Solved

Problem setting cookies w/ PERL

Posted on 2004-04-29
15
391 Views
Last Modified: 2013-12-25
Using a UNIX web hosting service that claims to have CGI.pm installed, I cannot set a cookie using:

$cookie = $q->cookie(-name=>"login_tracker",
                         -value=>$rowdata[0],
                         -domain=>".domainname.com",
                         -expires=>"+1y",
                         -path=>"/subdirectory");

print "Set-Cookie: $cookie\n";

The error I get fed back says that it cannot "call method 'cookie' on line [1 in my example above]

What is going on?

I have use CGI; defined at the beginning of the script. The code above is set within an If clause.

Rusty
0
Comment
Question by:Rusty20009
  • 7
  • 6
  • 2
15 Comments
 
LVL 48

Expert Comment

by:Tintin
ID: 10955753
Change

print "Set-Cookie: $cookie\n";


to

print $q->header(-cookie=>$cookie);
0
 

Author Comment

by:Rusty20009
ID: 10958646
I had already tried that, but that again is not the line of code that is causing the error. The first occurance of the word "cookie" is causing the browser to shoot back an error message saying that it is an undefined value....

It is not my variable $cookie, which I now have set as $mycookie but rather the command word cookie directly preceding the cookie's name...

0
 
LVL 3

Expert Comment

by:cjmos
ID: 10958851
can we see the rest of the code?

Is any other cgi code working?
0
 

Author Comment

by:Rusty20009
ID: 10959189
Yes, but of course. Here is the full code. Everything works as it should when the cookie code is not included.



#!/usr/local/bin/perl -w
use CGI qw(:cgi-lib :standard);
use CGI::Carp qw(fatalsToBrowser);
use DBI;

my ($userid, $password, $regdate, $dbh, $dbuser, $dbname, $dbhost, $dbport, $dbpass, $sql, $sth, $rv);
my ($sec, $min, $hour, $wday, $month, $year, $mday, $yr, @rowdata, $mycookie, $q);

$dbuser = "XXXXX";
$dbname = $XXXXXr;
$dbhost = "localhost";
$dbport = 3306;
$dbpass = "XXXXX";
$useridcheck = param('userid');
$passwordcheck = param('password');
($sec,$min,$hour,$wday,$month,$year,$mday)=localtime(time());

$month="0".$month if ($month)<10;
#make month in 2 digits if it is less than 2

$wday="0".$wday if ($wday)<10;
#make date in 2 digits if it is less than 2

$yr = $year + 1900;
#make year in 4 digits
 
$regdate=$yr."-".$month."-".$wday;
#concatenate the date in yyyy-mm-dd format.


if ($useridcheck !~ /^[\w .!?-@]/)
{
$w1 = '<font class="warning">Please Limit your imput to letters, numbers and the the following special keys: _ ! . ? - and \&amp\; </font>';
}
elsif ($useridcheck eq "")
{
$w1 = '<font class="warning">Please enter in your e-mail address</font>';
}
elsif ($useridcheck !~ /.*.@.*.\..*./)
{
$w1 = '<font class="warning">Please enter in a proper e-mail address</font>';
}

if ($passwordcheck !~ /^[\w .!?-@]/)
{
$w2 = '<font class="warning">Please Limit your imput to letters, numbers and the the following special keys: _ ! . ? and - </font>';
}
elsif ($passwordcheck eq "")
{
$w2 = '<font class="warning">Please enter in a password</font>';
}


if (($useridcheck =~ /.*.@.*.\..*./) && ($passwordcheck ne /^[\w .!?-]/) && ($passwordcheck ne /^[\w .!?-]/))
{
## Connect to MySQL database
$dbh = DBI->connect("DBI:mysql:$dbname:$dbhost:$dbport", $dbuser, $dbpass)
      || die "Unable to connect to MySQL database!\n";
$sql = "select first, last, userid, password from registration where userid = '$useridcheck'";
$sth = $dbh->prepare($sql);
$rv = $sth->execute;
@rowdata = $sth->fetchrow_array;
$sth->finish;

if (($useridcheck =~ $rowdata[2]) && ($passwordcheck =~ $rowdata[3]))
{
$mycookie = $q-> cookie(-name=>"login_tracker",-value=>$rowdata[0],-domain=>".mydomainname.com",-expires=>"+1y",-path=>"/subdirectory");
print $q->header(-cookie=>$mycookie);

print "Content-type: text/html\n\n";
open (CGI, "../subdirectory/welcome.php") || die ("File not created");
close CGI;

print <<"CGI code";
      
      <html>
      <head>
      <title>Loading Results</title>
      <META HTTP-EQUIV="refresh" CONTENT="0; URL=XXXXX">
      </head>
      <body>
      </body>
      </html>
      
CGI code
}

else
{
print "Content-type: text/html\n\n";
open (CGI, ">../loginunsuccessful.htm") || die ("File not created");
print CGI << "HTML file";
      <html>
      <head>
      <title>Login Submission Unsuccessful</title>
      <link rel='stylesheet' rev='stylesheet' href='stylesheet.css' type='text/css'>
      </head>
            
      <body bgcolor=#E9E7DA>
      <center><br><br><br><br>
      <table width=650 border=0><tr><td>
      <font>The userid and password you entered does not match with our records, please try again!<br><br>
      <a href='login.htm' target='display'><i>login prompt</i></a>
      </font>
      </td></tr></table><br><br>
      </center>
      </body>
      </html>

