Solved

user/pass authentication

Posted on 2002-03-29
2
187 Views
Last Modified: 2010-03-05
I'm using Win32:ODBC in conjunction with CGI for ActivePerl in Win2k server.  I need to search an MS database for a username.  If the username is not found, I'm going to display a "username not found" page.  Once the username is found, I need to check the corresponding password, which is in the same row.  (for now I'm not going to worry about encryption of passwords).

Once the username/password pair is verified, I need to set a cookie that will expire when the browser is closed.

I already know how to connect to a database and 'fetchrows' in a table.  I also know how to do CGI.  I tried to code this myself and I can't get it to work efficiently.  With my test script, it keeps 'finding' any username that I search for even though it doesn't exist in the table.  I don't want to include any code here because I think I'm way off.

Could someone provide me with a routine to do what I'm trying to do as far as verifying username/password from a database and then setting a cookie if verified?

Thanks!
0
Comment
Question by:GorGor1
2 Comments
 
LVL 5

Accepted Solution

by:
Sapa earned 100 total points
ID: 6905127
Do you need something like it?

----------------------------------------------
#!/usr/bin/perl -w
use strict;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
use Win32::ODBC;

my $query = new CGI;
my $user = $query->param('user') || '';
my $password = $query->param('password') || '';

# cut all non-alphanumeric symbols from username
$user =~ s/\W//g;

my $db = new Win32::ODBC("DSN=WEBDB;UID=WWW;PWD=sEcReT") or
  die "Error connecting to database: " . Win32::ODBC::Error();

my $sql = "SELECT password FROM authtbl WHERE user='$user'";
if ($db->Sql($sql)) {
    die "Statement error: " . $db->Error;
}

unless ($db->FetchRow) {
    print "<H1>Not registered</H1>\n";
    print "<A HREF=register.cgi>register now</A>\n";
    $db->Close;
    exit;
}

my ($right_password) = $db->Data('password');

if ($password ne $right_password) {
    print "<H1>Authentication failed</H1>";
} else {
    print "<H1>Welcome to our secure site!</H1>";
}

$db->Close;
0
 
LVL 1

Author Comment

by:GorGor1
ID: 6905239
works like a charm....thanks!!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Email validation in proper way is  very important validation required in any web pages. This code is self explainable except that Regular Expression which I used for pattern matching. I originally published as a thread on my website : http://www…
In the distant past (last year) I hacked together a little toy that would allow a couple of Manager types to query, preview, and extract data from a number of MongoDB instances, to their tool of choice: Excel (http://dilbert.com/strips/comic/2007-08…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now