Yes, you should probably also read the cookie as well. :) I don't see where you assign to %cookie anywhere before you check it for pass.
| [reply]
[d/l]
[select] |
I'm sorry, I don't understand what you mean. I thought I was reading the cookie while I was checking for pass.
| [reply] |
Perl doesn't work that way. You first declare %cookie as a hash. Then you look for the pass entry of the hash. It's not there because %cookie is empty: you just declared it and Perl doesn't automagically put cookie values in hashes for you.
Since you're using CGI.pm, you might have better luck with:
my $pass = cookie( 'pass' );
This will actually retrive the cookie with the name pass from the query, if it exists.
| [reply]
[d/l]
[select] |
I thought I was reading the cookie while I was checking for pass.
He said
I don't see where you assign to %cookie anywhere before you check it for pass.
you obviously missed that bit, which is why its so big
| [reply] |
This is in reply to your newest post, I can't seem to reply to it as it's below my current viewable thread or something.
I tried setting the cookie as another scalar like you requested, but it hasn't done anything. Maybe I am confused as to what I'm supposed to be doing with it. I set the cookie as another scalar, but then am I supposed to compare it within the password verification section (if ( $adminpass eq $adminpassword ) {)?
I'm sorry, I'm just really clueless and I've never understood cookies or how they work or anything..and I HAVE read tutorials and the CGI docs on them. This is just one concept I don't think I'll ever be able to understand :(
My current code:
my $adminpassword = "test";
my %cookie;
my $pass = cookie('cookie');
require SDBM_File;
my %mail;
my $person = url_param('lookup');
if ( !exists $cookie{'pass'} ) {
if ( param() ) {
my $adminpass = param('admin');
if ( $adminpass eq $adminpassword ) {
my $cookiename = cookie(
-name => 'cookie',
-value => 'loggedin',
-path => '/',
-expires => '+3y'
);
print header, start_html();
# print rest of page here
print "you are logged in";
##### database value lookup
if ($person) {
if (exists $mail{$person}) {
my $lookup_data = $mail{$person};
print "$lookup_data";
} else {
print "<h3><font color=red>Error:</font></h3> This user doesn't exist"
+;
}
}
else{
foreach (keys %snailmail) {
print <<"END";
<a href="www.myscript.com/login.pl?lookup=$_" target="_new">$_</a><br>
END
}
}
}
else {
print header, start_html();
print "Incorrect password, please click back and try again
+";
exit;
}
}
else {
print header, start_html();
print start_form(),
table(
Tr(
td("Admin Password: "),
td(
textfield(
-name => 'admin',
-size => 10
)
)
),
Tr( td(), td(submit) ),
),
end_form(), hr();
}
}
| [reply]
[d/l]
[select] |
my $pass = cookie('cookie');
# if there was a cookie named 'pass'
if ( defined $pass)
{
# if the password in the cookie matches the admin password
if ($pass eq $adminpass)
{
# do administrative stuff
}
}
# there's no cookie, so check for a 'pass' parameter
else
{
$pass = param( 'pass' );
if ($pass eq $adminpass)
{
# set admin cookie
# make sure the name is 'pass' so you can retrieve it
# redirect to the current script
}
}
You might also look in the examples shipped with CGI.pm. cookies.cgi and customize.cgi are pretty good.
Again, simply declaring a hash named %cookie does absolutely nothing to retrieve a cookie.
This seems to be the source of your confusion. You could call your hash %not_a_cookie or %magic_php_variable and it would do nothing, since Perl does not care what you name your variables. It does not automatically fill in values for you. You have to retrieve a cookie by name and check its value against the value you have.
Earlier versions of PHP did automagically create variables named after CGI variables, but it's been deprecated and not recommended for quite a while. I'm not aware that any Perl module ever did that -- it opens up a lot of security risks and can cause scary action at a distance. | [reply]
[d/l]
[select] |