Perl doesn't work that way. You first declare %cookie as a hash. Then you look for the pass entry of the hash. It's not there because %cookie is empty: you just declared it and Perl doesn't automagically put cookie values in hashes for you.

Since you're using CGI.pm, you might have better luck with:

my $pass = cookie( 'pass' );

This will actually retrive the cookie with the name pass from the query, if it exists.

I thought I was reading the cookie while I was checking for pass.

He said

I don't see where you assign to %cookie anywhere before you check it for pass.

you obviously missed that bit, which is why its so big

I tried setting the cookie as another scalar like you requested, but it hasn't done anything. Maybe I am confused as to what I'm supposed to be doing with it. I set the cookie as another scalar, but then am I supposed to compare it within the password verification section (if ( $adminpass eq $adminpassword ) {)?

I'm sorry, I'm just really clueless and I've never understood cookies or how they work or anything..and I HAVE read tutorials and the CGI docs on them. This is just one concept I don't think I'll ever be able to understand :(

my $adminpassword = "test";
my %cookie;
my $pass = cookie('cookie');

require SDBM_File;


my %mail;

my $person = url_param('lookup');


if ( !exists $cookie{'pass'} ) {
    if ( param() ) {
        my $adminpass = param('admin');

        if ( $adminpass eq $adminpassword ) {
            my $cookiename = cookie(
                -name    => 'cookie',
                -value   => 'loggedin',
                -path    => '/',
                -expires => '+3y'
            );
        
        print header, start_html();

        # print rest of page here
        print "you are logged in";

##### database value lookup
if ($person) {
if (exists $mail{$person}) {
my $lookup_data = $mail{$person};
print "$lookup_data";
} else {
print "<h3><font color=red>Error:</font></h3> This user doesn't exist"
+;
}
}
else{

foreach (keys %snailmail) {
print <<"END";
<a href="www.myscript.com/login.pl?lookup=$_" target="_new">$_</a><br>
END
}


}
        }

        else {
            print header, start_html();

            print "Incorrect password, please click back and try again
+";
            exit;
        }
    }
    else {
        print header, start_html();

        print start_form(),
          table(
            Tr(
                td("Admin Password: "),
                td(
                    textfield(
                        -name => 'admin',
                        -size => 10
                    )
                )
            ),
            Tr( td(), td(submit) ),
          ),
          end_form(), hr();
    }
}
[download]

Something like this might work for you:

my $pass = cookie('cookie');

# if there was a cookie named 'pass'
if ( defined $pass)
{
    # if the password in the cookie matches the admin password
    if ($pass eq $adminpass)
    {
        # do administrative stuff
    }
}
# there's no cookie, so check for a 'pass' parameter
else
{
    $pass = param( 'pass' );
    if ($pass eq $adminpass)
    {
        # set admin cookie
        # make sure the name is 'pass' so you can retrieve it
        # redirect to the current script
    }
}
[download]

You might also look in the examples shipped with CGI.pm. cookies.cgi and customize.cgi are pretty good.

Again, simply declaring a hash named %cookie does absolutely nothing to retrieve a cookie. This seems to be the source of your confusion. You could call your hash %not_a_cookie or %magic_php_variable and it would do nothing, since Perl does not care what you name your variables. It does not automatically fill in values for you. You have to retrieve a cookie by name and check its value against the value you have.

Earlier versions of PHP did automagically create variables named after CGI variables, but it's been deprecated and not recommended for quite a while. I'm not aware that any Perl module ever did that -- it opens up a lot of security risks and can cause scary action at a distance.

Where in that example you provided would you print the login form to set the possible cookies? I see you are doing pretty much two things: 1) printing the administrative page and 2) setting the cookie. But the cookie has to come from a form somewhere.

I would really like to thank you for making the rest of my programing days more than a million times easier to manage and debug. I looked over your code countless times and have taken to heart how you layout your script.

For example, I always wrote things like:

if ($pass eq $admin pass) {
  if (defineded $this) {
}
[download]

Which got really confusing having the trailing { on the end of the line. This made it so much more difficult to find which brackets went with which and caused so many 'missing right curly bracket' warnings in the past.

Your method, which I'm using from now on:

if ($pass eq $adminpass)
{
  #print do everything here
  if (defined this)
    {
      #other things would go here
    } #nice closing bracket, you can see where they line up
}     #still matches the first bracket since it doesn't get attached t
+o the end of the line
[download]

If nothing else, thank you for displaying that code. It really is much better than what I've been doing and will save loads of time in each script that I write.


"Age is nothing more than an inaccurate number bestowed upon us at birth as just another means for others to judge and classify us"

sulfericacid