Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

302 Found Location Message

by Walter_T (Initiate)
on Mar 09, 2020 at 17:40 UTC ( #11114021=perlquestion: print w/replies, xml ) Need Help??

Walter_T has asked for the wisdom of the Perl Monks concerning the following question:

Good Day, I have a question with regards to the message I received in the web browser. I have read that this 302 message is normal. Status: 302 Found Location: http//192.168.1.5/train/main.htm How can I get the page main.htm to load properly without receiving the message? I am a new programmer to Perl but enjoy reading about the workings of the language and truly enjoy learning Perl. I have to admit I am stumped. What I have is a form, when submitted to a perl script, grabs the form values, connects to a sqlite3 db, checks for existing values,returns an html page. I realize the code needs work, but why won't the html page get processed? Instead I receive the Status: 302 message. I appreciate on the gentle help that could be available. Thank you!
#!/usr/bin/perl -wT use CGI qw(:standard); use CGI::Carp qw(warningsToBrowser fatalsToBrowser); use strict; use DBI; print header; print start_html("Login"); print h4("Login Engineer Form"); our ($p,$l,$a,$z,$id,$user,$password,$role,$query); $query = new CGI; foreach my $p (param()) { $l = param('fname'); $a = param('userpassword'); $z = param('selectrole'); } my $dbh = DBI->connect( "dbi:SQLite:dbname=master_train.db", { RaiseError => 1 } ) or die $DBI::errstr; my $sth = $dbh->prepare( "SELECT * FROM users" ); $sth->execute(); while(($id, $user, $password, $role)=$sth->fetchrow_array){ our ($l,$a,$z); if(($l eq $user)&&($a eq $password)&&($z eq $role)){ if($role eq $z){ print redirect("http//192.168.1.5/train/main.htm") +; } else { print redirect("http://192.168.1.5/train/login +.htm"); } } } $dbh->disconnect(); print end_html;

Replies are listed 'Best First'.
Re: 302 Found Location Message
by haukex (Bishop) on Mar 09, 2020 at 17:56 UTC
    print header; print start_html("Login"); ... print redirect("http//192.168.1.5/train/main.htm");

    You can't use both redirect and output something else to the browser. If I understand what your code is doing, you probably want to wait with outputting the header and HTML until it's clear the user isn't being redirected.

    I see a few more points in your code that could be improved:

    • Declare variables for the smallest possible scope where they are needed, for example while( my ($id, $user, .... This will lead to less scoping issues; for example you've declared ($l,$a,$z) twice, which isn't necessary (and you should prefer my over our).
    • Avoid the variable names $a or $b as they are special for sort.
    • You don't need the foreach my $p (param()) loop since you're accessing the parameters directly by name.
    • You don't need the $query = new CGI; since you're not using it anywhere; use either CGI.pm's object-oriented interface or its functional interface.
    • You're doing the if($role eq $z) test twice; the second time it'll always be true.
    • Instead of scanning the database yourself, look into SQL's WHERE clause and make sure to use placeholders, as documented in DBI.
    • If train/main.htm doesn't do any authentication of its own, people will be able to easily circumvent this login form by entering the URL directly.
    • See UP-TO-DATE Comparison of CGI Alternatives - personally I'd strongly recommend Mojolicious instead of CGI.pm; see Mojolicious::Guides::Tutorial, it's a very different and IMHO much nicer way to do web development. Update: I just posted an example.
      Thank you haukex. I will look over my code and take a look at Mojolicious. Thank you again for your help.
Re: 302 Found Location Message
by haukex (Bishop) on Mar 09, 2020 at 20:45 UTC

    Here's an implementation of a login system with Mojolicious::Lite and Mojo::SQLite. It may seem fairly long, but some of that code is because I added password encryption using PBKDF2::Tiny and Crypt::Random::Source (Update: and of course because it's entirely self-contained, it includes all the templates etc.). The security could even be expanded, such as adding brute force attack prevention (often done via a delay on unsuccessful attempts), or even hashing the password on the client side. Download the following code as e.g. mojo_login_example.pl, install the aforementioned modules, and then run the command: morbo --listen=http://127.0.0.1:3000 --listen=https://127.0.0.1:4430 mojo_login_example.pl

Re: 302 Found Location Message
by AnomalousMonk (Bishop) on Mar 09, 2020 at 21:35 UTC

    Walter_T:   To expand on the first point made by haukex, re-declaring a global (e.g., our) variable isn't just unnecessary, it's completely useless. The only thing it will do is to generate a warning message if warnings are enabled – which, IMHO, they should always be.

    c:\@Work\Perl\monks>perl -le "use strict; use warnings; ;; our $x = 'x before loop'; print qq{before loop: '$x'}; ;; for my $i (1 .. 2) { our $x = 'x in loop'; print qq{in loop: iteration $i: '$x'}; } ;; print qq{after loop: '$x'}; " "our" variable $x redeclared at -e line 1. (Did you mean "local" instead of "our"?) before loop: 'x before loop' in loop: iteration 1: 'x in loop' in loop: iteration 2: 'x in loop' after loop: 'x in loop'

    As the warning message suggests, you may have been thinking of local, which will actually do something in this situation.

    c:\@Work\Perl\monks>perl -le "use strict; use warnings; ;; our $x = 'x before loop'; print qq{before loop: '$x'}; ;; for my $i (1 .. 2) { local $x = 'x in loop'; print qq{in loop: iteration $i: '$x'}; } ;; print qq{after loop: '$x'}; " before loop: 'x before loop' in loop: iteration 1: 'x in loop' in loop: iteration 2: 'x in loop' after loop: 'x before loop'
    But even when used in this way, globals should, I believe, be avoided. In general, use globals only for good, well-understood reasons.


    Give a man a fish:  <%-{-{-{-<

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://11114021]
Approved by haukex
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (2)
As of 2021-09-26 22:32 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?