[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 225
  • Last Modified:

how do i include a query string when running do("scriptname.cgi"); from a perl script

I have a site which requires a login.  (mydomain.com)
 
suppose I send someone the following url in an email.  

(mydomain.com/bla.cgi?filename=bla&token=blabla)

if the user clicks the link, without a login cookie, they are directed to the login screen.  (mydomain.com/index.cgi)

Upon a successfull login, I want to redirect the user to the page of the original url (ie: mydomain.com/bla.cgi?filename=bla&token=blabla)

I was thinking the easiest way would be something like this:

bla.cgi
------------------------------------------
my $logged_in = cookie('login');

####
#this code is wronge, but it illustrates what i am trying to do
####
do ("log_in.cgi?return_pos='bla.cgi\?filename=bla\&token=blabla'") unless ($logged_in);

#bla.cgi continues. . .
------------------------------------------


passcheck.cgi
------------------------------------------
#successfull login takes place, cookie set, etc. . .

$form = new CGI;
my $RETURN_POS = $form->param('return_pos');

do("$RETURN_POS);
------------------------------------------

the problem is I don't think you can put the query string in the do('scriptname.cgi'); unless I am just doing it wrong.  Anyone know how to make this work or have other suggestions?

thanks!



0
sidikiisajawa
Asked:
sidikiisajawa
  • 2
  • 2
1 Solution
 
rkosaiCommented:
How about sending Location headers to the client?

my $loc = 'mydomain.com/bla.cgi?filename=bla&token=blabla';
if (!$logged_in) {
  print "Location: mydomain.com/index.cgi\n\n";
} else {
  print "Location: $loc\n\n";
}
0
 
sidikiisajawaAuthor Commented:
Thanks for your comment rkosai, but the meta-refresh is not the answer i am looking for.  

I tried this anyway, and it did not work.   Does it work for you?
0
 
rkosaiCommented:
This is not meta-refresh.  Its a CGI header that causes a server redirect.  Make sure you're not sending any other CGI headers (such as content-type) before it.

You may also want to try giving a full URL for the location.  (including the "http://")
0
 
ddunleaCommented:
I'd be inclined to use param() to retrieve the GET parameters from the address bar, then embed them as hidden form elements in your login page, such that when post-processing the login page, you can redirect them using the same parameters that were originally passed in.
0
 
sidikiisajawaAuthor Commented:
rkosai,   you are right, thanks!

Here is what i ended up doing:

bla.cgi:
-----------------------------------------------------------
#!/usr/bin/perl

#some other code
#. . .
#end some other code

my $url = "bla.cgi";
$url .= "?"."$ENV{QUERY_STRING}";
$url .= '&logjump=1';
$url = CGI::escape($url); #escape special characters

##
#make sure they log in
##

my $loggedin = cookie('pialogin');

#withoug this, we would get stuck in a neverending loop waiting for the cookie to be set
my $LOGJUMP = $form->param('logjump');

unless ($LOGJUMP){
    unless ($loggedin > 1){
        print "Location: index.cgi?from_url=$url\n\n";
        exit;
    }
}
#functionality of bla.cgi follows
#. . .
#end bla.cgi
-----------------------------------------------------------

loginscreen.cgi:
-----------------------------------------------------------
#!/usr/bin/perl

#some other code follows:
#. . .
#end some other code

my $FROM_URL = $form->param('from_url');

print qq{<h3>Login</h3>
Sign in:<br />
<form method="post" action="authenticate.cgi">
<table>
<tr><td>Username: </td><td><input type="text" name="user"></td></tr>
<tr><td>Password: </td><td><input type="password" name="passwd"></td></tr>
</table>
<input type="hidden" name="from_url" value="$FROM_URL">
<input type="submit" class="buttonblue" value="Login">
</form>
};

-----------------------------------------------------------


authenticate.cgi:
-----------------------------------------------------------
#!/usr/bin/perl

#some other code follows:
#. . .
#end some other code

my $USER = $form->param("user"); #username entered
my $PASSWD = $form->param("passwd"); #password entered
my $result; #result code of authenticate()

my $FROM_URL = $form->param('from_url');

$result = authenticate("$USER","$PASSWD"); #returns '0' for a sucessfull login
unless ($result){
    print "Set-cookie: login=1\n\n";
    print "Set-cookie: user=$USER\n\n";
    print "Location: $FROM_URL"
}

#the rest of the code follows:
#if $result is not zero, login error, etc, etc. . .
#


-----------------------------------------------------------
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now