Redirect control to another PERL script server-side, keeping CGI Params?

Short:
What is the best way to forward control to another script, server-side, while keeping CGI query params (or passing new ones)?

Long:
I'm redesigning a webpage, and the new frontpage has a login form. In the past, different types of users would go to different pages to log in. EG customers to a "customer.cgi" script which would required login before allowing access, and administrators to a "admin.cgi" script which would do the same.

As part of the redesign, I'm centralizing the security part into a separata class, and all users now log in from the front page, to say "front.cgi". That script then calls the security module & verifies user is right to go, then should deliver them straight to the page they'd normally see when logging in via the old system (ie. into customer.cgi & admin.cgi).

How can I, after verifying the user in "front.cgi" then pass control to "admin.cgi" if the user is an admin, without doing a client-side redirect request (eg. print $cgi->redirect( 'http://www.server.com/admin.cgi?controlPage' ) ). I can do it like that of course since sessions & cookies are stored when "front.cgi" confirms identity, but it seems like it should be very easy to pass control to another process, and would be the cleanest way to do it to my mind.

To do that I would need to carry over the CGI params used in "front.cgi", or POST some new ones (don't need uid/pass again).

Seems strangely hard.

Apparently using $cgi->redirect() should work if you redirect to an absolute server path (such as /home/site/cgi-bin/admin.cgi) but doesn't seem to do what it claims .. at least on my dev machine. Same goes for LWP::UserAgent.

Comments & Ideas appreciated & welcomed.

If we can find a solution relatively quickly, I'll make the changes tonight & there will be more points available for the efforts; otherwise I'll use a client-side redirect in the interim.  :)

Thx!!
LVL 1
GlauronAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ozoCommented:
do '/home/site/cgi-bin/admin.cgi';
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
GlauronAuthor Commented:
that has to be the simplest, & easiest solution to a problem I've ever posted :)

one small problem though...

admin.cgi reads all the same CGI params posted to the original script, but how can I pass it new info? ie. now that I know we need to redirect to admin.cgi after verifying the user, how can I add something like $cgi->param('action', 'showControl') to the POSTed list of params?

I have tried to manipulate STDIN & the $ENV variables but so far no luck.
0
GlauronAuthor Commented:
OK - found one solution ...

by using a 'system' call, instead of 'do', it passes on the changed environment variables since admin.cgi will be a child process to the currently running script. It doesn't seem to work that way with 'do'.

Still, I think I'd prefer redirecting client-side to the new script & check the session/cookie info then to verify the user. Seems cleaner & slightly more secure.. there'd have to be all sorts of taint checking

$ENV{REQUEST_METHOD} = 'GET';
$ENV{QUERY_STRING} = 'action=showControl';
$ENV{CONTENT_LENGTH} = length( $ENV{QUERY_STRING} );

my $path = $global->{CONF}->{RPATH} . 'cgi-bin/';
chdir $path;

system( 'perl admin.cgi' );
return;
0
Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

ozoCommented:
do should also see the changed environment variables
0
GlauronAuthor Commented:
using do din't allow me to see env vars unfortunately, but system got me out of trouble for a while.

Thanks for the help.
0
ozoCommented:
What are you doing that you are unable to see env vars ?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Scripting Languages

From novice to tech pro — start learning today.