Perl login script login script credentials

Hey guys,

I have a cgi script which lets a user into a simple form.

Currently anything can be entered in the username/password filed and it works anyway.

Can I restrict it to a specific username/password:

Here is my code so far:

sub show_login_form {
      print $q->start_form( -method => 'post', -action => 'form2.cgi' );
      print "<b>Username</b>:";
      print $q->textfield( -name => 'username', -label => 'Username' );
      print $q->br();
      print "<b>Password</b>:";
      print $q->password_field( -name => 'password', -label => 'Password' );
      print $q->br();
      print $q->submit( 'Action', 'Login' );
      print $q->reset('Cancel');
      print $q->end_form;
      print "<hr>\n";
}

Is there anyway to start some session as well at login, which can be logged out. So there can be a log out button.

Thanks.
LVL 1
ShivtekAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brad HoweDevOps ManagerCommented:
Hi,

What you are looking for is CGI::Session

ex:
#!/usr/bin/perl -w
use CGI;
use CGI::Session;

$cgi = new CGI;
$session = new CGI::Session();
$session->expire('+15m');

http://search.cpan.org/~sherzodr/CGI-Session-3.95/Session/Tutorial.pm

You can also look here for some sample code
http://www.go4expert.com/forums/showthread.php?t=1077

Cheers,
Hades666
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
wilcoxonCommented:
The easiest way to accomplish this is to configure auth through your web server.  This will probably not allow logout but will make sure that valid user/password is entered and will last for the session.  Otherwise, you really have to code your own auth functionality - the advantage being that you can code it anyway you want - the disadvantage being that you have to code it.
0
ShivtekAuthor Commented:
hades666,

You seem to know how this can be accomplished, can you guide me a little more if I want to setup a mysql database where there would be two table (user names and password)...and my login script would allow those users in and res t wont be able to access with a error message.

The guide seems very detailed and I dont know if I need something that complex..

Can it also handle my other three pages, so if not logged it would forward you to the login page.

0
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

ShivtekAuthor Commented:
wilcoxon:
I am unsure how would auth work, could you maybe guide me how can the solution haes666 suggested be accomplished/

Thanks
0
Adam314Commented:
For your database, you will likely want username and password in the same table.

The DBI module makes it very easy to connect to a database.  The CGI::Session is definitely the way to go.  General structure will be:

On login page:
1) Show form
2) When user submits, check user/pass against db.
    If valid: create session, redirect to welcome page
    If not valid: display error

On all other pages:
1) check for session
    If not valid: redirect to login
    If valid: show page
0
ShivtekAuthor Commented:
Here is what I found from:

http://www.osix.net/modules/article/?id=284

I have setup a form.cgi and a logincheck.cgi

When I run form.cgi I get the 500 server error, if I check it to form.html page loads with some perl code on it, and after clicking on login I get the 500 server error again  on the logincheck.cgi this time.

I created a dbUser table in phpmyadmin and created 2 fields, "username", and "password"

Is that what I was supposed to do?

I also had the permission 755.

Please help


form.cgi

#!/usr/bin/perl

use CGI qw(:standard);
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
use strict;

print "Content-type: text/html\n\n";
print <<BodyHTML;
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Registration Form</title>
</head>

<body>
<form name = "login" action = "logincheck.cgi" method = "POST">
<table>
<tr>
<td>
User Name<br />(25 characters or less)
</td>
<td>
Password<br />(8 - 15 alphanumeric characters)
</td>
</tr>
<tr>
<td><input type = "text" name = "UserName" id = "UserName" size = "25" maxlength = "25" tabindex = "0" />
</td>
<td><input type = "text" name = "Password" id = "Password" size = "15" maxlength = "15" tabindex = "1" />
</tr>
<tr>
<td>
<input type = "submit" value = "Login" tabindex = "2" />
</td>
</tr>
<tr>
<td>
</td>
</tr>
</table>
</form>
BodyHTML
print end_html; 


logincheck.cgi

#!/usr/bin/perl

use CGI 'qw/:standard :html3/';
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
use DBI;
my $query = new->CGI;
use strict;
$name  = "";


print "Content-type: text/html\n\n";

print <<BodyHTML;
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Registration Redirection</title>
</head>
BodyHTML

my $dbh = DBI->connect("DBI:mysql:database:localhost","server_username","password", { RaiseError => 1,
AutoCommit => 1 }) or &dienice("Can't connect to database: $DBI::errstr");

my $username=param('username');
my $password=param('password');
my $sth = $dbh->prepare("select * from dbUsers where username = ?") or &dbdie;
$sth->execute($username) or &dbdie;
my $row = $sth->fetchrow_hashref;
if ($username ne $row->{username}) { &dienice(qq(Username does not exist)); }
if ($password ne $row->{password}) {
&dienice (qq(The password is invalid.)); }
if ($password eq $row->{password})
{ print redirect(- location=>"form2.cgi"); }
$dbh->disconnect;print end_html;

sub dienice {
my ($msg) = @_;
print "<h1>$msg</h1>";
exit;
}

sub dbdie {
my ($errmsg) = "$DBI::errstr<br />";
&dienice($errmsg);
} 

Open in new window

0
Adam314Commented:
What is in your error log?
0
ShivtekAuthor Commented:
I dont see any error
0
ShivtekAuthor Commented:
I also found this which actually just uses a username and a password file:

#!/usr/local/bin/perl


require 'cgi-lib.pl'

&ReadParse(%in);

#get login name and password from form

$username=$in{'username'};
$password=$in{'password'};

#open the two file

open (NAME, "loginname.log");
open (PASS, "loginpass.log");


#read from each file and store the last line in $n and $p  (there is only 1 line)
while (<NAME>) {
   chomp;
   $n=$_;
}
while (<PASS>) {
   chomp;
   $p=$_;
}

#close the files

close NAME;
close PASS;

#make sure that the name and the password are both correct, then store a phrase
appropriate.

if (($name eq $n)&&($pass eq $p))
 {
 $text="You have logged in correctly.";
 }
else
 {
 $text = "You DID NOT log in correctly.";
 }

#send the phrase back to the browser

print "Content-type: text/html\n\n";
print "<html><head><title></title></head><body>\n";
print "Simple login<br><br>\n";
print "LOGIN RESULTS: <b><h2>$text</h2></b>\n";


print "</body></html>";


this one might work faster I think,

How can I forward the user to a page if login was successfull.

And if the login was successul, can I do something on rest of the cgi pages which would require a login?
0
Adam314Commented:
This script allows for only 1 username and 1 password - you would not be able to have multiple users.  Also, it does not create a session, so your other pages will not be aware that the login was successful.
0
ShivtekAuthor Commented:
I am getting the same 500 server error once I click on login on a html page to go to the second script I pasted.

Does all the syntax look ok to you? do I need the cgi-lib.pl file?, I dont have that file.
0
ShivtekAuthor Commented:
Ok, So going back to the mysql solution, can I enter all of my pages into the same session?
0
Adam314Commented:
>>can I enter all of my pages into the same session
Not sure what you mean by this.

The way a session works:
1) You create a session on the server.  This tells the server you want to store information about this client session on the server.  The session gets an ID (made up by CGI::Session).  This ID is sent to the browser as a cookie.
2) Whenever the browser gets one of your pages, it sends the Session ID cookie to the server.
3) The CGI::Session checks that cookie.  If the session exists and is valid, your programs can access all of the session variables.

For the script above, you will need the cgi-lib.pl file.  To find the cause of the errors, you need to look in your error log.  What webserver are you using?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Scripting Languages

From novice to tech pro — start learning today.