#!/usr/bin/perl

use warnings;
use CGI;
use DBI;
use DBD::mysql;
use CGI::Session '-ip_match';

local ($buffer, @pairs, $pair, $name, $value, %FORM);
# Read in text
$ENV{'REQUEST_METHOD'} =~ tr/a-z/A-Z/;

if ($ENV{'REQUEST_METHOD'} eq "POST") {
   read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
} else {
   $buffer = $ENV{'QUERY_STRING'};
}

# Split information into name/value pairs
@pairs = split(/&/, $buffer);

foreach $pair (@pairs) {
   ($name, $value) = split(/=/, $pair);
   $value =~ tr/+/ /;
   $value =~ s/%(..)/pack("C", hex($1))/eg;
   $FORM{$name} = $value;
}

$email = $FORM{emailAddress}; # get these from LogIn/index.html
$password = $FORM{password};

$myConnection = DBI->connect("DBI:mysql:xxxxxxxxxx:localhost","xxxxxxxxxxxxx","xxxxxxxxxxxxxxx");
my @row = ();
$sql = "SELECT COUNT(*) FROM xxxxxxxxxxxxxxx.UserDatabase
WHERE EmailAddress = ?
AND password = ?";

$sth = $myConnection->prepare($sql);

$sth->execute;

$sth->finish;

if($myConnection->selectcol_arrayref($sql, undef, $email, $password)->[0] == 1)
{
	# create a new session
	$session = CGI::Session->new(undef, undef, {Directory=>'../TEMPDIR/sessions'});
	
	# access data
	$session->param($email);
	
	# expiration
	$session->expire('+1M'); 

	# bake a cookie
	print $session->header("Location: https://xxxx.xxx/dashboard/index.cgi");
}
else
{
    my $query = new CGI;
    print $query->redirect('https://xxxx.xxx/LogIn/index.html');
}