Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Re: Testing password variable

by tangent (Parson)
on Mar 09, 2012 at 03:56 UTC ( [id://958616]=note: print w/replies, xml ) Need Help??


in reply to Testing password variable

You should put the bulk of your script above within <readmore> </readmore> tags.

I take it you added the secure() method yourself. The problem is that it is never getting to the "if ($pass eq $pwc)". To fix that you need to change the order:
sub secure { if ($pass eq $pwc) { return &main_page; } &header; print qq~<table class="heading"> etc.
That will get you to the next page but no further, so forget that! What you need is some way to remember that you are now logged in. One way is to use cookies something like below. Please note: this is NOT a secure solution, but it will get your script working. I put this here purely to get you over your hump. You will need to look into creating and checking a secure cookie value and as Anonymonk notes you should be using https.
#use CGI (param); # CHANGE THIS TO... use CGI; my $q = CGI->new; my $cookie; # ADD THIS # CHANGE ALL param() TO $q->param() # ... my $pass = $q->param('pass'); # ... # Start security login. #&secure; # CHANGE THIS TO... if (not &check_secure) { &secure; } # must pass before going to main page # Subroutine selection. if ($add) { &add_link; } #.... # THIS IS FOR EXAMPLE ONLY - NOT SECURE sub check_secure { if ( $q->cookie('auth') eq 'some_secure_value') { return 1; } elsif ($pass eq $pwc) { $cookie = $q->cookie( -name=>'auth', -value=>"some_secure_value" ); return 1; } else { return 0; } } # NEED TO CHANGE header() FUNCTION TO SET COOKIE # Begin html header. sub header { if ($cookie) { print $q->header( -type => 'text/html', -expires => '+1d', -cookie => [$cookie] ); } else { print $q->header( -type => 'text/html', ); } #print "Content-type: text/html\n\n"; # NO NEED FOR THIS NOW print qq~<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Transitional/ +/EN"> ... etc~; }
I have put the full working script here to get you on your way...
#!/usr/bin/perl -w # The sslinks directory permissions are may need to be set to 755 on s +ome servers. # The sslinks.cgi file should be set to 755 on 'NIX servers. The sslin +ksdb.txt should be # set to 766 and the sslinks.css file should be set to 744. # NOTE! You may have to change the first line in the script from #!usr +/bin/perl -w # to the appropriate location of perl on your particular server. use strict; # Sslinks title: Secure Links # Server installed modules used. use CGI::Carp qw(fatalsToBrowser); use CGI; my $q = CGI->new; my $cookie; #use CGI (param); # change param() to $q->param() # Declare script variables. my $pwc = 'admin'; my $pass = $q->param('pass'); my @List1 = $q->param('links'); my $link_name = $q->param('link_name'); my $link_url = $q->param('link_url'); my $link_description = $q->param('link_description'); my $do_add = $q->param('do_add'); my $do_delete = $q->param('do_delete'); my $add = $q->param('add'); my $edit = $q->param('edit'); my $delete = $q->param('delete'); my @List2 = (); my $db = 'sslinksdb.txt'; my $entries = `cat $db`; my @Links = split('\n\n', $entries); my $script = $ENV{'SCRIPT_NAME'}; my ($Onload); my $version = 'Version 1.2'; my $progname = 'Secure Links'; my $prognameacro = 'LINKS'; my $pw1 = '1'; my $pw2 = '2'; my $pw3 = '3'; my $pw4 = '4'; my $pw5 = '5'; # Get the date. my $Date = `/bin/date +"%D"`; chomp($Date); my ($date) = split(' ',$Date); my ($month, $day, $year) = split('/', $date); $year = 20 . $year; # Start security login. #&secure; if (not &check_secure) { &secure; } # must pass before going to main page # Subroutine selection. if ($add) { &add_link; } elsif ($delete) { &delete_links; } elsif ($do_add) { &link_added; } elsif ($do_delete) { &links_deleted; } else { &main_page; } # THIS IS FOR EXAMPLE ONLY - NOT SECURE sub check_secure { if ( $q->cookie('auth') ) { return 1; } elsif ($pass eq $pwc) { $cookie = $q->cookie(-name=>'auth', -value=>"xyx"); return 1; } else { return; } } # Begin html header. sub header { if ($cookie) { print $q->header( -type => 'text/html', -expires => '+1d', -cookie => [$cookie] ); } else { print $q->header( -type => 'text/html', ); } #print "Content-type: text/html\n\n"; # NO NEED FOR THIS print qq~<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Transitional/ +/EN"> <html> <head><title>$prognameacro</title> <meta http-equiv="Content-Type" content="charset=iso-8859-1"> <meta http-equiv="Content-Style-Type" content="text/css"> <link rel="stylesheet" href="sslinks.css" type="text/css"> </head> <body> <div align="center">\n~; } # Begin main page. sub main_page { &header; print qq~<table class="heading"> <tr><th>$progname</th></tr></table> <span class="message">$version</span> <br /><br />\n~; &link_count; print qq~<br /><br /> <form method="post"> <input class="button" type="submit" name="add" value="Add A Link"> <input class="button" type="submit" name="delete" value="Delete Links" +> </form> <span class="message">(You may need to <a href="javascript:history.go( +0)">refresh</a> page to see links list changes!)</span> <br /><br /> <table width="90%" cellpadding="0" cellspacing="0"> <tr><td> <ul>\n~; foreach (sort sortem @Links) { my ($name, $url, $description, $added) = split('\n'); unless ($description eq 'no description') { $description = qq~<span class="description"> \~ [ $description ]</s +pan>~; } else { $description = ''; } print qq~<li> <a href="$url" target="_blank" title="Date Added: $ad +ded">$name</a>$description</li>\n~; } print qq~</td></tr></table>\n~; &footer; } # Begin add link page. sub add_link { &header; print qq~<table class="heading"> <tr><th>Add A New Link </th></tr></table> <br /><br /><br /> <form method="post" name="a"> <table> <tr><td align="right">Link Name:</td> <td> <input class="textbox" name="link_name"></td><td><span class="not +ation">This Is Mandatory</span></td></tr> <tr><td align="right">Link URL:</td> <td> <input class="textbox" name="link_url" value="http://"></td><td>< +span class="notation">This Is Mandatory</span></td></tr> <tr><td align="right">Link Description:</td> <td> <input class="textbox" name="link_description" maxlength="60"></t +d><td><span class="notation">This Is Optional<br />60 charaters max</ +span></td></tr> <tr><td colspan="3" align="center" valign="bottom" height="40"> <input class="button" type="submit" name="do_add" value="Add Link"> <input class="button" type="button" value="Cancel" onClick="history.ba +ck()"> </td></tr></table> </form>\n~; &footer; } # Begin link was added page. sub link_added { &error_report; my ($description); if ($link_description) { $description = "$link_description"; } else { $description = 'no description'; } open DB,">>$db" or die "Can't open file!"; print DB "$link_name\n$link_url\n$description\n$Date\n\n"; close DB; &header; print qq~<table class="heading"> <tr><th>Your Link Was Added </th></tr></table> <br /><br /> <table> <tr><td>\n~; unless (!$link_description) { $description = qq~<span class="description"> \~ [ $description ]</s +pan>~; } else { $description = ''; } print qq~<a href="$link_url" target="_blank" title="Date Added: $Da +te">$link_name</a>$description<br /> </td></tr></table> <br /><br /><br /> <form> <input class="button2" type="button" value="Back To Links Page" onClic +k="history.go(-2)"> </form>\n~; &footer; } # Begin delete links page. sub delete_links { &error_report; &header; print qq~<table class="heading"> <tr><th>Delete One Or More Links </th></tr></table> <br /><br />\n~; &link_count; print qq~<br /><br /> <span class="message">Check As Many Links As You Wish To Delete</span> <br /><br /><br /> <form method="post"> <table width="90%" cellpadding="0" cellspacing="0"> <tr><td>\n~; foreach (sort sortem @Links) { my ($name, $url, $description, $added) = split('\n'); unless ($description eq 'no description') { $description = qq~<span class="description"> \~ [ $description ]</s +pan>~; } else { $description = ''; } print qq~<input type="checkbox" name="links" value="$_"> <a href="$url" target="_blank" title="Date Added: $added">$name</a>$de +scription<br />\n~; } print qq~</td></tr></table> <br /><br /> <input class="button" type="submit" name="do_delete" value="Delete Lin +ks"> <input class="button" type="button" value="Cancel" onClick="history.ba +ck()"> </form>\n~; &footer; } # Begin links were deleted page. sub links_deleted { &error_report; if (@List1) { my (%cnt, $cnt); foreach (@Links,@List1) { $cnt{$_}++; } foreach (keys %cnt) { push @{ $cnt{$_} != 2 ? \@List2 : next }, $_; }} open DB,">$db" or die "Can't open file!"; foreach (sort sortem @List2) { print DB "$_\n\n"; } close DB; &header; print qq~<table class="heading"> <tr><th>Selected Links Were Deleted </th></tr></table> <br /><br /> <span class="message">Deleted Links Listed Below:</span> <br /> <table> <tr><td>\n~; foreach (@List1) { my ($name, $url, $description, $added) = split('\n'); unless ($description eq 'no description') { $description = qq~<span class="description"> \~ [ $description ]</s +pan>~; } else { $description = ''; } print qq~<a href="$url" target="_blank" title="Date Added: $added"> +$name</a>$description<br />\n~; } print qq~</td></tr></table> <br /><br /><br /> <form> <input class="button2" type="button" value="Back To Links Page" onClic +k="history.go(-2)"> </form>\n~; &footer; } # Begin the error message page. sub error_report { my ($no_name, $bad_url, $no_links, $no_selected_links, $link_exists +); if ($do_add) { foreach (@Links) { my ($name, $url, $description, $added) = split('\n'); if ($link_url =~ /$url/i) { $link_exists = "<br />$name<br />$url"; }} $no_name = 1 if ($do_add && !$link_name); $bad_url = 1 if ($link_url !~ /^(ftp|http\:\/\/(.)*\.\w+|news\:(.)* +\.\w+)/i); } $no_links = 1 if ($delete && !@Links); $no_selected_links = 1 if ($do_delete && !@List1); if($no_name || $bad_url || $no_links || $no_selected_links || $link_ex +ists) { &header; print qq~<table class="heading"> <tr><th>ERROR! </th></tr></table> <br /><br /><br /> <table cellpadding="0" cellspacing="0"> <tr><td> <ul>\n~; unless ($link_exists) { if ($no_name) { print qq~<li>You did not enter a link name!</li><br /> +\n~; }} if ($bad_url) { print qq~<li>The url you entered is either missing or +invalid!</li><br />\n~; } if ($link_exists) { print qq~<li>The link url associated with the name + below already exists:$link_exists</li><br />\n~; } if ($no_links) { print qq~<li>There are no links to delete!</li><br /> +\n~; } if ($no_selected_links) { print qq~<li>You did not select any links to + delete!</li><br />\n~; } print qq~</ul> </td></tr></table> <br /><br /> <form> <input class="button" type="button" value="Go Back" onClick="history.b +ack()"> </form>\n~; &footer; } } # Begin link count. sub link_count { my ($total, $s); $total = 0; foreach (@Links) { $total++; } if ($total == 1) { $s = ''; } else { $s = 's'; } print qq~There Are <span class="message">$total</span> Link$s\n~; } # Begin case insensitive sort. sub sortem { our ($a,$b); lc($a) cmp lc($b); } # Begin security. sub secure { &header; print qq~<table class="heading"> <tr><th>Security </th></tr></table> <br /><br /><br /> <form method="post" name="s"> <table> <tr><td align="right">Password:</td> <td> <input class="textbox" name="pass" value=$pass></td><td><span cla +ss="notation">Please Enter Your Password</span></td></tr> <tr><td colspan="2" align="center" valign="bottom" height="40"> <input class="button" type="submit" name="checkpw" value="Verify"> </td></tr></table> </form>\n~; &footer; # Secure inner subroutine # if ($pass eq $pwc) { &main_page; } # else { &sub_secure; } } # Begin html footer. sub footer { print qq~<br /><br /> Secure Links pass=$pass pwc=$pwc</div> <br /><br /> </body> </html>\n~; exit; }

Replies are listed 'Best First'.
Re^2: Testing password variable
by Anonymous Monk on Mar 09, 2012 at 12:31 UTC

    Way to polish that turd :)

      Yes, but I just happened to have my Marigold's on at the time, and 10 days is way too long for OP to have to look at one.
Re^2: Testing password variable
by Anonymous Monk on Mar 09, 2012 at 14:39 UTC

    Thank you for the advice, help and rectal probe.

      Not so fast AnonyMonk, I haven't done the probe yet, do you mind bending over.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://958616]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others goofing around in the Monastery: (5)
As of 2024-03-29 00:17 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found