different logins lead to different pages - one more problem...

A while ago I have posted this question and had brilliant help from Bob. I have finished up the site and am testing it out.
Now I have discovered that whatever password I type in I get to the page. Seems that we have missed something here :-)
Ok, here is the "material":

This is the "sample login" (basically the same as on the site, just without all the other content around):
http://www.integritysales.com/login_example.html

This is the cgi-script:

#!/usr/local/bin/perl
use CGI ':standard';
if(!param())
{
print header, start_html,
start_form,
textfield(-name=>'username'),br(),
textfield(-name=>'password'), submit(-name=>'sb', -value=>'logon'),
end_form;
}
elsif(param('username') and param('password'))
{
$unpw=param('username') . '|' . param('password');
open PWFILE, "nav.dat";
while(<PWFILE>){
if($unpw=~/$_/)
{
chomp($page=${[split(/\|/,$_)]}[2]);
print "Location: $page\n\n";
close PWFILE;
exit;
}
}
print header, start_html;
print "sorry, we couldn't find that username and password";
close PWFILE;
exit;
}
else
{
print header, start_html,h1('sorry, you need to enter a username and password');
}

And this is the nav.dat file:

cow|milk|http://www.integritysales.com
cat|mouse|http://www.cea.edu
horse|cowboy|http://www.dkmediadesign.com
bird|song|http://www.danazed.com
turtle|island|http://www.tuschmanphoto.com

I am wondering what we are missing here?

Thanks a lot for your help!

Doris
dkyburzAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
coreyitConnect With a Mentor Commented:
in the line,

$unpw=param('username') . '|' . param('password');

the single pipe, "|", acts as "or" when looking for the match. You'll notice that you can also enter any false username and a valid password and be directed based ont the password's value. And for more fun, try combos that add garbage to the values and reverse them (put pass in user and user in pass).

Now, I'm not very experienced with Perl, so I'm sure there are better ways than what I came up with. The essence of what I did was to try to more clearly define the start and finish of the username and password values in the strings in both the script and .dat file. I did so by using ":::" as the delimiter and checking to be sure that the match happens at the start of the string (so you can't do user: mycow and pass: milk). Once I did that, the only other thing to change was to have the split grab everything after the first pipe, because there's only one in the string now. I don't know if I'm making sense... it's late!

here's the code:

----------
cgi
----------
#!/usr/local/bin/perl
use CGI ':standard';
if(!param())
{
print header, start_html,
start_form,
textfield(-name=>'username'),br(),
textfield(-name=>'password'), submit(-name=>'sb', -value=>'logon'),
end_form;
}
elsif(param('username') and param('password'))
{
$unpw=param('username') . ':::' . param('password') . ':::';
open PWFILE, "nav.dat";
while(<PWFILE>){
if($unpw=~/^$_/)
{
chomp($page=${[split(/\|/,$_)]}[1]);
print "Location: $page\n\n";
close PWFILE;
exit;
}
}
print header, start_html;
print "sorry, we couldn't find that username and password";
close PWFILE;
exit;
}
else
{
print header, start_html,h1('sorry, you need to enter a username and password');
}
----------

----------
nav.dat
----------
cow:::milk:::|http://www.integritysales.com
cat:::mouse:::|http://www.cea.edu
horse:::cowboy:::|http://www.dkmediadesign.com
bird:::song:::|http://www.danazed.com
turtle:::|island:::|http://www.tuschmanphoto.com
----------

cheers and goodnight!

-corey
0
 
Schells_Web_DesignCommented:
I got this message trying to access your sample page in your question:

The requested URL /integritysales.css was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
0
 
dkyburzAuthor Commented:
Hi Shells Web Design,

Thank you for pointing this out. I have added the style sheet (again). [sometimes I'm just cleaning up a bit too much ;-, and I was not aware of this one because it showed fine here]

Your note about the 404 error is a bit a miracle to me because I haven't had that problem before with this.

I hope you can have a least a look at it now :-)

Thanks,

Doris
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
coreyitCommented:
doh!

forgot to get rid of the pipe in the last one!

turtle:::|island:::|http://www.tuschmanphoto.com

should be

turtle:::island:::|http://www.tuschmanphoto.com


zzzzzzzzzzzzzzzzzzzzzzzz!
0
 
dkyburzAuthor Commented:
Hello coreyit :-)

You must have had a splendid sleep... since you just helped me to fix this little big problem :-)

It did not work at the beginning, but then I did put the long "sentence" close to the top of the script on one line (somehow I remembered that this was once a point where I got stuck), and voila and tataaaa, it worked. Let me do some "endurance tests" tomorrow and then I will accept your answer as THE ONE.

Thanks a lot for your great help!

Doris


0
 
coreyitCommented:
Glad it worked out. Good luck with everything, and thanks... I might make use of that Perl at some point too :)

-corey
0
 
dkyburzAuthor Commented:
Hi Corey! It passed the "endurance test" ;-)
Thanks again for your help! I'm a big step closer to wrapping up a very tiresome project...

Doris
0
 
coreyitCommented:
Hi Doris,

I'm glad I could contribute. Good luck with your project, I definitely know the feeling.

-corey
0
All Courses

From novice to tech pro — start learning today.