Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Login Script

by ironside (Acolyte)
on Aug 28, 2012 at 04:39 UTC ( [id://990132]=perlquestion: print w/replies, xml ) Need Help??

ironside has asked for the wisdom of the Perl Monks concerning the following question:

Hi, I can't seem to get my login script to work properly. The user name and password are referenced against a mysql database. If the credentials are correct the user gets forwarded to another page. If not, a error message is displayed.

Verifying the username works fine, but verifying the password does not. Attached is the code. Any help would be much appreciated. Thanks.


if ($ENV{REQUEST_METHOD} eq "GET")
{
    &header();
    &dsp();
}
else
{
    &header();
    &verify_form();
    &logged_in();
}    


#Print Header   

sub header {

    $cgi_object=new CGI;
    print $cgi_object->header('text/html');
}


#Verify Form 

sub verify_form {

    $missing = 0;
    ###   Get form values   ###    
    foreach ($cgi_object->param()) 
    {
        $form{$_} = $cgi_object->param($_);
        
        $uname = $form{user_name};
        $pword = $form{pass_word};
    
        if ($form{$_} eq "")
        {
            $missing = 1;
            $error="Incorrect Username and/or Password";
        }
        
        $select = qq~select user,pass from users where user = '$uname'
+~;
        $dbh=DBI->connect($connectionInfo,$user,$passwd);
        $sth=$dbh->prepare($select);
        $sth->execute();

        if (@row = $sth->fetchrow_array())
        {
            
            if ($row[1] ne $pword)
            {
                $error="Incorrect Password";
                $missing = 1;
            }
        }
    }
    if ($missing == 1)
    {
        &dsp();
        exit;
    }
}

[download]

Replies are listed 'Best First'.
Re: Login Script
by Corion (Patriarch) on Aug 28, 2012 at 07:12 UTC

    How does verifying the password fail? Have you logged the values that you get for $pword and from the database?

    Also, why are you looping over $cgi_object->param() and checking the password inside that loop every time? Is that maybe your error?

[reply]
[d/l]
[select]
Re: Login Script
by scorpio17 (Canon) on Aug 28, 2012 at 21:03 UTC

    The code where you retrieve your form parameters should like something like this: 

    my $user_name = $cgi_object->param('user_name'} || '';
my $passwd = $cgi_object->param('passwd') || '';
unless ($user_name && $passwd) {
# handle cgi param error
}

    [download]

    The database query needs to use a placeholder, and check for errors - something like this: 

    eval {
  $sth = $dbh->prepare("select pass from users where user=?");
  $sth->execute($user_name);
};
if ($@) {
# handle database error
}

    [download]

    Since HTML is stateless, you need to use something like CGI::Session to remember that a particular user is logged in.

    Using a framework will make your life much easier. Here's a link to a simple login tutorial I wrote:
    RFC: Proposed tutorial - simple login script using CGI::Application

    That should help get you started.

[reply]
[d/l]
[select]
      That's a big help. Thank you.
[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://990132]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having a coffee break in the Monastery: (9)
As of 2024-04-19 08:49 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found