If you don't enter a user, $login{$user} will return undef which is eq to $pass if no value was entered as a password. So the condition to grant access holds.

Check whether both user and password are entered (defined $user && $user ne "", similar for user) and check whether exists $login{$user} to see whether the user is supposed to have access at all.

Hope this helps, -gjb-

1. From a pure "correctness" point of view, I actually feel bothered. There is something in your left hand, and you don't know what it is. There is also something in your right hand, again you don't know what it is. Can you say that you have the same things in both of your hands? You cannot.
2. Try these two pieces of code:

   if ($a == $b) {
   print "equals\n";
   }
   [download]

   if ($a eq $b) {
   print "equals\n";
   }
   [download]

   Both pieces of code print out "equals", but at the same time, both complains that $a and $b are uninitialized. So we DOES observed some inconsistency.

When you use this undef value in a number context, perl evaulates undef to 0, and in a string context, evaluates undef to "" (empty string).

I think your explanation is slightly misleading, because of this fact:

undef ne "" and undef != 0

undef is... undef. undef means that the data does not exist at all. It cannot be quantified (it's not even "0 for none", it's "undef for non-existant"), nor can it be given any sort of string value, even if that value is an empty string.

There is something in your left hand, and you don't know what it is. There is also something in your right hand, again you don't know what it is. Can you say that you have the same things in both of your hands?

This is not really an accurate description, as undef in this case would not mean you don't know what the object is, but rather that nothing exists in your hands in the first place. I understood what you meant by your post as I understand the reasoning and the behaviour behind the use of undef, though I'm not sure somebody who knows nothing about undef would have understood the difference between undef, 0, and "".

(Just to make the facts straight,) did you know that your facts are actually on my side. Let's try those two examples you gave:

if (undef != 0) {#in number context, undef evaluates to 0, and we know
+ "0 != 0" does not stand.
   print "pg is wrong!";
} else {
   print "pg is right!";
}
[download]

and

if (undef ne "") {#string context
   print "pg is wrong!";
} else {
   print "pg is right!";
}
[download]

Both print "pg is right!".

Also when you say undef is "does not exist". That's also wrong.

Look at this piece of code:

my $a;
[download]

The moment I said this, a memory structure, called SV structure is allocated, so $a exists, although it holds undef value.

#!\perl\bin\perl.exe -w
use strict;
use CGI qw(:all);
my $cgi = new CGI;

#usernames and passwords
my %login = qw(antonis koukou giannis zabon);

my $user = param("user");
my $pass = param("pass");


print $cgi->header.
        $cgi-> start_html();

if ($pass eq $login{$user} && $pass && $user) {#Add && $user && $pass
    print $cgi-> p("Welcome back $user");
            
}else {
    print $cgi-> p("Sorry invalid username or password");
}
print $cgi->end_html;
[download]

Which will fail if pass or username is equal to 0. Or 0000000.

Problems are often solved with the simplest solution. Simply add an elsif statment. Hope this helps..
E.g.

if($whatever eq $whatever2) {
#do whatever you wana do;
}
elsif ($what ever you want eq " "){
#Access Denied;
}
else{
#do whate ver you wana do here;
}
[download]

You get my point.
All the best, Eoin...

#!d:\perl\bin\perl -w
use strict;
use CGI ':standard';

# usernames and passwords
my %login = (
  'antonis' => 'koukou',
  'giannis' => 'zabon'
);

sub login_form {
  my $msg = shift;

  print header,
    start_html('Login'),
      p(em($msg)),

      start_form( {method => 'post'} ),
        table(
          Tr(
            th('Username:'),
            td(
              textfield(
                {name => 'user', size => 20}
              )
            )
          ),
          Tr(
            th('Password:'),
            td(
              password_field(
                {name => 'pass', size => 20, force => 1}
              )
            )
          ),
          Tr(
            th( {colspan => 2}, submit('Login!') )
          )
        ),
      end_form,
    end_html;

  exit;
}


my ($user, $pass) = (
  param('user'), param('pass')
);

login_form('Please enter username/password to login:')
  unless (defined $user && defined $pass);

login_form('Invalid username or password. Please try again:')
  unless (exists($login{$user}) && $login{$user} eq $pass);

# Now logged in
print header,
  start_html('Welcome Back!'),
    p("Welcome back, $user!"),
  end_html;
  end_html;
[download]

Hi,

The undef variables ,let us see ,

is my $a; equal to an undef ,the SV structure is set up ( only a pointer ,is it not), and undef is not equal to ''