#!/usr/bin/perl -wT # read about Tainted input or die use strict; use CGI qw(:standard escapeHTML); use vars qw ( @accts $acct_name $all_accts ); our $value = (param('ckin')); # get account ID from the form above unless ( $value =~ /^[a-z]{5}$/i ) { &out_badlog(); # See *1 exit; } # See *2 open (INFILE,'<', 'accts.db') or die "Can't open accounts data"; our ( @accts ) = split /\s/,; close (INFILE); for $acct_name( @accts ) { $all_accts = $all_accts . $acct_name; } if ( $all_accts =~ /$value/ ) { &out_logged_in($value); # See *3 } else { &out_badlog($value); } ... # BAD LOGIN PAGE - output a doc sub out_badlog { print <<_END_OF_INPUT_ Sample title ... banner, other foofarawh here....

Bad login!

_END_OF_INPUT_ ; print ('

Login attempted was: ' . $value . '

'); print <<_END_OF_VAL

That was NOT a valid login!

 

Back to login page


_END_OF_VAL ; }