Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

comment on
( [id://3333]=superdoc: print w/replies, xml ) Need Help??
A few things. Is it fair to say that your desired logic is "if the username and password match, go to the new page, otherwise generate an error"?

If so, you can simply write: 

  if($username eq $row[0] && $hashPassword eq $row[1]) {
     # Go to the new page
  }
  else {
    error();
  }

[download]
You seem to be mixing up eq and == in your hash tests. I would guess you want to treat the hashed password as a string, so you should use eq and ne.

If you find yourself legitimately writing a long if/elsif cascade, it's generally a good idea to put an 'else' clause on the end, to catch any unexpected situations. If you don't think it can ever happen, feel free to make the contents die "horribly" or something, but if you have 4 or 5 tests, it's a fair bet you may have missed one.

Lastly, your SQL query is going to guarantee that $username eq $row[1] is true, as long as some data is returned. Presumably you want to go to your error page if the number of rows returned is zero. You probably also want to have an error condition (perhaps a different one) if you get more than one row back from that query.

So (assuming your error routine doesn't return): 

my @rows = $sth->fetchrow_array;

if (scalar @rows == 0) {
  # Unknown user
  error();
}
if (scalar @rows > 1) {
  # DB in bad state - more than one record for user
  some_other_error();
}
if ($hashPassword ne $rows[1]) {
  # wrong password
  error();
}

# ...show the page...

[download]
Lastly, in case you actually have different error cases in your different branches above, I'd counsel you not to do that. If someone can get a different error depending on whether they pass in a bad username or a bad password, that allows them to guess usernames. That weakens your security.

In reply to Re: elsif loop by jbert
in thread elsif loop by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":


  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others perusing the Monastery: (7)
As of 2024-04-25 15:04 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found