if(!$username){ relogin("Enter your username"); }elsif(!$password){ relogin("Enter your password"); }
This says if I have a username go ahead don't look at the next condition
I really don't know what I was smoking
You still want
if (!$username or !$password) { relogin('Username/Password pair not valid'); }
It stops you from giving too much information to someone who is trying to break in (eg. Ok I have the username right now just work on the password)
another hint
my $sth = $dbh->prepare("SELECT * FROM info WHERE pword='$password'"); $sth->execute() or die "Couldnt do it: $!\n"
This will fail if the MD5'd password has a ' in it. Just imagine what that SQL will look like when the $password is expanded. You can use placeholders to get around this
my $sth = $dbh->prepare('SELECT * FROM info WHERE pword=?'); $sth->execute($password) or die "Couldnt do it: $!\n"
DBI will properly escape any characters that need to be escaped
| Just me, the boy and these two monks, no questions asked. |
In reply to Re: Accessing information pulled from mysql
by grep
in thread Accessing information pulled from mysql
by blaze
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |