##
#!/usr/bin/perl -wT # read about Tainted input or die
use strict;
use CGI qw(:standard escapeHTML);
use vars qw ( @accts $acct_name $all_accts );
our $value = (param('ckin')); # get account ID from the form above
unless ( $value =~ /^[a-z]{5}$/i )
{
&out_badlog(); # See *1
exit;
}
# See *2
open (INFILE,'<', 'accts.db') or die "Can't open accounts data";
our ( @accts ) = split /\s/,;
close (INFILE);
for $acct_name( @accts )
{
$all_accts = $all_accts . $acct_name;
}
if ( $all_accts =~ /$value/ )
{
&out_logged_in($value); # See *3
} else {
&out_badlog($value);
}
...
# BAD LOGIN PAGE - output a doc
sub out_badlog {
print <<_END_OF_INPUT_
Sample title
... banner, other foofarawh here....
Bad login!
_END_OF_INPUT_
;
print ('Login attempted was: ' . $value . '
');
print <<_END_OF_VAL
That was NOT a valid login!
_END_OF_VAL
;
}