sub login { my ($dbh) = @_; my ($email) = $dbh->quote($CGI->param('email') || undef); my ($password) = $dbh->quote($CGI->param('password') || undef); my ($loginSessionID) = $CGI->param('loginSessionID') || undef; eval { # # email should be an RFC compliant email address. # my $tmp = <fetchrow_array; $result{userID} = undef; if (@row) { $result{userID} = $row[0]; CGI::Session->name( $CONFIG->{userSession}{cookies}{LOGIN}{name} || "CGISESSID"); $SESSION = CGI::Session->load("driver:MySQL", $CGI || $loginSessionID, { DataSource => join(':', $CONFIG->{mysql}{DSN}, $CONFIG->{mysql}{Collection}), TableName => 'sessions', IdColName => 'id', DataColName => 'data', Handle => $dbh, }) || die CGI::Session->errstr() . "\n"; if ($SESSION->is_expired) { # # If we are picking up an old session see if it is # already expired. If it is expired delete it from # the store and flush the session data. # $SESSION->delete(); $SESSION->flush(); } if ($SESSION->is_empty) { # # This "new" is CGI::Session magic. THe session # definition in the "load" above is remembered and # will be re-applied here. # $SESSION = CGI::Session->new(); } $result{loginSessionID} = $SESSION->id(); $SESSION->param('userID', $result{userID}); $SESSION->expire( $CONFIG->{userSession}{cookies}{LOGIN}{expire} || "+30m"); $COOKIES{loginSession} = $CGI->cookie( -name => $CONFIG->{userSession}{cookies}{LOGIN}{name}, -value => $SESSION->id(), -expires => $CONFIG->{userSession}{cookies}{LOGIN}{expire} || "+30m", -path => $CONFIG->{userSession}{cookies}{LOGIN}{path} || "/", -domain => $CONFIG->{userSession}{cookies}{LOGIN}{domain} || "", -secure => $CONFIG->{userSession}{cookies}{LOGIN}{secure} || 0, ); $SESSION->flush(); } }; if ($@) { push(@{ $result{error} }, $@); } return encode_json(\%result); }