$hash = generate_hash( $user_id . $timeout );
[blah]
# in the form we have
# now in the code we do
use CGI;
my $q = new CGI;
my $user_id = $q->param('user_id');
my $timout = $q->param('timeout');
my $hash = $q->param('hash');
unless( $hash ) {
login('Login');
exit 0;
}
if ( validate_hash( $hash, $user_id.$timeout ) ) {
# we have a valid user id with an unchanged hash but have we timed out?
if ( time() > $timeout ) {
login( 'Session timed out. Please Login' );
}
else {
# update our timeout for the next iteration
$timeout = time() + $TIMEOUT; # 300 seconds is generally OK
run_whatever();
}
}
else {
error( 'Invalid Checksum' );
}
##### SUBS #####
sub validate_hash {
my ( $hash, $plain_text ) = @_;
return $hash eq generate_hash($plain_text) ? 1 : 0;
}
sub generate_hash {
my ( $plain_text ) = @_;
require Digest::MD5;
# note we append a random secret string so just concatenating
# the hidden fields and trying an MD% hash will not ever give a valid checksum
return Digest::MD5->new->add( $plain_text . 'GNUisnotunixandtheansweris42' )->hexdigest;
}