Solved

user/pass authentication

Posted on 2002-03-29
2
222 Views
Last Modified: 2010-03-05
I'm using Win32:ODBC in conjunction with CGI for ActivePerl in Win2k server.  I need to search an MS database for a username.  If the username is not found, I'm going to display a "username not found" page.  Once the username is found, I need to check the corresponding password, which is in the same row.  (for now I'm not going to worry about encryption of passwords).

Once the username/password pair is verified, I need to set a cookie that will expire when the browser is closed.

I already know how to connect to a database and 'fetchrows' in a table.  I also know how to do CGI.  I tried to code this myself and I can't get it to work efficiently.  With my test script, it keeps 'finding' any username that I search for even though it doesn't exist in the table.  I don't want to include any code here because I think I'm way off.

Could someone provide me with a routine to do what I'm trying to do as far as verifying username/password from a database and then setting a cookie if verified?

Thanks!
0
Comment
Question by:GorGor1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Accepted Solution

by:
Sapa earned 100 total points
ID: 6905127
Do you need something like it?

----------------------------------------------
#!/usr/bin/perl -w
use strict;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
use Win32::ODBC;

my $query = new CGI;
my $user = $query->param('user') || '';
my $password = $query->param('password') || '';

# cut all non-alphanumeric symbols from username
$user =~ s/\W//g;

my $db = new Win32::ODBC("DSN=WEBDB;UID=WWW;PWD=sEcReT") or
  die "Error connecting to database: " . Win32::ODBC::Error();

my $sql = "SELECT password FROM authtbl WHERE user='$user'";
if ($db->Sql($sql)) {
    die "Statement error: " . $db->Error;
}

unless ($db->FetchRow) {
    print "<H1>Not registered</H1>\n";
    print "<A HREF=register.cgi>register now</A>\n";
    $db->Close;
    exit;
}

my ($right_password) = $db->Data('password');

if ($password ne $right_password) {
    print "<H1>Authentication failed</H1>";
} else {
    print "<H1>Welcome to our secure site!</H1>";
}

$db->Close;
0
 
LVL 1

Author Comment

by:GorGor1
ID: 6905239
works like a charm....thanks!!
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've just discovered very important differences between Windows an Unix formats in Perl,at least 5.xx.. MOST IMPORTANT: Use Unix file format while saving Your script. otherwise it will have ^M s or smth likely weird in the EOL, Then DO NOT use m…
In the distant past (last year) I hacked together a little toy that would allow a couple of Manager types to query, preview, and extract data from a number of MongoDB instances, to their tool of choice: Excel (http://dilbert.com/strips/comic/2007-08…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Six Sigma Control Plans

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question