titanic_fanataic has asked for the wisdom of the Perl Monks concerning the following question:

Okay, so now I have figured out how to set a cookie, but now I'm having trouble with... well, I'm not too sure actually. This is what happens.

1. I login to the script (Cookie is created fine)
2. I try to use one of the features of the admin (each feature has it's own subroutine in the script), but it give me an internal server error(malformed header=<html>)
3. I try the logout button (logout cookie is created fine), but now I can just click on submit without entering my un/pw form the login page and it validates the user.

This is the code I used to create the login/logout cookies: 

sub set_login_cookie {

    my $loggedIn=cookie(-name=>'loggedIn',
                        -value=>'true',
                        -expires=>'+30m',
                        -path=>'/public_html/cgi-bin/cit/');

print header(-cookie=>$loggedIn);

}



sub set_logout_cookie{

    my $loggedIn=cookie(-name=>'loggedIn',
                        -value=>'false',
                        -path=>'/public_html/cgi-bin/cit/');

print header(-cookie=>$loggedIn);
}

[download]

Here is the code I used for the login page and the main page: 

sub login_html {

my $cookie = "cookie('loggedIn')";

print<<EndOfHTML;
<HTML>
<HEAD>
<TITLE>Net Works Web Design - Client Invoice Tracker: Admin Logon</TIT
+LE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1
+">
<link rel="SHORTCUT ICON" href="http://nw-webdesign.000k.net/images/Fa
+vicon.ico">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="0" topmargin="0" marginwidth="0" mar
+ginheight="0" link="#666699">
<div align="center">
<table width=780 border=0 cellpadding=0 cellspacing=0 height="383" bgc
+olor="#FFFFFF">
  <tr>
    <td rowspan=2> <img src="http://nw-webdesign.000k.net/images/index
+_01.gif" width=165 height=35></td>
    <td colspan=2> <img src="http://nw-webdesign.000k.net/images/index
+_02.gif" width=615 height=24></td>
  </tr>
  <tr>
    <td> <img src="http://nw-webdesign.000k.net/images/index_03.gif" w
+idth=1 height=11></td>
    <td rowspan=2> <img src="http://nw-webdesign.000k.net/images/index
+_04.gif" width=614 height=73></td>
  </tr>
  <tr>
    <td colspan=2 height="39"> <img src="http://nw-webdesign.000k.net/
+images/logo.gif" width=166 height=62></td>
  </tr>
  <tr>
    <td colspan=3 background="http://nw-webdesign.000k.net/images/link
+s.gif">
      <table width="100%" border="0" cellspacing="0" cellpadding="0" b
+ackground="http://nw-webdesign.000k.net/images/links.gif">
        <tr>
          <td width="37%" height="28" align="center" valign="bottom"><
+font size="-1" color="#000000"><!--#INCLUDE VIRTUAL="/cgi-bin/date/da
+tetime.cgi"--></font></td>
          <td width="10%" height="28"><div align="center"><font color=
+"#666699" face="Geneva, Arial, Helvetica, san-serif" size="1"><strong
+><a href="http://nw-webdesign.000k.net/about.htm">ABOUT US</a></stron
+g></font></div></td>
          <td width="10%" height="28"><div align="center"><font color=
+"#666699" face="Geneva, Arial, Helvetica, san-serif" size="1"><strong
+><a href="http://nw-webdesign.000k.net/services.htm">SERVICES</a></st
+rong></font></div></td>
          <td width="10%" height="28"><div align="center"><font color=
+"#666699" face="Geneva, Arial, Helvetica, san-serif" size="1"><strong
+><a href="http://nw-webdesign.000k.net/portfolio.htm">PORTFOLIO</a></
+strong></font></div></td>
          <td width="10%" height="28"><div align="center"><font color=
+"#666699" face="Geneva, Arial, Helvetica, san-serif" size="1"><strong
+><a href="http://nw-webdesign.000k.net/helpdesk/" target="_blank">HEL
+P DESK</a></strong></font></div></td>
          <td width="10%" height="28"><div align="center"><font color=
+"#666699" face="Geneva, Arial, Helvetica, san-serif" size="1"><strong
+><a href="http://nw-webdesign.000k.net">HOME</a></strong></font></div
+></td>
          <td width="10%" height="28"><div align="center">&nbsp;</div>
+</td>
        </tr>
      </table>
    </td>
  </tr>
  <tr>
    <td colspan=3 height="233">
      <table width="100%" border="0" cellspacing="0" cellpadding="10" 
+height="188">
        <tr>
          <td height="212" valign="top"><h3><font color="#999999" face
+="Geneva, Arial, Helvetica, san-serif"><strong>Client Invoice Tracker
+: Administration Logon</strong></font></h3>
            <p><font face="Geneva, Arial, Helvetica, san-serif">Use th
+e form below to login to the administration section to preform mainte
+nace tasks and to update current invoices:</font></p>
                        <form action="$actionaddress?login" method="po
+st">
                          <table align="center" cellpadding="2" cellsp
+acing="2">
                            <tr>
                              <td><font size="2" face="Geneva, Arial, 
+Helvetica, san-serif">Username:</font></td>
                              <td><input type="text" name="username"><
+/td>
                            </tr>
                            <tr>
                              <td><font size="2" face="Geneva, Arial, 
+Helvetica, san-serif">Password:</font></td>
                              <td><input type="password" name="passwor
+d"></td>
                            </tr>
                            <tr>
                              <td colspan="2" align="center"><input ty
+pe="submit" value="Submit"></td>
                            </tr>
                          </table>
                        </form>
            </td></tr>
      </table>
                              <!--#include virtual="/cgi-bin/logitpro/
+logitpro.pl?c_count"-->
          </td>
  </tr>
  <tr>
    <td colspan=3 height="14">
      <div align="center">
        <table width="100%" border="0" cellspacing="0" cellpadding="0"
+ height="35" align="center">
          <tr>
            <td background="http://nw-webdesign.000k.net/images/index_
+08.gif" height="35">
              <div align="center"><b><font face="Geneva, Arial, Helvet
+ica, san-serif" size="1" color="#666699">Copyright&copy;
                2004/2005 <em>Net Works Web Design</em></font></b></di
+v>
            </td>
          </tr>
        </table>
      </div>
    </td>
  </tr>
</table>
</div>
</BODY>
</HTML>
EndOfHTML

