Working on a log in script to my webpage

Fri Mar 11 19:47:40 EST 2005

Pete,

What web server are you using?

Take a look at Apache and use digest authentication.  The password is not 
sent in clear text and it's fairly easy to setup.  Plus you won't have to do 
anything in your web pages.  Once you setup digest authentication on the web 
server for the specified directories, the user will be prompted by their 
browser for the user / pswd and as long as the directories they access are 
using the same authentication the user will not be prompted again until they 
close their session.

It's pretty easy to setup.

Joe

"Pete....." <helten0007 at yahoo.com> wrote in message 
news:42317afe$0$13728$ba624c82 at nntp03.dk.telia.net...
> Hi all.
>
> Unfortunaly it looks like I dont have to skill to make a secure log in, 
> cant figure out how the code has to look like, so guess my webpage has to 
> live with a security issue.
>
> Thanks for the effort you put into teaching me the use of cookies.
>
> Best wishes
> Pete....
>
> "Pete....." <helten0007 at yahoo.com> wrote in message 
> news:422f0bb8$0$527$ba624c82 at nntp05.dk.telia.net...
>> Thanks.
>>
>> But I would really like to do this from scratch, so that I can learn it, 
>> I dont think I need that much more, before it works.
>>
>> I found an example with asp, where the save the session if the password 
>> is correct. It isnt that long a code, so was wondering if it isnt 
>> possible to make something like that in python. Cause when this code is 
>> applied to the loginform, CODE2 will only have to be applied to every 
>> following page and everything is good.
>>
>> code is from: 
>> http://tutorialized.com/tutorial/Creating-a-Members-Area-in-ASP/2234
>> CODE1
>> Set objRS = objConn.Execute (strSQL)
>>      '// see if there are any records returned
>>      If objRS.EOF Then
>>          'no username found
>>          strError = "- Invalid username or password<br>" & vbNewLine
>>      Else
>>          'check password
>>          If objRS("password")=Request.Form("password") Then
>>               'username/password valid
>>               'save session data
>>               Session("loggedin") = True
>>               Session("userid") = objRS("id")
>>               'redirect to members area
>>               Response.Redirect ("default.asp")
>>               Response.End
>>          Else
>>               'invalid password
>>               strError = "- Invalid username or password<br>" & vbNewLine
>>
>> CODE2<%
>> If Session("loggedin") <> True Then Response.Redirect "login.asp"
>> %>
>> <html>
>> <head>
>> <title>Members Area</title>
>> </head>
>> <body>
>> <h1>Members Area</h1>
>> <p>Welcome to our members area!</p></body>
>> </html> In my code I have allready tested if the username and password is 
>> correct, so I just need to do the cookie thing :D
>>
>> Thanks all, hope all my questions dosnt make you tired, I just really 
>> wanna figure this out, and I am doing this as a little hobby of mine, so 
>> I dont have anyone else to ask, hope that is okay...
>>
>>
>>
>> "Kent Johnson" <kent37 at tds.net> wrote in message 
>> news:422ef991_1 at newspeer2.tds.net...
>>> Pete..... wrote:
>>>> Hi all I am working on a log in script for my webpage.
>>>>
>>>> I have the username and the password stored in a PostgreSQL database.
>>>
>>> You might want to look at Snakelets and CherryPy.
>>>
>>> Snakelets is "a very simple-to-use Python web application server." One 
>>> of the features is "Easy user authentication and user login handling."
>>> http://snakelets.sourceforge.net/
>>>
>>> CherryPy is "a pythonic, object-oriented web development framework" that 
>>> seems to be popular. A recipe for password-protected pages in CherryPy 
>>> is here:
>>> http://www.cherrypy.org/wiki/PasswordProtectedPages
>>>
>>> Kent
>>
>>
>
> 