Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris

How do I Implement a One-Click Login Screen on the Web?

by rbhyland (Acolyte)
on Nov 22, 2011 at 11:13 UTC ( #939427=perlquestion: print w/replies, xml ) Need Help??
rbhyland has asked for the wisdom of the Perl Monks concerning the following question:

I am a newbie to Perl, and I have been trying to set up a login screen for a Web site. When I login to Yahoo or Google I enter my UserID and Password and click the Submit button and go directly to the opening screen. On my screen, I have set up a login form with UserID and Password fields. When the user clicks submit I check the MySQL database and then I have to display a button to click so I have a triggering event to move on to the next screen. Is there a better way?

Here is my code:

#!/usr/bin/perl -w use strict; use warnings; use CGI::Carp qw(fatalsToBrowser); use CGI::Pretty; use CGI qw(:standard :cgi-lib -debug fatalsToBrowser); use DBD::mysql; use DBI; my $cgi = new CGI; my ($dbh, $selectstr, $sth, @row, $uid, $psw); my ($numrecs, $numrows, $select_str); my $CoordCookie = cookie(-name=>'MGH_Coord',-value=>0,-path=>'/',-doma +in=>''); print $cgi->header(-cookie=>$CoordCookie,-Cache_Control=>'no-cache'); print start_html(-title =>'HortLine Database Sign In', -style =>' +', -script=>{-language=>'JAVASCRIPT', -src=>''}) +; print "<div class='header'>", "<h1><img src='' alt='M +G logo' align='left' />", "&nbsp;Penn State Consumer<br /><br />&nbsp;Horticultural Help Lin +e</h1><br />"; if (!param('uid')) { print start_form(-method=>"POST",-action=>"http://hortline.rbhylan"), "<div align='center' style='border:medium;border-style:sol +id;'>", p,"User ID&nbsp;&nbsp;&nbsp;",textfield(-name=>'uid',-id=> +'uid',-value=>'',-size=>20,-maxlength=>50), p,"Password&nbsp;",password_field(-name=>'psw', -id=>'psw' +, -value=>'', -size=>20, -maxlength=>50), p,submit(-name=>'submit', -value=>'Login'), "</div>", end_form ; } else { $uid=param('uid'); $psw=param('psw'); $dbh = DBI->connect("","","", { RaiseError => 1,AutoCommit => 1 }) or &dienice("Can't connect to database: $DBI::errstr"); $selectstr = "select * from Users where Uid = ? AND Psw = ?"; $sth = $dbh->prepare($selectstr) or &dbdie; $sth->execute($uid,$psw) or &dbdie; my @UP = $sth->fetchrow_array(); if (!@UP) { &dienice(qq(User/Psw incorrect. Go to the <a href = "Login.cgi +">Login</a> page and try again.)); } else { print start_form(-method=>"post",-action=>"http://hortline.rbh"), hidden('userid',"$UP[0]"), hidden('county',"$UP[2]"), hidden('coord',"$UP[3]"), hidden('state',"$UP[4]"), br,br,"<center>", submit(-name=>'GotoSwitchboard', -value=>'Go To Main Menu'), "</center>", end_form; } } print end_html; sub dienice { my ($msg) = @_; print "<b>$msg</b>"; exit; } sub dbdie { my ($errmsg) = "$DBI::errstr<br />"; &dienice($errmsg); }

Replies are listed 'Best First'.
Re: How do I Implement a One-Click Login Screen on the Web?
by Anonymous Monk on Nov 22, 2011 at 11:22 UTC
Re: How do I Implement a One-Click Login Screen on the Web?
by scorpio17 (Abbot) on Nov 22, 2011 at 18:55 UTC

    In your "else" clause, instead of creating another form ("click here to continue", etc.), just issue a redirect (which goes to the same place your button-click takes you.)

    However - there's a big problem with the way you're doing this - you're not storing the login state into a session variable. Since HTML is stateless, once someone moves past your login page, you'll have no way of remembering whether they're logged in or not. If you don't store that state somewhere, and check it on every page, then people can leap-frog your login page and get to any page they want.

    Here's a link to a simple login tutorial I wrote: RFC: Proposed tutorial - simple login script using CGI::Application

    That should help get you started.

      In your "else" clause, instead of creating another form ("click here to continue", etc.), just issue a redirect (which goes to the same place your button-click takes you.)

      I have already printed my header, and as far as I can tell a redirect like this:

      print redirect(-location=>"");

      only works if you print it before you print the header. If I do it with Javascript I still need a button-click event to trigger it. Also, session information is in the form items and will be written into cookies on the receiving script. Cookies have to be written with the header.

        Storing session data in a cookie is a bad idea - very easy to hack. The better way is only store a session id, then you use that id to lookup the actual session data on your server.

        As for the redirect - you need to avoid sending out the header info until you know which page you're going to be generating. But, another way that might work is to include a meta tag like this inside your header:


        This will result in your original page loading, but then immediately redirecting to another page. Just take out all of the original content - the users will just see the page go white after logging in, then pop into the "switchboard".

        The trick is to simply delay sending your header until you know what you want to send as a header :)

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://939427]
Approved by moritz
LanX is Discipulus reciting "Springtime for Hitler" ?
[choroba]: erix could tell you how to do it in Postgres
[chacham]: wow, mysql really is as bad as i thougt
[choroba]: completion?
[LanX]: That's what he usually does when MySQL is mentioned ;-)
[chacham]: the same thing could be achieved with a trigger
[LanX]: choroba yes
chacham shudders at the thought of using a evil
LanX will need to find a Perl workaround ... :-|

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (10)
As of 2017-03-30 15:12 GMT
Find Nodes?
    Voting Booth?
    Should Pluto Get Its Planethood Back?

    Results (360 votes). Check out past polls.