If so, you can simply write:
You seem to be mixing up eq and == in your hash tests. I would guess you want to treat the hashed password as a string, so you should use eq and ne.if($username eq $row[0] && $hashPassword eq $row[1]) { # Go to the new page } else { error(); }
If you find yourself legitimately writing a long if/elsif cascade, it's generally a good idea to put an 'else' clause on the end, to catch any unexpected situations. If you don't think it can ever happen, feel free to make the contents die "horribly" or something, but if you have 4 or 5 tests, it's a fair bet you may have missed one.
Lastly, your SQL query is going to guarantee that $username eq $row[1] is true, as long as some data is returned. Presumably you want to go to your error page if the number of rows returned is zero. You probably also want to have an error condition (perhaps a different one) if you get more than one row back from that query.
So (assuming your error routine doesn't return):
Lastly, in case you actually have different error cases in your different branches above, I'd counsel you not to do that. If someone can get a different error depending on whether they pass in a bad username or a bad password, that allows them to guess usernames. That weakens your security.my @rows = $sth->fetchrow_array; if (scalar @rows == 0) { # Unknown user error(); } if (scalar @rows > 1) { # DB in bad state - more than one record for user some_other_error(); } if ($hashPassword ne $rows[1]) { # wrong password error(); } # ...show the page...
In reply to Re: elsif loop
by jbert
in thread elsif loop
by Anonymous Monk
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |