Hi Fellow Monks,
I am developing a script which is displayed after completion of payment process (the payment site calls my url with certain parameters),i verify that the payment got through and then i display a link for download of an exe file ,What i do is after verification i encrypt a cookie and then i display a html page with a link (which is another perl script).when that link is clicked i check for the cookie and then force download the exe ... is this safe ???or is there any better way of doing this ..and what is the best way of encrypting the cookie I use Crypt::CBC but it is a bit of problem installing These on windows machine also i have attached the module that is done by looking at an example in the mod_perl eagle book ..
package Auth;
use CGI qw(:standard);
use CGI::Cookie ();
use MD5 ();
use Crypt::CBC ();
use constant COOKIE_NAME => 'Cname';
use constant SECRET => '0mn1um ex 0vum';
$CIPHER ||= Crypt::CBC->new(SECRET, 'IDEA');
sub set_cookie {
my $usrname=shift;
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time
+);
$year = $year + 1900;
$mon++;
my $time = "$year$mon$mday$hour$min$sec";
$state=initialize($state,$time,$usrname);
print header(-cookie => save_state($state));
}
sub initialize {
my $state = shift;
my $time=shift;
my $usrname=shift;
$state = {} unless $state;
$state->{TIME} =$time ;
$state->{USRNAME} = $usrname;
return $state;
}
# Check or generate the MAC authentication information
sub MAC {
my($state, $action) = @_;
return undef unless ref($state);
my @fields = @{$state}{qw(TIME USRNAME)};
my ($newmac) = MD5->hexhash(SECRET .
MD5->hexhash(join '', SECRET, @fields));
return $newmac eq $state->{MAC} if $action eq 'check';
return $state->{MAC} = $newmac if $action eq 'generate';
undef;
}
# Save the current state
sub save_state {
my $state = shift;
MAC($state, 'generate'); # add MAC to the state
# encrypt the cookie
my $encrypted = $CIPHER->encrypt_hex(join ':', %{$state});
return CGI::Cookie->new(-name => COOKIE_NAME,
-value => $encrypted,
);
}
# Retrieve an existing state
sub get_state {
my $cookie = CGI::cookie(COOKIE_NAME);
return undef unless $cookie;
# decrypt the cookie
my %state = split ':', $CIPHER->decrypt_hex($cookie);
authentication_error() unless MAC(\%state, 'check');
return \%state;
}
sub authentication_error {
print"<h4> Authentication error </h4>";
}
1;