Cookie Problem

lovely has asked for the wisdom of the Perl Monks concerning the following question:

Hi, I have created a page that upon clicking a url link on the page if the url has a cookie session then it should take user to the page OR if theres no session cookie it opens a new page. This new page requires user to type their user name and password and then post the page upon submitting. If the user gets their details right then it should take them to the page dependent on link clicked, if not it will bring up a 2nd warning of incorrect password try again and just stays in this state till you log in correct details. The problem I am getting is this: 1) when I have typed in correct user details it does bring up the page I required, however, if i click on the link for the page again AFTER user details are already confirmed and cookie is added it seems to take me to a blank page. 2) WHen I close the login window and click on the link for the gallery page I want it also brings me a blank page.

Reading in browser cookie script > 
sub getcookies{
    $cookies = $ENV{'HTTP_COOKIE'};
    @allcookies = split(/;\s*/,$cookies);
    foreach $i (@allcookies){
          ($name,$value) = split(/\s*=\s*/,$i);
          $cookie{$name}=$value;
      }
}

PAge to read target URL INTO PAGE > 
sub gethtml {
    open (DATA,"text file DB location");
    @DB=<DATA>;
    close (DATA);
    foreach $rec (@DB){
        chomp($rec);
        ($token,$file)=split(/\t/,$rec);
         if ($input{'target'} eq $token) {
            $url = $file;
        }
    }
    open (HTML, "$url");
    @PAGE=<HTML>; 
    close (HTML);
}
 
Read in user data and check for valid username/password pair >>>>>

sub idcheck {
    open (DATA,"<$DATABASE");
    @DB=<DATA>;
    close (DATA);
    $valid = 0;
    foreach $rec (@DB){
        chomp($rec);
        ($username,$password,$name,$email,$degree)=split(/\t/,$rec);
        $username = uc $username;
        $input{'user'} = uc $input{'user'};
         if (($input{'user'} eq $username) && ($input{'pass'} eq $pass
+word)) {
            $valid = 1;
            if ($input{'user'} eq "0") {
                $valid = 0;
            }
        }
    }
    return $valid;
}

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

PArsing the form data >>>>>
sub parseform {
       read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
        $buffer =~ tr/+/ /;
        @pairs = split(/&/, $buffer);
    foreach $pair (@pairs) {
            ($name, $value) = split(/=/, $pair);
            $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg
+;
            $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/e
+g;
            $FORM{$name} = $value;
    }
        return %FORM;
}


if (&idcheck) {
    &gethtml;
    print "Content-type:text/html\n";
    print "Set-Cookie: User=OK; domain=domain name; \n\n";
    print @PAGE;
    exit;
    } else {

&getcookies;
if ($cookie{'User'} eq "OK") {
    &gethtml;
    print "Content-type: text/html\n\n";
    print @PAGE;
    exit;
}
[download]

Sorry to bombard so much code here... Basically, I am really confused as to whether its the cookie problem or the post problem? will I need to use GET instead? It seems that after the gallery link page it loses the variables storing the target for the page causing the return of the blank page. Can anyone help??? Thanks for any help you can give me.

Comment on Cookie Problem Download Code

Replies are listed 'Best First'.
Re: Cookie Problem by matija (Priest) on Jun 21, 2004 at 22:36 UTC
oh, dear, oh dear, ohdear. Where to start? First of all, why, why, why are you parsing the form variables and cookies yourself? People with a lot more experience have spent considerable time making sure that reliable secure routines exist for this, and they made them available in CGI module. use CGI, because CGI is your friend. Second of all, when you don't know which part of program is misbehaving, break the problem into small parts. If you think that the post part may be getting the wrong data, why don't you print them? If you think the problem is in the cookie, print out the cookie line you receive, print out the intermediate values in the decoding process, print out the result. That should give you some clues about where the problems are.	[reply]
Re: Cookie Problem by Joost (Canon) on Jun 21, 2004 at 23:09 UTC
A couple of things: Your code should start like this `#!/usr/bin/perl -wT use strict; use CGI;` [download] Look at `perldoc strict`, `perldoc CGI` and `perldoc perlsec` for the relevant documentation. You cannot trust cookies. Anyone can fake "User" = "OK". Do not call subroutines as `&subroutine;` if you don't want to supply arguments; use `subroutine();` instead, or it will bite you some time in the future. Documentation on this can be found in `perldoc perlsub` That code looks like you need to read a good Perl book. I recommend "Programming Perl, 3rd edition" by Larry Wall & others. "What should it profit a man, if he should win a flame war, yet lose his cool?"	[reply] [d/l] [select]
Re: Cookie Problem by heroin_bob (Sexton) on Jun 21, 2004 at 22:59 UTC
Is this code complete? It seems foggy as to where certain things are getting set... but one thing I notice is in gethtml() is that you open a file "$url" if $input{'target'} is the same as $token... but $url doesn't get set if $input{'target'} ne $token, which will show a blank page if it can't find a match. I also noticed that you're parsing the header manually for data. Have you looked into using the CGI module to handle your post/get and cookie data? It's a definite plus to know how to parse the header manually, but CGI might make life a little easier. ~heroin_bob (EDITED) Looks like matija covered my concerns while I was typing... :) If you're ever lost and need directions, ask the guy on the motorcycle.	[reply]
Re: Cookie Problem by lovely (Initiate) on Jun 22, 2004 at 12:51 UTC
RIght, thanks ppl for advice, after much fussing around I figured the reason I was getting the blank page was because the way the parseform was not handling the methods. I had to change the parseform to accept GET method and then it worked.	[reply]