exit;
}

[download]
sub admin_main {

    my $cookie = cookie('loggedIn');

if ($cookie eq "true"){

print<<EndOfHTML;
<HTML>
<HEAD>
<TITLE>Net Works Web Design - Client Invoice Tracker: Administration</
+TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1
+">
<link rel="SHORTCUT ICON" href="http://nw-webdesign.000k.net/images/Fa
+vicon.ico">
<style type="text/css">
<!--
.adminbutton {
        width: 120px;
        font-style: italic;
        font-weight: normal;
}
-->
</style>
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="0" topmargin="0" marginwidth="0" mar
+ginheight="0" link="#666699">
<div align="center">
<table width=780 border=0 cellpadding=0 cellspacing=0 height="383" bgc
+olor="#FFFFFF">
  <tr>
    <td rowspan=2> <img src="http://nw-webdesign.000k.net/images/index
+_01.gif" width=165 height=35></td>
    <td colspan=2> <img src="http://nw-webdesign.000k.net/images/index
+_02.gif" width=615 height=24></td>
  </tr>
  <tr>
    <td> <img src="http://nw-webdesign.000k.net/images/index_03.gif" w
+idth=1 height=11></td>
    <td rowspan=2> <img src="http://nw-webdesign.000k.net/images/index
+_04.gif" width=614 height=73></td>
  </tr>
  <tr>
    <td colspan=2 height="39"> <img src="http://nw-webdesign.000k.net/
+images/logo.gif" width=166 height=62></td>
  </tr>
  <tr>
    <td colspan=3 background="http://nw-webdesign.000k.net/images/link
+s.gif">
      <table width="100%" border="0" cellspacing="0" cellpadding="0" b
+ackground="http://nw-webdesign.000k.net/images/links.gif">
        <tr>
          <td width="37%" height="28" align="center" valign="bottom">&
+nbsp;</td>
          <td width="10%" height="28"><div align="center"><font color=
+"#666699" face="Geneva, Arial, Helvetica, san-serif" size="1"><strong
+><a href="http://nw-webdesign.000k.net/about.htm">ABOUT US</a></stron
+g></font></div></td>
          <td width="10%" height="28"><div align="center"><font color=
+"#666699" face="Geneva, Arial, Helvetica, san-serif" size="1"><strong
+><a href="http://nw-webdesign.000k.net/services.htm">SERVICES</a></st
+rong></font></div></td>
          <td width="10%" height="28"><div align="center"><font color=
+"#666699" face="Geneva, Arial, Helvetica, san-serif" size="1"><strong
+><a href="http://nw-webdesign.000k.net/portfolio.htm">PORTFOLIO</a></
+strong></font></div></td>
          <td width="10%" height="28"><div align="center"><font color=
+"#666699" face="Geneva, Arial, Helvetica, san-serif" size="1"><strong
+><a href="http://nw-webdesign.000k.net/helpdesk/">HELP DESK</a></stro
+ng></font></div></td>
          <td width="10%" height="28"><div align="center"><font color=
+"#666699" face="Geneva, Arial, Helvetica, san-serif" size="1"><strong
+><a href="http://nw-webdesign.000k.net">HOME</a></strong></font></div
+></td>
          <td width="10%" height="28"><div align="center"><font color=
+"#666699" face="Geneva, Arial, Helvetica, san-serif" size="1"><strong
+><a href="http://nw-webdesign.000k.net/cgi-bin/cit/citadmin.cgi?logou
+t">LOGOUT</a></strong></font></div></td>
        </tr>
      </table>
    </td>
  </tr>
  <tr>
    <td colspan=3 height="233">
      <table width="100%" border="0" cellspacing="0" cellpadding="10" 
+height="188">
        <tr>
          <td height="212" valign="top"><font color="#999999" face="Ge
+neva, Arial, Helvetica, san-serif"><strong>
          <h3>CLIENT INVOICE TRACKER: ADMINISTRATION &gt;&gt; ADMIN OP
+TIONS</h3>
          </strong></font>
            <font color="#999999" face="Geneva, Arial, Helvetica, san-
+serif">
            <p>Administration Options are as follows:
