there's a login page, which checks that a user is registered in our member database, and, if so, sets a session id cookie in SESSID, as well as a userid in TIUID. SESSID is generated using:
my $sessid = join("", @chars[ map { rand @chars } (1 .. 20) ]);
then, every page that is password-protected has the following at the top:
my $q = new CGI;
my $sessid = $q->cookie('SESSID');
my $UIDuser = $q->cookie('TIUID');
my %in = map { $_ => $q->param($_) } $q->param;
if (!$sessid)
{
print $q->redirect("http://mydomain.org/memberarea/login/");
exit;
}
my $cookie = $q->cookie(-name=>"SESSID", -value=> $sessid, -expires =>
+ "+2h", -domain=> '.mydomain.org');
print $q->header({-type=>"text/html", -charset=>"utf-8", -cookie=>$coo
+kie});
my $pagetitle;
my $dbh = DBI->connect('DBI:mysql:sitedatabase;host=localhost;port=330
+6', 'ouradminname', 'oursecretpassword')
or die "Couldn't open database: $DBI::errstr; stopped";
my $sql = "SELECT UID, firstname, lastname, role FROM members WHERE lo
+ginkey = '$sessid'";
# Prepare the SQL query for execution
my $sth = $dbh->prepare($sql) ||
die "Couldn't prepare statement: $DBI::errstr; stopped";
# Execute the query
my $result = $sth->execute ||
die "Error executing: $DBI::errstr";
if ($result == 0)
{
print $q->redirect("http://mydomain.org/memberarea/login/");
exit;
}
anyone with an expired or non-existent SESSID is redirected to the login page. |