\%Log_Config); my $check; if ( $name eq "CMI-Name" ) { #$check = "IF"; print "location:c_ftp.cgi?id=$email\n\n"; } else { #$check = "ELSE"; &login(\%LOGINFO); } #$Log_Config{MESSAGE} = "Check : $check"; #&cmiModule::EasyLog(\%Log_Config); 1; sub login { my ($params_hashref) = @_; my %params_hash = %{ $params_hashref }; my $login_template = $params_hash{login_template}; my $login_header = $params_hash{login_header}; my $email_filter = $params_hash{email_filter}; my $form_status = $params_hash{form_status}; my $email = $params_hash{email}; my $pwd = $params_hash{password}; my $password = &md5_hex($pwd); $login_template->param(login_header => $login_header); $login_template->param(email_filter => $email_filter); my $submit_style; if ($form_status eq "0" || $form_status eq "") { $submit_style = qq{submit_login()}; $login_template->param(submit_style => $submit_style); $login_template->param(loginform => 1); } elsif ($form_status eq "1") { $submit_style = qq{submit_lostpwd()}; $login_template->param(submit_style => $submit_style); $login_template->param(password_forgot => 1); } elsif ($form_status eq "2") { # Check email with database my $sql = "SELECT count(*)"; $sql .= " From cmiMembers"; $sql .= " Where Email = '$email'"; $sql .= " And Active = '1'"; my $rec = $dbh->prepare($sql); $rec->execute; my $result = $rec->fetchrow; $rec->finish; unless ( $result ) { $submit_style = qq{submit_lostpwd()}; $login_template->param(submit_style => $submit_style); $login_template->param(password_forgoterror=> 1); } else { # Gen new password my $N1 = int(rand 9); my $N2 = int(rand 9); my $N3 = int(rand 9); my $N4 = int(rand 9); my $N5 = int(rand 9); my $N6 = int(rand 9); my $pwd = $N1.$N2.$N3.$N4.$N5.$N6; my $password = &md5_hex($pwd); # Update password $sql = "UPDATE cmiMembers"; $sql .= " SET Password = '$password'"; $sql .= " Where Email = '$email'"; $sql .= " And Active = '1'"; $dbh->do($sql); # Send email my $from = "info\@cminyc.com"; my $to = "$email"; my $subject = "New Password"; my $message = "\nThis is your new password.\n\n"; $message .= "-New password: $pwd\n\n"; $message .= "\thttp://www.cminyc.com/login.cgi?\n"; #HIDDEN &cmiModule::SendEmail($from,$to,$subject,$message); #HIDDEN $login_template->param(submit_style => $submit_style); #HIDDEN $login_template->param(new_passwordsent => 1); } } elsif ($form_status eq "3") { # Check member login with database my $sql = "SELECT count(*)"; $sql .= " From cmiMembers"; $sql .= " Where Email = '$email'"; $sql .= " And Password = '$password'"; $sql .= " And Active = '1'"; my $rec = $dbh->prepare($sql); $rec->execute; my $result = $rec->fetchrow; $rec->finish; $Log_Config{MESSAGE} .= "SQL : $sql\n"; $Log_Config{MESSAGE} .= "RESULT : $result\n"; &cmiModule::EasyLog(\%Log_Config); unless ( $result ) { $submit_style = qq{submit_login()}; $login_template->param(submit_style => $submit_style); $login_template->param(loginerror => 1); } else { #set cookies my $cookie_email = $email; my $cookie_md5 = $password; my $expiretime = &cmiModule::CookieExpireTime(2); $Log_Config{MESSAGE} = "Login Cookie_email,Cookie_md5,Expire = $cookie_email,$cookie_md5,$expiretime\n"; &cmiModule::EasyLog(\%Log_Config); my $cookie_value = $cookie_email."&".$cookie_md5; print "Set-Cookie:CMI-Name=$cookie_value;EXPIRES=$expiretime\n"; print "location:c_ftp.cgi?id=$email\n\n"; } } else { # incase status more than 3 $submit_style = qq{submit_login()}; $login_template->param(submit_style => $submit_style); $login_template->param(loginform => 1); } print "Content-type:text/html\n\n"; print $login_template->output; }