CGI Login script error

mattdope has asked for the wisdom of the Perl Monks concerning the following question:

hi there, was looking for some help. I have created a login page in html and a perl/cgi script to check the password entry but when i submit my form i keep encountering an internal server error. This is my perl code:

#!/usr/local/bin/perl -Tw

use CGI qw( :standard -debug);

$testUsername = param( "username" );
$testPassword= param( "password" );

open( PW, "password.txt" ) ||
die( "The database could not be opened." );
while ( $line = <PW> ) {
chomp( $line );
( $username, $password ) = split( ",", $line );
chop($password);
if ( $testUsername eq $username ){
$userVerified = 1;
if ( $testPassword eq $password ) {
$passwordVerified = 1;
}
}
}
close( PW );

print header();
print start_html("Checking password!");
if ( $userVerified&& $passwordVerified ) {
print "Permissionhas been granted, $testUsername .<br>";
print "Enjoy the site!< br>"
}
elsif ( $userVerified && !$passwordVerified ) {
print "You entered an invalid password. <br>";
print "Access has been denied. <br>";
}
else {
print "You have been denied access to this site.<br>";
}
print end_html();
[download]

Any ideas why this is happening? Thanks for many suggestions, matt

2006-07-14 Retitled by planetscape, as per Monastery guidelines

( keep:3 edit:20 reap:0 )

Original title: 'server error'

Comment on CGI Login script error Download Code

Replies are listed 'Best First'.
Re: CGI Login script error by ikegami (Patriarch) on Jul 13, 2006 at 20:23 UTC
What does the server's error log say? If you don't have access to it, use CGI::Carp: `use CGI::Carp qw(fatalsToBrowser);`	[reply] [d/l]
Re^2: CGI Login script error by mattdope (Acolyte) on Jul 13, 2006 at 21:15 UTC
thanks for that. I used : `#!/usr/local/bin/perl -Tw use CGI::Carp qw(fatalsToBrowser); die "Bad error here";` [download] I am now getting "Bad error here at sampleForm.cgi line 3" Any ideas what i am doing wrong?	[reply] [d/l]
Re^3: CGI Login script error by Joost (Canon) on Jul 13, 2006 at 21:22 UTC
It means that script works. I.e. it sends the die() error out to the browser. Try putting the CGI::Carp line in your original script (at the top). "What should it profit a man, if he should win a flame war, yet lose his cool?"	[reply]
Re^4: CGI Login script error by mattdope (Acolyte) on Jul 13, 2006 at 21:36 UTC
Re^5: CGI Login script error by Joost (Canon) on Jul 13, 2006 at 21:43 UTC
Re^4: CGI Login script error by mattdope (Acolyte) on Jul 13, 2006 at 21:42 UTC
Re: CGI Login script error by ptum (Priest) on Jul 13, 2006 at 20:32 UTC
In general, you'll find that you will save yourself a lot of grief if you print your header as early as possible in your script. That way if something goes wrong and you print an error message, it won't confuse the browser (which expects a particular Content-Type message as the first output of your script. I use the fatalsToBrowser and warningsToBrowser in CGI::Carp recommended by Joost and ikegami extensively. Remember, the user under which a CGI script is executed through the webserver is generally different from the command-line environment user, and will often lack file permissions and environment variables that you expect it to have. Update: I notice that you do not specify any path for the password.txt file -- that seems to be one very good reason why it may fail to open the file, and (as pointed out by Joost, it will then print an error message which precedes the header (which is bad). No good deed goes unpunished. -- (attributed to) Oscar Wilde	[reply]
Re^2: CGI Login script error by mattdope (Acolyte) on Jul 13, 2006 at 21:21 UTC
Thanks for that. I am new to perl. I have placed the text file in the same directory as the cgi file. This is why I have not added a path. Is this the right thing to do?	[reply]
Re^3: CGI Login script error by Joost (Canon) on Jul 13, 2006 at 21:25 UTC
Usually, that should work, but I think some server configurations can mess with the current directory. Please either check the server error log or use the fatalsToBrowser construct to see what is really going wrong. Don't leave us (and yourself) guessing. "What should it profit a man, if he should win a flame war, yet lose his cool?"	[reply]
Re: CGI Login script error by Joost (Canon) on Jul 13, 2006 at 20:26 UTC
Check the server logs. One thing that can happen is that your database file can't be opened, in which case there are no headers printed. Alternatively, you could also use CGI::Carp qw(fatalsToBrowser) "What should it profit a man, if he should win a flame war, yet lose his cool?"	[reply]
Re: CGI Login script error by cLive ;-) (Prior) on Jul 14, 2006 at 01:54 UTC
use strict and warnings you're running under taint but not untainting params use CGI::Carp 'fatalsToBrowser'; please indent - it's unreadable! don't store passwords unencrypted. Use Digest::MD5 or similar to store Try to fix that lot, then see what happens. If you still have problems, copy and paste here the error from your apache error log and we can take another look.	[reply]
Re: CGI Login script error by kwaping (Priest) on Jul 13, 2006 at 23:30 UTC
Not much to go on here, but along with the other suggestions, you should check the permissions on your CGI file to make sure it's executable by the web server user. (If this doesn't mean anything to you, let us know and I or someone else will explain further.) --- It's all fine and dandy until someone has to look at the code.	[reply]