I know this topic is beaten to death, and then some, but I was
wondering if someone could help me figure out what is wrong with my
login script. No matter if I try to login with a valid credentals or
not it says that the login has failed. I'm sure it has something to
do with the way that I am compairing what the user provides with what
is in the database but I can't figure out exactly what it is.
Here is my working code:
#!/usr/bin/perl -T
use warnings;
use strict;
use diagnostics;
use CGI qw(:standard);
use DBI;
BEGIN {
$|=1;
use CGI::Carp('fatalsToBrowser');
}
delete @ENV{ 'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
my @user; #...@user deals with username and password in this case
my $dbh;
sub db_connect {
use constant username => 'AmeriVista';
use constant password => 'pfVjBaseBNCD42GV';
my $database = 'VistaCloud';
my $server = 'localhost';
my $errors;
my $dsn = "DBI:mysql:database=$database;host=$server;port=3306" ||
die "Couldn't Connect to the Database: $!";
$dbh = DBI->connect($dsn, username, password, {RaiseError => 1}) ||
die "Couldn't authenticate to the Database: $!";
}
db_connect ();
my $cookie = cookie(-name=>'sessionID',
-value=>@user,
-expires=>'+2h',
-path=>'/cgi-bin',
-domain=>'vendion.dyndns.org',
-secure=>1);
print header(-cookie=>$cookie);
print start_html (-title=>"AmeriVista Event Logging",
-author=>'[email protected]');
print "<h1>AmeriVista Event Logging</h1>\n";
print "<hr>";
if (param) {
form_verify (@user);
print "Username: $user[0]\n<br />Password: $user[1]<br />\n"; #use
for debugging
my $sth = $dbh->prepare("SELECT * FROM Users WHERE 'UserName' = '$user
[0]' AND 'Password' = '$user[1]'"); #check that username and password
exist and match
$sth->execute();
my @Login = $sth->fetchrow_array();
$sth->finish();
if (($Login[2] eq "$user[0]") && ($Login[3] eq "$user[1]")) {
print "<p>Hello $user[0]!</p>\n"; #debugging use only, will add
on
later
} else {
print "<p>Login Failed!</p>\n";
print "Username: $user[0]\n<br />Password: $user[1]\n"; #use
for
debugging
}
} else {
print start_form;
print_form();
print end_form, "\n";
}
sub form_verify {
$user[0] = param('UserName');
if ( $user[0] =~ /^([...@\w.]+)$/ ) {
$user[0] = $1;
} else {
die "Incorrect username format given";
}
$user[1] = param('Password');
if ( $user[1] =~ /^([...@\w.]+)$/ ) {
$user[1] = $1;
} else {
die "Incorrect password format given";
}
return @user;
}
sub print_form {
print "<div align='center'>\n";
print "<table width='25%' border=1 summary='Log in'>\n";
print "<td align='left' valign='middle'>\n";
print "<p>Login Data</p>\n";
print "<p>Username: ", textfield(-name=>'UserName',
-maxlength=>120), "\n";
print "<br>\n";
print "Password: ", password_field(-name=>'Password',
-maxlength=>120), "</p>\n";
print "<a href=\"register.cgi\" title=\"Click here to register!
\">Click Here to Register!</a>\n";
print "<br>\n";
print submit(-name=>'Submit_Form',
-value=>'Submit');
print reset, "\n";
print "</td>\n";
print "</table>\n";
print "</div>\n";
}
print end_html, "\n";
To see it in action I have it uploaded at
http://vendion.dyndns.org/cgi-bin/index.cgi
Username: test
Password: password
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
http://learn.perl.org/
