I wrote a Perl script that receives a trio of parameters (DSN, user ID and
password), and validates that the UserID and Passwd match a pair in the
database. It then displays a message based on whether you validated, and
gves you a continue button. This seems to work fine, but when you click on
continue, instead of going to the next page, it re-enters the same Perl
script! Of course, this time it hasn't prepared the parameters, so now it
DOESN'T find the right information. I am extremely confused.
The code is below:
Beginning of code
----------------------------------------------------------------------------
-----------------------
#!/localhost/perl/bin
# -*- Perl -*-
#
# DiceTribe Administator Login
#
# User ID/Password validation
#
use strict;
use warnings;
use lib "C:/perl/site/lib/Win32";
use CGI;
use Win32::ODBC;
my $debugflag = 0;
#
# Instantiate CGI and parse form data
#
my $cgi = new CGI;
my $dsn = $cgi->param('DSN');
my $ODBCString = "DSN=".$dsn.";";
print "Content-type: text/html\n\n";
my $userid = $cgi->param('userid');
my $passwd = $cgi->param('passwd');
#
# here-doc syntax for upper section of HTML
#
print <<EOF;
<HTML>
<HEAD>
<TITLE>Password Validation Page</TITLE></HEAD>
<BODY BACKGROUND="/bkgrnd/purplemesh.gif"
LINK="white" VLINK="gray" TEXT="silver">
<H1
STYLE="width:600;color:purple;font-size:32pt;filter:Glow(color=violet,streng
th=8)">
<FONT FACE=Chiller>Password Validation Page</FONT>
</H1>
<HR>
EOF
#
# issue a SELECT statement to pull up all Manufacturers
#
my $db = new Win32::ODBC($ODBCString);
my $qryStm = "SELECT COUNT(*) FROM Administrators WHERE UserID =
\'".$userid.
"\' AND Passwd = \'".$passwd."\'";
if ($db->sql($qryStm))
{
my $debacle = "<H3>".$qryStm."</H3>";
print $debacle;
print $db->error;
print $cgi->end_html;
exit;
}
#
# Check for User ID and Password in database.
#
my $nextnav;
my $menuname;
my $welcome;
if ($db->FetchRow) {
my %Data;
undef %Data;
%Data = $db->DataHash();
my $found;
my $item;
my $value;
while (($item,$value) = each(%Data))
{
$found = $value;
}
if ($found)
{
$welcome = "Welcome ".$userid."! Good to seeya! Click Continue to go
on.";
$nextnav = "AdminMenu.htm";
}
else
{
$welcome = "Sorry, ".$userid.", but I don\'t find a matching
password.<BR>\n".
"I\'ll have to send you in as a user, or you can click on
your browser\'s<BR>\n".
"<STRONG>Back</STRONG> button and try again.<BR>";
$nextnav = "VisitorMenu.htm";
}
}
print <<EOF;
<BR>
$welcome
<FORM ACTON="http://localhost/scripts/StartPage.pl";>
<INPUT TYPE="hidden" NAME="nextnav" VALUE="$nextnav">
<P>
<INPUT TYPE="submit" VALUE="Continue">
</FORM>
</BODY>
</HTML>
EOF
#
# Close database
#
$db->Close();
----------------------------------------------------------------------------
-----------------------
End of code
___________________________________________
Kristopher Cook (mailto:\\[EMAIL PROTECTED])
e-Commerce Director
Galyan's Trading Company
(317) 532-0200 x239
(317) 532-0258 (fax)
