Solved

user/pass authentication

Posted on 2002-03-29
2
177 Views
Last Modified: 2010-03-05
I'm using Win32:ODBC in conjunction with CGI for ActivePerl in Win2k server.  I need to search an MS database for a username.  If the username is not found, I'm going to display a "username not found" page.  Once the username is found, I need to check the corresponding password, which is in the same row.  (for now I'm not going to worry about encryption of passwords).

Once the username/password pair is verified, I need to set a cookie that will expire when the browser is closed.

I already know how to connect to a database and 'fetchrows' in a table.  I also know how to do CGI.  I tried to code this myself and I can't get it to work efficiently.  With my test script, it keeps 'finding' any username that I search for even though it doesn't exist in the table.  I don't want to include any code here because I think I'm way off.

Could someone provide me with a routine to do what I'm trying to do as far as verifying username/password from a database and then setting a cookie if verified?

Thanks!
0
Comment
Question by:GorGor1
2 Comments
 
LVL 5

Accepted Solution

by:
Sapa earned 100 total points
ID: 6905127
Do you need something like it?

----------------------------------------------
#!/usr/bin/perl -w
use strict;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
use Win32::ODBC;

my $query = new CGI;
my $user = $query->param('user') || '';
my $password = $query->param('password') || '';

# cut all non-alphanumeric symbols from username
$user =~ s/\W//g;

my $db = new Win32::ODBC("DSN=WEBDB;UID=WWW;PWD=sEcReT") or
  die "Error connecting to database: " . Win32::ODBC::Error();

my $sql = "SELECT password FROM authtbl WHERE user='$user'";
if ($db->Sql($sql)) {
    die "Statement error: " . $db->Error;
}

unless ($db->FetchRow) {
    print "<H1>Not registered</H1>\n";
    print "<A HREF=register.cgi>register now</A>\n";
    $db->Close;
    exit;
}

my ($right_password) = $db->Data('password');

if ($password ne $right_password) {
    print "<H1>Authentication failed</H1>";
} else {
    print "<H1>Welcome to our secure site!</H1>";
}

$db->Close;
0
 
LVL 1

Author Comment

by:GorGor1
ID: 6905239
works like a charm....thanks!!
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

A year or so back I was asked to have a play with MongoDB; within half an hour I had downloaded (http://www.mongodb.org/downloads),  installed and started the daemon, and had a console window open. After an hour or two of playing at the command …
In the distant past (last year) I hacked together a little toy that would allow a couple of Manager types to query, preview, and extract data from a number of MongoDB instances, to their tool of choice: Excel (http://dilbert.com/strips/comic/2007-08…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now