Background:

We now have one pretty slow and costly satellite Web connection that's shared inside a network with 5-50 customers. To limit traffic, customers shall pay a particular amount of cash each hour. Routing and traffic accounting on user basis is performed with a opensuse 10.3 server. Login is performed via pppoe, as well as for each connection, username, bytes_sent, bytes_rcvd, start_time, finish_time,etc are written right into a mysql database.

Now it had been made the decision that you want to vary from time-based to volume-based prices. Because the original developer who installed the machine a few years ago is not available, I am attempting to perform the changes. Although I am brand new to any or all this, there's some progress. However, there's some point I am absolutely stuck.

So far, only managers can access connection particulars and billing information using a web interface. But as volume-based costs are less transparent to customers than time-based prices, it is crucial that customers themselves can check their connections and just how much shiny things cost through the web interface. With this, we want some type of user authentication.

Actual question:

How you can develop this type of user authentication? Every user includes a a linux systemunix user account. With this particular user title and password, link with the pppoe-server is created through the client machines. I figured about two possibles methods to authenticate customers:

First possibility: Customers type password inside a form. Your particulars are often in some way checked. Finances to options to alter passwords through the web interface. Listed here are areas of the code:

Area of the Perl script the home page is related to:

#!/usr/bin/perl

use CGI

use CGI::Carp qw(fatalsToBrowser)

use lib '../lib'

usehold_perl_module

my @error

my $data

$query = new CGI

$username  = $query->param('username')  ''

$oldpasswd = $query->param('oldpasswd')  ''

$passwd    = $query->param('passwd')  ''

$passwd2   = $query->param('passwd2')  ''

own_perl_module::connect()

if ($query->param('submit')) choose_benutzer(username => $username) or push @error, "user not is available"

    push @error, "passwords?!?Inch unless of course $passwd

    unless of course (@error) , , error => @error)

            and push @error, "Password transformed."

    



Here's area of the sub update_benutzer within the own_perl_module:

if ($dat-> ne '') $choose-> my $system = "./chpasswd.pl '$username' '$dat->'" . (defined($dat->) ? " '$dat->'" : undef) my $answer = $system if ($? != ) altering password ($?)"

Here's chpasswd.pl:

#!/usr/bin/perl

use FileHandle

use IPC::Open3

local $username = change

local $passwd = change

local $oldpasswd = change

local $chat = ,

                'New password: $' => sub ,

                Are-enter new password: $' => sub ,

                '(.*)n$' => sub  

local $/ = 1

my $command

if (defined($oldpasswd))  else 

$pid = open3(*POUT, *PIN, *PERR, $command) or die

my $buffer

LOOP: while($_ = <PERR>) secrets(%$chat)) amplifier

        

    



exit

Could this in some way be modified to ensure customers, although not altering user passwords?

The 2nd possibility I see: all pppoe connections are drenched within the mysql database. Basically could in some way retrieve the username (or uid) from the user connected by pppoe, this may be accustomed to authenticate customers. Customers could only check their online connections and charges when they're online (and therefore having to pay money), but this may be tolerated.

Here is a type of the script that card inserts connections in to the database:

my $username = $ENV

I figured it might be simple to use this variable, but $username appears to become always empty in test-scripts (print $username). Any idea how you can retrieve the consumer attached to the pppoe server?

Sorry for that lengthy question! Any help could be greatly appreciated. :)