#!/usr/bin/perl -Tw

use strict; # Never, ever, write code without this
use CGI;
my $query = new CGI;

use vars qw($userid $pword);
my $password_dir     = '/home/networkrichmond/dat/';
my $pword_file       = ".passwrdlst";
my $passwrd_location = $password_dir . $pword_file;

my $userid_entd      = $query->param('UserID');
my $pword_entd       = $query->param('PWord');

# untaint incoming data
$userid_entd =~ /^([a-zA-Z0-9]*)$/; # This assumes only letters and numbers in userid
$userid_entd = $1;                  # Now it's untainted
$pword_entd  =~ /^([a-zA-Z0-9]*)$/;
$pword_entd  = $1;

if (-e $passwrd_location) {

    # Note that we are using $! to get the actual error.
    open USERFILE, $passwrd_location or die ("Could not open $pword_file: $!\n");

    FINDUSER: {
        while (<USERFILE>) {
	    chomp;
            if (/^$userid_entd\|/o) {        
                ($userid, $pword) = split /\|/;
                last FINDUSER;
            }
        }
    }
    close(USERFILE); 
} 
print $query->header;
print $query->start_html;

if  (($pword eq $pword_entd) && ($userid eq $userid_entd)) {
    print "Authorization successful.\n";
} else {
    print "Authorization unsuccessful.\n"
}

print $query->end_html;