Thanks for the help, I fixed those errors, pretty dumb of me to miss. The script is now error free, but for some reason it is still not assigning a cookie on my browser, and it seems to think the user is logged in. It is creating sessions on in the tmp folder though. Any ideas on what I am doing wrong?
#!/usr/bin/perl -w
use CGI;
use HTML::Template;
use CGI::Session;
use lib ('/home/scott/intranet/cgi/mods');
use Digest::SHA2;
use DBI;
use DBD::mysql;
my $query = new CGI;
my $sid = $query->cookie( 'CGISESSID' ) || undef;
my $session = new CGI::Session("driver:File", $sid, {Directory=>'/tmp'
+});
if (!$sid or $sid ne $session->id ) {
my $cookie = $query->cookie(
-name => 'CGISESSID',
-value => $session->id );
}
my $template = HTML::Template->new(filename => 'index.tmpl',
path => '/home/scott/intranet/cgi/intranet/',
associate => $query);
my $lg_name = $query->param("lg_nick");
my $lg_psswd = $query->param("lg_pass");
init($session, $lg_name, $lg_psswd, $template);
if($session->param("~logged-in") eq 1)
{
$template->param(TEST => "YES");
}
else
{
$template->param(TEST => "no");
}
sub init {
my ($session, $lg_name, $lg_psswd, $template) = @_; # receive two
+args
if ( $session->param("~logged-in") ) {
return 1; # if logged in, don't bother going further
}
# if we came this far, user did submit the login form
# so let's try to load his/her profile if name/psswds match
if ( my $profile = login($lg_name, $lg_psswd) ) {
$session->param("~profile", $profile);
$session->param("~logged-in", 1);
$session->clear(["~login-trials"]);
return 1;
}
# if we came this far, the login/psswds do not match
# the entries in the database
my $trials = $session->param("~login-trials") || 0;
return $session->param("~login-trials", ++$trials);
}
sub getpassword {
# MySQL CONFIG VARIABLES
my($username) = @_;
my $host = "localhost";
my $database = "write";
my $user = "dbuser";
my $pw = "dbpass";
my $dsn = "dbi:mysql:$database:localhost:3306";
my $dbstore = DBI->connect($dsn, $user, $pw) or die "Unable to con
+nect: $DBI::errstr\n";
my $prepquery = $dbstore->prepare("SELECT * FROM userlogin WHERE U
+SERNAME='$username'") or die "Unable to connect: $DBI::errstr\n";
$prepquery->execute();
my $timestampUpdate = $dbstore->prepare("UPDATE write.userlogin SE
+T userlogin.TIMESTAMP = NOW( ) WHERE userlogin.USERNAME = '$username'
+" ) or die "Unable to connect: $DBI::errstr\n";
$timestampUpdate->execute();
my $ref = $prepquery->fetchrow_hashref();
my $password = $ref->{'PASSWORD'};
$prepquery->finish();
$timestampUpdate->finish();
$dbstore->disconnect();
return $password;
}
sub login{
my($nick, $pass) = @_;
my($password) = getpassword($nick);
my $encryptobj = new Digest::SHA2 512;
$encryptobj->add($pass);
my $digest = $encryptobj->hexdigest();
if($digest eq $password){
# replace this check above with something real ie lookup f
+rom a database
return 0;
}
else
{
return 1;
}
}
$template->param(MYURL => 'http://192.168.1.9/cgi-bin');
print $query->header(-cookie=>$cookie),$template->output;
| [reply]
[d/l] |
I managed to get it to login, the return type on my database was wrong needed to add to the profile such as the $nick and not a false or true value. That seemed to fix it, but it still isnt giving a browser a cookie, maybe it doesnt do that since its a session. Thanks again :)
| [reply] |