Solved

user/pass authentication

Posted on 2002-03-29
2
217 Views
Last Modified: 2010-03-05
I'm using Win32:ODBC in conjunction with CGI for ActivePerl in Win2k server.  I need to search an MS database for a username.  If the username is not found, I'm going to display a "username not found" page.  Once the username is found, I need to check the corresponding password, which is in the same row.  (for now I'm not going to worry about encryption of passwords).

Once the username/password pair is verified, I need to set a cookie that will expire when the browser is closed.

I already know how to connect to a database and 'fetchrows' in a table.  I also know how to do CGI.  I tried to code this myself and I can't get it to work efficiently.  With my test script, it keeps 'finding' any username that I search for even though it doesn't exist in the table.  I don't want to include any code here because I think I'm way off.

Could someone provide me with a routine to do what I'm trying to do as far as verifying username/password from a database and then setting a cookie if verified?

Thanks!
0
Comment
Question by:GorGor1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Accepted Solution

by:
Sapa earned 100 total points
ID: 6905127
Do you need something like it?

----------------------------------------------
#!/usr/bin/perl -w
use strict;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
use Win32::ODBC;

my $query = new CGI;
my $user = $query->param('user') || '';
my $password = $query->param('password') || '';

# cut all non-alphanumeric symbols from username
$user =~ s/\W//g;

my $db = new Win32::ODBC("DSN=WEBDB;UID=WWW;PWD=sEcReT") or
  die "Error connecting to database: " . Win32::ODBC::Error();

my $sql = "SELECT password FROM authtbl WHERE user='$user'";
if ($db->Sql($sql)) {
    die "Statement error: " . $db->Error;
}

unless ($db->FetchRow) {
    print "<H1>Not registered</H1>\n";
    print "<A HREF=register.cgi>register now</A>\n";
    $db->Close;
    exit;
}

my ($right_password) = $db->Data('password');

if ($password ne $right_password) {
    print "<H1>Authentication failed</H1>";
} else {
    print "<H1>Welcome to our secure site!</H1>";
}

$db->Close;
0
 
LVL 1

Author Comment

by:GorGor1
ID: 6905239
works like a charm....thanks!!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've just discovered very important differences between Windows an Unix formats in Perl,at least 5.xx.. MOST IMPORTANT: Use Unix file format while saving Your script. otherwise it will have ^M s or smth likely weird in the EOL, Then DO NOT use m…
Email validation in proper way is  very important validation required in any web pages. This code is self explainable except that Regular Expression which I used for pattern matching. I originally published as a thread on my website : http://www…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Six Sigma Control Plans

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question