HTML file
close CGI;
      
print <<"CGI code";
      
      <html>
      <head>
      <title>Loading Results</title>
      <META HTTP-EQUIV="refresh" CONTENT="0; URL=XXXXXXXXXX">
      </head>
      <body>
      </body>
      </html>
      
CGI code
}
}

else
{
print "Content-type: text/html\n\n";
open (CGI, "../login.htm") || die ("File not found");
close CGI;
      
print <<"CGI code";
      
      <html>
      <head>
      <title>Loading Results</title>
      <META HTTP-EQUIV="refresh" CONTENT="0; URL=XXXXXXXXXXXX">
      </head>
      <body>
      </body>
      </html>
      
CGI code
}
0
 
LVL 3

Expert Comment

by:cjmos
ID: 10959320
You're not setting $q  

e.g:

my ($userid, $password, $regdate, $dbh, $dbuser, $dbname, $dbhost, $dbport, $dbpass, $sql, $sth, $rv);
my ($sec, $min, $hour, $wday, $month, $year, $mday, $yr, @rowdata, $mycookie);

my $q = new CGI;
0
 
LVL 3

Accepted Solution

by:
cjmos earned 200 total points
ID: 10959396
Notice that $q has also been taken out of

my ($sec, $min, $hour, $wday, $month, $year, $mday, $yr, @rowdata, $mycookie);
0
 

Author Comment

by:Rusty20009
ID: 10959446
Believe it or not, I had actually included that line of code in various attempts to debug the script. When I included that line, it spits back the following error:

Can't locate object method "new" via package "IO::Handle"

It was because of this error message and the "cookie" error message that before I came here to answer my question, I sent the web hosting service an inquiry as to whether they have CGI.pm installed (most sites claim that that module is necessary for such cookie code) -- and of course they claim that it is included in the service.

Any ideas?

Rusty

0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:Rusty20009
ID: 10959694
If I add:

use IO::Handle;

In the list of modules to employ, it understands the command 'new' but then states that -

Can't locate object method "cookie" via package "GLOB"

,......
0
 

Author Comment

by:Rusty20009
ID: 10960468
Clarification --

A second opinion from my web hosting service --- their Unix boxes do not have CGI.pm installed, only windows...

I have assigned the points to CJMOS since I am sure that his response would have lead to the correct solution.

CJ -- If you are willing to help me, please let me know what I can do about setting cookies in the absense of the CGI.pm module....

Rusty
0
 
LVL 3

Expert Comment

by:cjmos
ID: 10961589
Rusty, sorry i've been away for a while.

I don't know of any way of setting cookies without CGI off hand but i'm certain there's a way. I'll look into it for you.

0
 
LVL 3

Expert Comment

by:cjmos
ID: 10961671
Incidently,

It's very odd for a Unix box not to have CGI installed...
0
 
LVL 3

Expert Comment

by:cjmos
ID: 10963173
Rusty,


take a look at:
http://wp.netscape.com/newsref/std/cookie_spec.html

I'm guessing you'd need something alon the lines of

print "Set-Cookie: NAME='login_tracker'\; expires='+1y'\;path='/subdirectory'\;";

cj
0
 

Author Comment

by:Rusty20009
ID: 10963561
CJ - Thanks for the follow up. Very kind. It looks like it is going to work... I am not getting the same error messages.

Rusty
0
 
LVL 48

Expert Comment

by:Tintin
ID: 10973683
Rusty20009.

If your service provider has deleted the standard CGI.pm module that comes as part of the Perl distribution, then they have a *very* strange idea of supporting their clients.  I have no idea why they would want to go out of their way to break a standard Perl function.

Some general points on other matters.  The date code:

$sec,$min,$hour,$wday,$month,$year,$mday)=localtime(time());

$month="0".$month if ($month)<10;
#make month in 2 digits if it is less than 2

$wday="0".$wday if ($wday)<10;
#make date in 2 digits if it is less than 2

$yr = $year + 1900;
#make year in 4 digits
 
$regdate=$yr."-".$month."-".$wday;
#concatenate the date in yyyy-mm-dd format.


can be shortened to

($day,$month,$year) = (localtime)[3..5];
$regdate=sprintf("%d-%02d-%02d",$year,$month,$day);

or

use POSIX;

$regdate=("%Y-%m-%d",localtime);

You realise of course your email address check is extremely limited.

0
 

Author Comment

by:Rusty20009
ID: 10978245
Thank you for the extra pointers Tintin. Not having any academic background in the computer sciences, everything that I have done has been a learn as I go sort of thing. I do realize that my email check is limited --> again it is what I have been able to come up with on my own.

As for web hosting company --> it has been very frustrating. They have not been very supportive with feedback, nor well organized. So I finally gave up trying to get PERL cookies to work, and am now using PHP to set the cookies.

Rusty
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

It is becoming increasingly popular to have a front-page slider on a web site. Nearly every TV website,  magazine or online news has one on their site, and even some e-commerce sites have one. Today you can use sliders with Joomla, WordPress or …
Batch, VBS, and scripts in general are incredibly useful for repetitive tasks.  Some tasks can take a while to complete and it can be annoying to check back only to discover that your script finished 5 minutes ago.  Some scripts may complete nearly …
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now