Well, a friend and i decided to setup up his and my email system.
For email, we're using Exim 4. For me, a rule rejects all email at the smtp level for the base domain, rewrites the envelope header ignoring the username, and puts the subdomain as the user. Between that and aliases, i have three subdomains where the email comes to the same email address, but the header (in the email, not the envelope) is not changed. For him, he expects a dot in the email address, and ignores the data after the dot.
For example, for me:
Case 1 is ignored, case two gets sent to email@example.com, case 3 gets sent to firstname.lastname@example.org.
gets sent to email@example.com.
In either case, the header can be used for identification. And that all works fine.
So, the order is:
1) User connects.
2) Check username/password.
3) Create session key.
4) Create crypt key.
5) Encrypt password with key, store is session var.
6) Store session key in a HIDDEN HTML INPUT tag.
7) Store crypt key in a HIDDEN HTML INPUT tag.
This way, the password is stored, but is only in clear-text in memory. It's not bulletproof, but we think it'll do the job.
We hope to design it to use CSS, so it can be made pretty later. Being neither of us really knows it, however, we may not get it perfectly.
I had started Learning Perl (actually, i have the third edition) some time back, but stopped when the need dropped. I just picked it up again, and even put it in the (coveted) bathroom--where most reading gets done--replacing Daughters of England (temporarily, i'm sure!). Needless to say, i hope to be hacking out some Perl soon.
I actually am not sure if this whole thing will work out. But for now, i'm going to enjoy being "involved" in a project.