            </font>
            <div align="center">
                <table width="90%" cellpadding="2"  cellspacing="2">
                  <tr>
                    <td width="19%"><form name="add" method="post" act
+ion="$actionaddress?add"><input name="add" type="submit" class="admin
+button" id="add" value="Add User"></form></td>
                    <td width="81%">Adds a user to the Client Invoice 
+Tracker database. </td>
                  </tr>
                  <tr>
                    <td><form name="add" method="post" action="$action
+address?delete"><input name="delete" type="submit" class="adminbutton
+" id="delete" value="Delete User"></form></td>
                    <td>Deletes a user from the Client Invoice Tracker
+ database. </td>
                  </tr>
                  <tr>
                    <td><form name="add" method="post" action="$action
+address?editin"><input name="editin" type="submit" class="adminbutton
+" id="editin" value="Edit Invoice"></form></td>
                    <td>Edit a current client's Invoice information. <
+/td>
                  </tr>
                  <tr>
                    <td><form name="add" method="post" action="$action
+address?editus"><input name="editus" type="submit" class="adminbutton
+" id="editus" value="Edit User"></form></td>
                    <td>Edit a current client's information. </td>
                  </tr>
                  <tr>
                    <td><form name="add" method="post" action="$action
+address?adminpasswd"><input name="adminpasswd" type="submit" class="a
+dminbutton" id="adminpasswd" value="Admin Password"></form></td>
                    <td>Change the administration password. </td>
                  </tr>
                  <tr>
                    <td><form name="add" method="post" action="$action
+address?userpasswd"><input name="userpasswd" type="submit" class="adm
+inbutton" id="userpasswd" value="User Password"></form></td>
                    <td>Change a current client's password. </td>
                  </tr>
                </table>
              </form>
              <font color="#999999" face="Geneva, Arial, Helvetica, sa
+n-serif" size="2">
            </font></div>
            <font color="#999999" face="Geneva, Arial, Helvetica, san-
+serif" size="2">
            <p>
            </p>
            </font></td>
        </tr>
      </table>
                              <!--#include virtual="/cgi-bin/logitpro/
+logitpro.pl?c_count"-->
      </td>
  </tr>
  <tr>
    <td colspan=3 height="14">
      <div align="center">
        <table width="100%" border="0" cellspacing="0" cellpadding="0"
+ height="35" align="center">
          <tr>
            <td background="http://nw-webdesign.000k.net/images/index_
+08.gif" height="35">
              <div align="center"><b><font face="Geneva, Arial, Helvet
+ica, san-serif" size="1" color="#666699">Copyright&copy;
                2004/2005 <em>Net Works Web Design</em></font></b></di
+v>
            </td>
          </tr>
        </table>
      </div>
    </td>
  </tr>
</table>
</div>
</BODY>
</HTML>
EndOfHTML
 }
 else {
     &login_html();
 }

exit;
}

[download]

And heres the code I used for the "add user" feature: 

sub add_user{

 my $cookie = "cookie('loggedIn')";

if ($cookie eq "true"){

print "Content-type: text/html\n\n";

print<<EndOfHTML;
<HTML>
<HEAD>
<TITLE>Net Works Web Design - Client Invoice Tracker: Administration</
+TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1
+">
<link rel="SHORTCUT ICON" href="http://nw-webdesign.000k.net/images/Fa
+vicon.ico">

