in reply to Re: CGI login issues
in thread CGI login issues

Thanks for the input, I tried to clear up the code as much as I could (see below) but nothing changed.

If you submit a blank form, it prints test. If you type in the wrong details, it prints the CGI login form with junk printed to screen that reads "Set-Cookie: filemanager=d; path=/ Expires: Fri, 15 Oct 2004 20:13:35 GMT Date: Fri, 15 Oct 2004 20:13:35 GMT Content-Type: text/html; charset=ISO-8859-1 test"

If you want to test the script, www.spydersubmission.com (upper left corner). After clearing the cookies and restarting IE, it always prints "test" when the form is blank. So in reality, no part of this form is working but I know it's ALMOST functional again.

I have read Ovid's CGI tutorials and I know CGI::Carp can be a bad thing, but now it's just used to help me with debugging. When the script is live, that'll be removed.

I didn't use your other script because it was too different from this current login template I've been using for a while now and a template like this would would be easier, for me, to implement in other scripts easily.

Can you see what else might be causing the problem with 1) not setting a cookie if login is right, 2) not erroring out when the form is blank, 3) what that junk is that prints when the password is wrong?

On a side note on the security about my error messages. Someone told me that before but I don't think it makes any difference if they know a certain username exists or not. For Hotmail, you could pick virtually anything you can think of for a screen name and know it works and attempt to break it even if they don't tell you "error: the username doesn't exist". Not saying security isn't an issue or important.

Thanks. 

#!/usr/bin/perl -t

use warnings;
use strict;

use CGI qw/:standard/;
use CGI::Carp qw(fatalsToBrowser);

#######
# collect data from form
#######
my $username = param("username");
my $password = param("password");


#########
# Cookie junk
#########
my $cookiename = "filemanager";
my $tasty = cookie($cookiename);


use DB_File;

my %users;
my $users = "users.db";                 # location of database
 
tie %users, "DB_File", "$users", O_CREAT|O_RDWR, 0644 or die "Cannot o
+pen file 'default.db': $!\n";

my ($savedpassword, $name, $email, $website, $start) = split(/::/, $us
+ers{$username});



######################################################################
+#########################################
# COOKIE CHECKING
######################################################################
+#########################################
# First check if we saved a cookie last time
if($tasty)
{
print header(-expires=>'now'),
start_html("You are logged in!");




&processing;

print end_html;
exit;
}
######################################################################
+##################################
# Password checking
######################################################################
+##################################
unless ($password eq $savedpassword)
    {
    print header(-expires=>'now'), start_html("You need to Login");

print <<"FORM";
     <table border="2" width="181" bgcolor="#AAAAAA">
     <form action="" method="post">
       <tr>
       <td bgcolor="#CC0000" valign="bottom"><font color="#FFFFFF" fac
+e="Arial, Helvetica, sans-serif">Client Login </font></td>
       </tr>
       <tr>
       <td valign="top">
          <table width="181" border="0" align="center">
          <form action="/cgi-bin/member/login.cgi" method="post">
       <tr>
           <td width="59">username</td>
           <td width="122" valign="top"><input name="username" type="t
+ext" size="15"></td>
       </tr>
       <tr>
           <td>password</td>
           <td valign="top"><input name="password" type="password" siz
+e="15"></td>
       </tr>
       <tr>
           <td>&nbsp;</td>
           <td valign="top"><div align="right">
           <input type="submit" name="Submit" value="Log In">
            </div></td>
       </tr>
    </form>
        </table>
FORM


    if (param())
    {
      if (exists $users{$username})
      {

         if ($password ne $savedpassword) 
         {
            print "<b>Wrong password!</b>";
            exit;
         }
      } }
      else
      {
          print "username does not exist";
          exit;
      }
    }


######################################################################
+##################################
# Cookie setting
######################################################################
+##################################
my $cookie = cookie(
    -NAME=> $cookiename,
    -VALUE=> $password,
    );
    print header(-COOKIE => $cookie, -expires=>'now');
    print start_html("Going through here");


&processing;



sub processing
{ 
 print "test";
}  ########### END PROCESSING SUB HERE




exit;

[download]


"Age is nothing more than an inaccurate number bestowed upon us at birth as just another means for others to judge and classify us"

sulfericacid

Replies are listed 'Best First'.
Re^3: CGI login issues
by bmann (Priest) on Oct 15, 2004 at 21:23 UTC
    All right, this time I'm not going to just hand you an answer - I'm going to try to make you work for it ;) You've asked a lot of questions about cookies and form handling at pm, and seem to be asking some of the same here again. Here are some clues that will hopefully point you in the right direction...

    #1: What happens when you set a cookie with an empty value? Hint - it doesn't get stored, and if there is already a cookie with that name...

    #2: What happens when you compare two undefined values?

    perl -wle 'print "true!" if undef eq undef';
# hmm, undef eq undef is true!

    [download]

    #3: What happens when you print HTTP headers more than once to the browser?

    I think two out of three of these questions are answered at Ovid's CGI course mentioned above (I can't reach it from here right now). Also try perldoc CGI, then have a look at CGI Programming with Perl (one of many good O'Reilly books). Good luck!

[reply]
[d/l]

In Section Seekers of Perl Wisdom