Solved

different logins lead to different pages - one more problem...

Posted on 2001-08-06
8
181 Views
Last Modified: 2013-12-25
A while ago I have posted this question and had brilliant help from Bob. I have finished up the site and am testing it out.
Now I have discovered that whatever password I type in I get to the page. Seems that we have missed something here :-)
Ok, here is the "material":

This is the "sample login" (basically the same as on the site, just without all the other content around):
http://www.integritysales.com/login_example.html

This is the cgi-script:

#!/usr/local/bin/perl
use CGI ':standard';
if(!param())
{
print header, start_html,
start_form,
textfield(-name=>'username'),br(),
textfield(-name=>'password'), submit(-name=>'sb', -value=>'logon'),
end_form;
}
elsif(param('username') and param('password'))
{
$unpw=param('username') . '|' . param('password');
open PWFILE, "nav.dat";
while(<PWFILE>){
if($unpw=~/$_/)
{
chomp($page=${[split(/\|/,$_)]}[2]);
print "Location: $page\n\n";
close PWFILE;
exit;
}
}
print header, start_html;
print "sorry, we couldn't find that username and password";
close PWFILE;
exit;
}
else
{
print header, start_html,h1('sorry, you need to enter a username and password');
}

And this is the nav.dat file:

cow|milk|http://www.integritysales.com
cat|mouse|http://www.cea.edu
horse|cowboy|http://www.dkmediadesign.com
bird|song|http://www.danazed.com
turtle|island|http://www.tuschmanphoto.com

I am wondering what we are missing here?

Thanks a lot for your help!

Doris
0
Comment
Question by:dkyburz
  • 4
  • 3
8 Comments
 
LVL 2

Expert Comment

by:Schells_Web_Design
ID: 6358073
I got this message trying to access your sample page in your question:

The requested URL /integritysales.css was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
0
 

Author Comment

by:dkyburz
ID: 6358284
Hi Shells Web Design,

Thank you for pointing this out. I have added the style sheet (again). [sometimes I'm just cleaning up a bit too much ;-, and I was not aware of this one because it showed fine here]

Your note about the 404 error is a bit a miracle to me because I haven't had that problem before with this.

I hope you can have a least a look at it now :-)

Thanks,

Doris
0
 
LVL 2

Accepted Solution

by:
coreyit earned 200 total points
ID: 6358871
in the line,

$unpw=param('username') . '|' . param('password');

the single pipe, "|", acts as "or" when looking for the match. You'll notice that you can also enter any false username and a valid password and be directed based ont the password's value. And for more fun, try combos that add garbage to the values and reverse them (put pass in user and user in pass).

Now, I'm not very experienced with Perl, so I'm sure there are better ways than what I came up with. The essence of what I did was to try to more clearly define the start and finish of the username and password values in the strings in both the script and .dat file. I did so by using ":::" as the delimiter and checking to be sure that the match happens at the start of the string (so you can't do user: mycow and pass: milk). Once I did that, the only other thing to change was to have the split grab everything after the first pipe, because there's only one in the string now. I don't know if I'm making sense... it's late!

here's the code:

----------
cgi
----------
#!/usr/local/bin/perl
use CGI ':standard';
if(!param())
{
print header, start_html,
start_form,
textfield(-name=>'username'),br(),
textfield(-name=>'password'), submit(-name=>'sb', -value=>'logon'),
end_form;
}
elsif(param('username') and param('password'))
{
$unpw=param('username') . ':::' . param('password') . ':::';
open PWFILE, "nav.dat";
while(<PWFILE>){
if($unpw=~/^$_/)
{
chomp($page=${[split(/\|/,$_)]}[1]);
print "Location: $page\n\n";
close PWFILE;
exit;
}
}
print header, start_html;
print "sorry, we couldn't find that username and password";
close PWFILE;
exit;
}
else
{
print header, start_html,h1('sorry, you need to enter a username and password');
}
----------

----------
nav.dat
----------
cow:::milk:::|http://www.integritysales.com
cat:::mouse:::|http://www.cea.edu
horse:::cowboy:::|http://www.dkmediadesign.com
bird:::song:::|http://www.danazed.com
turtle:::|island:::|http://www.tuschmanphoto.com
----------

cheers and goodnight!

-corey
0
 
LVL 2

Expert Comment

by:coreyit
ID: 6358875
doh!

forgot to get rid of the pipe in the last one!

turtle:::|island:::|http://www.tuschmanphoto.com

should be

turtle:::island:::|http://www.tuschmanphoto.com


zzzzzzzzzzzzzzzzzzzzzzzz!
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:dkyburz
ID: 6361913
Hello coreyit :-)

You must have had a splendid sleep... since you just helped me to fix this little big problem :-)

It did not work at the beginning, but then I did put the long "sentence" close to the top of the script on one line (somehow I remembered that this was once a point where I got stuck), and voila and tataaaa, it worked. Let me do some "endurance tests" tomorrow and then I will accept your answer as THE ONE.

Thanks a lot for your great help!

Doris


0
 
LVL 2

Expert Comment

by:coreyit
ID: 6362486
Glad it worked out. Good luck with everything, and thanks... I might make use of that Perl at some point too :)

-corey
0
 

Author Comment

by:dkyburz
ID: 6362711
Hi Corey! It passed the "endurance test" ;-)
Thanks again for your help! I'm a big step closer to wrapping up a very tiresome project...

Doris
0
 
LVL 2

Expert Comment

by:coreyit
ID: 6362823
Hi Doris,

I'm glad I could contribute. Good luck with your project, I definitely know the feeling.

-corey
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Making a simple AJAX shopping cart Couple years ago I made my first shopping cart, I used iframe and JavaScript, it was very good at that time, there were no sessions or AJAX, I used cookies on clients machine. Today we have more advanced techno…
This article is meant to give a basic understanding of how to use R Sweave as a way to merge LaTeX and R code seamlessly into one presentable document.
The viewer will learn how to dynamically set the form action using jQuery.
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now