</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="0" topmargin="0" marginwidth="0" mar
+ginheight="0" link="#666699">
<div align="center">
<table width=780 border=0 cellpadding=0 cellspacing=0 height="383" bgc
+olor="#FFFFFF">
  <tr>
    <td rowspan=2> <img src="http://nw-webdesign.000k.net/images/index
+_01.gif" width=165 height=35></td>
    <td colspan=2> <img src="http://nw-webdesign.000k.net/images/index
+_02.gif" width=615 height=24></td>
  </tr>
  <tr>
    <td> <img src="http://nw-webdesign.000k.net/images/index_03.gif" w
+idth=1 height=11></td>
    <td rowspan=2> <img src="http://nw-webdesign.000k.net/images/index
+_04.gif" width=614 height=73></td>
  </tr>
  <tr>
    <td colspan=2 height="39"> <img src="http://nw-webdesign.000k.net/
+images/logo.gif" width=166 height=62></td>
  </tr>
  <tr>
    <td colspan=3 background="http://nw-webdesign.000k.net/images/link
+s.gif">
      <table width="100%" border="0" cellspacing="0" cellpadding="0" b
+ackground="http://nw-webdesign.000k.net/images/links.gif">
        <tr>
          <td width="37%" height="28" align="center" valign="bottom">&
+nbsp;</td>
          <td width="10%" height="28"><div align="center"><font color=
+"#666699" face="Geneva, Arial, Helvetica, san-serif" size="1"><strong
+><a href="http://nw-webdesign.000k.net/about.htm">ABOUT US</a></stron
+g></font></div></td>
          <td width="10%" height="28"><div align="center"><font color=
+"#666699" face="Geneva, Arial, Helvetica, san-serif" size="1"><strong
+><a href="http://nw-webdesign.000k.net/services.htm">SERVICES</a></st
+rong></font></div></td>
          <td width="10%" height="28"><div align="center"><font color=
+"#666699" face="Geneva, Arial, Helvetica, san-serif" size="1"><strong
+><a href="http://nw-webdesign.000k.net/portfolio.htm">PORTFOLIO</a></
+strong></font></div></td>
          <td width="10%" height="28"><div align="center"><font color=
+"#666699" face="Geneva, Arial, Helvetica, san-serif" size="1"><strong
+><a href="http://nw-webdesign.000k.net/helpdesk/">HELP DESK</a></stro
+ng></font></div></td>
          <td width="10%" height="28"><div align="center"><font color=
+"#666699" face="Geneva, Arial, Helvetica, san-serif" size="1"><strong
+><a href="http://nw-webdesign.000k.net">HOME</a></strong></font></div
+></td>
          <td width="10%" height="28"><div align="center"><font color=
+"#666699" face="Geneva, Arial, Helvetica, san-serif" size="1"><strong
+><a href="http://nw-webdesign.000k.net/cgi-bin/cit/citadmin.cgi?logou
+t">LOGOUT</a></strong></font></div></td>
        </tr>
      </table>
    </td>
  </tr>
  <tr>
    <td colspan=3 height="233">
      <table width="100%" border="0" cellspacing="0" cellpadding="10" 
+height="188">
        <tr>
          <td height="212" valign="top"><font color="#999999" face="Ge
+neva, Arial, Helvetica, san-serif"><strong>
          <h3>CLIENT INVOICE TRACKER: ADMINISTRATION &gt;&gt; ADD A US
+ER </h3>
          </strong></font>
            <p><font color="#999999" face="Geneva, Arial, Helvetica, s
+an-serif">To add a client to the Client Invoice Tracker database, fil
+l out all of the information below and click on the submit button:</f
+ont>
            <form name="add" method="post" action="$actionaddress?addu
+serwrite">
              <table align="center" cellpadding="2"  cellspacing="2">
                <tr>
                  <td align="right">Company Name:</td>
                  <td><input name="cname" type="text" id="cname">
                  </td>
                </tr>
                <tr>
                  <td align="right">E-mail Address:</td>
                  <td><input name="email" type="text" id="email"></td>
                </tr>
                <tr>
                  <td align="right">Client ID #:</td>
                  <td><input name="clientid" type="text" id="clientid"
+></td>
                </tr>
                <tr>
                  <td align="right">Password:</td>
                  <td><input name="password" type="password" id="passw
+ord"></td>
                </tr>
                <tr>
                  <td align="right"><input type="submit" name="Submit"
+ value="Submit"></td>
                  <td><input type="reset" name="Reset" value="Reset"><
+/td>
                </tr>
              </table>
            </form>
            <p><font color="#999999" size="2"></font></td>
        </tr>
      </table>
                              <!--#include virtual="/cgi-bin/logitpro/
+logitpro.pl?c_count"-->
      </td>
  </tr>
  <tr>
    <td colspan=3 height="14">
      <div align="center">
        <table width="100%" border="0" cellspacing="0" cellpadding="0"
+ height="35" align="center">
          <tr>
            <td background="http://nw-webdesign.000k.net/images/index_
+08.gif" height="35">
              <div align="center"><b><font face="Geneva, Arial, Helvet
+ica, san-serif" size="1" color="#666699">Copyright&copy;
                2004/2005 <em>Net Works Web Design</em></font></b></di
+v>
            </td>
          </tr>
        </table>
      </div>
    </td>
  </tr>
</table>
</div>
</BODY>
</HTML>
EndOfHTML
}
else {

