Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

How do I Implement a One-Click Login Screen on the Web?

by rbhyland (Novice)
on Nov 22, 2011 at 11:13 UTC ( #939427=perlquestion: print w/ replies, xml ) Need Help??
rbhyland has asked for the wisdom of the Perl Monks concerning the following question:

I am a newbie to Perl, and I have been trying to set up a login screen for a Web site. When I login to Yahoo or Google I enter my UserID and Password and click the Submit button and go directly to the opening screen. On my screen, I have set up a login form with UserID and Password fields. When the user clicks submit I check the MySQL database and then I have to display a button to click so I have a triggering event to move on to the next screen. Is there a better way?

Here is my code:

#!/usr/bin/perl -w use strict; use warnings; use CGI::Carp qw(fatalsToBrowser); use CGI::Pretty; use CGI qw(:standard :cgi-lib -debug fatalsToBrowser); use DBD::mysql; use DBI; my $cgi = new CGI; my ($dbh, $selectstr, $sth, @row, $uid, $psw); my ($numrecs, $numrows, $select_str); my $CoordCookie = cookie(-name=>'MGH_Coord',-value=>0,-path=>'/',-doma +in=>'.rbhyland.org'); print $cgi->header(-cookie=>$CoordCookie,-Cache_Control=>'no-cache'); print start_html(-title =>'HortLine Database Sign In', -style =>'http://www.HortLine.rbhyland.org/Styles.css +', -script=>{-language=>'JAVASCRIPT', -src=>'http://www.HortLine.rbhyland.org/Scripts.js'}) +; print "<div class='header'>", "<h1><img src='http://www.hortline.rbhyland.org/MGLogo.jpg' alt='M +G logo' align='left' />", "&nbsp;Penn State Consumer<br /><br />&nbsp;Horticultural Help Lin +e</h1><br />"; if (!param('uid')) { print start_form(-method=>"POST",-action=>"http://hortline.rbhylan +d.org/Login.cgi"), "<div align='center' style='border:medium;border-style:sol +id;'>", p,"User ID&nbsp;&nbsp;&nbsp;",textfield(-name=>'uid',-id=> +'uid',-value=>'',-size=>20,-maxlength=>50), p,"Password&nbsp;",password_field(-name=>'psw', -id=>'psw' +, -value=>'', -size=>20, -maxlength=>50), p,submit(-name=>'submit', -value=>'Login'), "</div>", end_form ; } else { $uid=param('uid'); $psw=param('psw'); $dbh = DBI->connect("","","", { RaiseError => 1,AutoCommit => 1 }) or &dienice("Can't connect to database: $DBI::errstr"); $selectstr = "select * from Users where Uid = ? AND Psw = ?"; $sth = $dbh->prepare($selectstr) or &dbdie; $sth->execute($uid,$psw) or &dbdie; my @UP = $sth->fetchrow_array(); if (!@UP) { &dienice(qq(User/Psw incorrect. Go to the <a href = "Login.cgi +">Login</a> page and try again.)); } else { print start_form(-method=>"post",-action=>"http://hortline.rbh +yland.org/Switchboard.cgi"), hidden('userid',"$UP[0]"), hidden('county',"$UP[2]"), hidden('coord',"$UP[3]"), hidden('state',"$UP[4]"), br,br,"<center>", submit(-name=>'GotoSwitchboard', -value=>'Go To Main Menu'), "</center>", end_form; } } print end_html; sub dienice { my ($msg) = @_; print "<b>$msg</b>"; exit; } sub dbdie { my ($errmsg) = "$DBI::errstr<br />"; &dienice($errmsg); }

Comment on How do I Implement a One-Click Login Screen on the Web?
Download Code
Re: How do I Implement a One-Click Login Screen on the Web?
by Anonymous Monk on Nov 22, 2011 at 11:22 UTC
Re: How do I Implement a One-Click Login Screen on the Web?
by scorpio17 (Monsignor) on Nov 22, 2011 at 18:55 UTC

    In your "else" clause, instead of creating another form ("click here to continue", etc.), just issue a redirect (which goes to the same place your button-click takes you.)

    However - there's a big problem with the way you're doing this - you're not storing the login state into a session variable. Since HTML is stateless, once someone moves past your login page, you'll have no way of remembering whether they're logged in or not. If you don't store that state somewhere, and check it on every page, then people can leap-frog your login page and get to any page they want.

    Here's a link to a simple login tutorial I wrote: RFC: Proposed tutorial - simple login script using CGI::Application

    That should help get you started.

      In your "else" clause, instead of creating another form ("click here to continue", etc.), just issue a redirect (which goes to the same place your button-click takes you.)

      I have already printed my header, and as far as I can tell a redirect like this:

      print redirect(-location=>"http://my.site.org/Switchboard.cgi");

      only works if you print it before you print the header. If I do it with Javascript I still need a button-click event to trigger it. Also, session information is in the form items and will be written into cookies on the receiving script. Cookies have to be written with the header.

        The trick is to simply delay sending your header until you know what you want to send as a header :)

        Storing session data in a cookie is a bad idea - very easy to hack. The better way is only store a session id, then you use that id to lookup the actual session data on your server.

        As for the redirect - you need to avoid sending out the header info until you know which page you're going to be generating. But, another way that might work is to include a meta tag like this inside your header:

        <META HTTP-EQUIV="REFRESH" CONTENT="0; URL=http://my.site.org/Switchboard.cgi" >

        This will result in your original page loading, but then immediately redirecting to another page. Just take out all of the original content - the users will just see the page go white after logging in, then pop into the "switchboard".

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://939427]
Approved by moritz
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (10)
As of 2014-12-27 06:47 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (176 votes), past polls