    &login_html();

}

exit;
}

[download]

Any help with this is greatly appreciated,
Tylor

2005-01-15 Janitored by Arunbear - added readmore tags, as per Monastery guidelines

Replies are listed 'Best First'.
Re: Trouble with cookies
by Ovid (Cardinal) on Jan 14, 2005 at 23:02 UTC

    You probably could have skipped most of the HTML in that post. I makes it hard to wade through. Also, if you read through your post carefully, you'll notice that you didn't actually ask a question, so it's tough to know how to help you. Even when you mention that one of your admin functions, you don't mention which one. However, I did notice a couple of things:

    sub add_user{

 my $cookie = "cookie('loggedIn')"; # <-- What?

if ($cookie eq "true"){

    [download]

    I don't think you want "cookie('loggedIn')" in quotes. The other thing I noticed (and this will throw a malformed header error:

    sub login_html {

my $cookie = "cookie('loggedIn')";

print<<EndOfHTML;
<HTML>
<HEAD>

    [download]

    You forgot to print the header and you again are again failing to call the cookie() function.

    Also, since you're apparently using CGI.pm, you may as well use its header() function:

    sub login_html {
    my $cookie = cookie('loggedIn');
    print header(), <<EndOfHTML;
<HTML>
...

    [download]

    Cheers,
    Ovid

    New address of my CGI Course.

[reply]
[d/l]
[select]
Re: Trouble with cookies
by saskaqueer (Friar) on Jan 14, 2005 at 23:09 UTC

    Your login implementation is absolutely horrible, to say the least. You do realize that anybody can provide your website with any cookie value he or she wants, right? So, all I have to do is manually send a "loggedIn=true" cookie to this page of yours, and I will have full administration access.

    You need to come up with a better 'login' scheme, perhaps using sessions, so that you can verify that the person providing the cookie has the proper permissions to do so. In any case, don't leave it like this, using a simple true/false value to determine who gets administration provileges.

[reply]
      What saskaqueer is getting at is that it is easy for someone familiar with HTTP and CGI to tell your CGI that they are logged in. We even see shopping cart tools on sites that pass the item's price from page to page like that. This way of doing things actually happens rather often and you can see why it's a problem.

      The general solution to this problem is to only store a reasonably hard to predict number in the cookie. When the cookie comes in with a request your code has to lookup that number in a database or a file (often named something like "/tmp/session_" . $number ). Then the database or file contains the actual information like the login name, etc.

      I recommend reading How to remember who is logged in... before building too much more of your system.
[reply]
[d/l]
Re: Trouble with cookies
by Tanktalus (Canon) on Jan 14, 2005 at 23:56 UTC

    Here are a couple suggestions for cleaning up that code:

    • HTML::Template - get that HTML code out of your perl code. Too difficult to read. Others may suggest perldoc:://Text::Template, or a myriad of others. It doesn't matter too much to me - you can even use perldoc:://XML::Twig for all I care (make sure you're 100% XHTML-compliant if you want to go for this one...). Just pick something.
    • CGI::Application - put some order to it all. This one you might already be using, but if you were, it would have pointed you to investigate HTML::Template. Note that while I think there are some serious shortcomings to CGI::Application, it is still revolutionary over older CGI programming strategies.
    This should help make this a wee bit easier to handle. And thus easier for others to help with. Also, try to firm up what your question is, if possible. Especially with CGI scripting - it's harder for others to reproduce than other types of programs that we can take the source and run easily.

[reply]

Back to Seekers of Perl Wisdom