Perl login script login script credentials

Hey guys,

I have a cgi script which lets a user into a simple form.

Currently anything can be entered in the username/password filed and it works anyway.

Can I restrict it to a specific username/password:

Here is my code so far:

sub show_login_form {
      print $q->start_form( -method => 'post', -action => 'form2.cgi' );
      print "<b>Username</b>:";
      print $q->textfield( -name => 'username', -label => 'Username' );
      print $q->br();
      print "<b>Password</b>:";
      print $q->password_field( -name => 'password', -label => 'Password' );
      print $q->br();
      print $q->submit( 'Action', 'Login' );
      print $q->reset('Cancel');
      print $q->end_form;
      print "<hr>\n";
}

Is there anyway to start some session as well at login, which can be logged out. So there can be a log out button.

Thanks.
LVL 1
ShivtekAsked:
Who is Participating?
 
Brad HoweDevOps ManagerCommented:
Hi,

What you are looking for is CGI::Session

ex:
#!/usr/bin/perl -w
use CGI;
use CGI::Session;

$cgi = new CGI;
$session = new CGI::Session();
$session->expire('+15m');

http://search.cpan.org/~sherzodr/CGI-Session-3.95/Session/Tutorial.pm

You can also look here for some sample code
http://www.go4expert.com/forums/showthread.php?t=1077

Cheers,
Hades666
0
 
wilcoxonCommented:
The easiest way to accomplish this is to configure auth through your web server.  This will probably not allow logout but will make sure that valid user/password is entered and will last for the session.  Otherwise, you really have to code your own auth functionality - the advantage being that you can code it anyway you want - the disadvantage being that you have to code it.
0
 
ShivtekAuthor Commented:
hades666,

You seem to know how this can be accomplished, can you guide me a little more if I want to setup a mysql database where there would be two table (user names and password)...and my login script would allow those users in and res t wont be able to access with a error message.

The guide seems very detailed and I dont know if I need something that complex..

Can it also handle my other three pages, so if not logged it would forward you to the login page.

0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
ShivtekAuthor Commented:
wilcoxon:
I am unsure how would auth work, could you maybe guide me how can the solution haes666 suggested be accomplished/

Thanks
0
 
Adam314Commented:
For your database, you will likely want username and password in the same table.

The DBI module makes it very easy to connect to a database.  The CGI::Session is definitely the way to go.  General structure will be:

On login page:
1) Show form
2) When user submits, check user/pass against db.
    If valid: create session, redirect to welcome page
    If not valid: display error

On all other pages:
1) check for session
    If not valid: redirect to login
    If valid: show page
0
 
ShivtekAuthor Commented:
Here is what I found from:

http://www.osix.net/modules/article/?id=284

I have setup a form.cgi and a logincheck.cgi

When I run form.cgi I get the 500 server error, if I check it to form.html page loads with some perl code on it, and after clicking on login I get the 500 server error again  on the logincheck.cgi this time.

I created a dbUser table in phpmyadmin and created 2 fields, "username", and "password"

Is that what I was supposed to do?

I also had the permission 755.

Please help


form.cgi

#!/usr/bin/perl

use CGI qw(:standard);
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
use strict;

print "Content-type: text/html\n\n";
print <<BodyHTML;
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Registration Form</title>
</head>

<body>
<form name = "login" action = "logincheck.cgi" method = "POST">
<table>
<tr>
<td>
User Name<br />(25 characters or less)
</td>
<td>
Password<br />(8 - 15 alphanumeric characters)
</td>
</tr>
<tr>
<td><input type = "text" name = "UserName" id = "UserName" size = "25" maxlength = "25" tabindex = "0" />
</td>
<td><input type = "text" name = "Password" id = "Password" size = "15" maxlength = "15" tabindex = "1" />
</tr>
<tr>
<td>
<input type = "submit" value = "Login" tabindex = "2" />
</td>
</tr>
<tr>
<td>
</td>
</tr>
</table>
</form>
BodyHTML
print end_html; 


logincheck.cgi

#!/usr/bin/perl

use CGI 'qw/:standard :html3/';
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
use DBI;
my $query = new->CGI;
use strict;
$name  = "";


print "Content-type: text/html\n\n";

print <<BodyHTML;
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Registration Redirection</title>
</head>
BodyHTML

my $dbh = DBI->connect("DBI:mysql:database:localhost","server_username","password", { RaiseError => 1,
AutoCommit => 1 }) or &dienice("Can't connect to database: $DBI::errstr");

my $username=param('username');
my $password=param('password');
my $sth = $dbh->prepare("select * from dbUsers where username = ?") or &dbdie;
$sth->execute($username) or &dbdie;
my $row = $sth->fetchrow_hashref;
if ($username ne $row->{username}) { &dienice(qq(Username does not exist)); }
if ($password ne $row->{password}) {
&dienice (qq(The password is invalid.)); }
if ($password eq $row->{password})
{ print redirect(- location=>"form2.cgi"); }
$dbh->disconnect;print end_html;

sub dienice {
my ($msg) = @_;
print "<h1>$msg</h1>";
exit;
}

sub dbdie {
my ($errmsg) = "$DBI::errstr<br />";
&dienice($errmsg);
} 

Open in new window

0
 
Adam314Commented:
What is in your error log?
0
 
ShivtekAuthor Commented:
I dont see any error
0
 
ShivtekAuthor Commented:
I also found this which actually just uses a username and a password file:

#!/usr/local/bin/perl


require 'cgi-lib.pl'

&ReadParse(%in);

#get login name and password from form

$username=$in{'username'};
$password=$in{'password'};

#open the two file

open (NAME, "loginname.log");
open (PASS, "loginpass.log");


#read from each file and store the last line in $n and $p  (there is only 1 line)
while (<NAME>) {
   chomp;
   $n=$_;
}
while (<PASS>) {
   chomp;
   $p=$_;
}

#close the files

close NAME;
close PASS;

#make sure that the name and the password are both correct, then store a phrase
appropriate.

if (($name eq $n)&&($pass eq $p))
 {
 $text="You have logged in correctly.";
 }
else
 {
 $text = "You DID NOT log in correctly.";
 }

#send the phrase back to the browser

print "Content-type: text/html\n\n";
print "<html><head><title></title></head><body>\n";
print "Simple login<br><br>\n";
print "LOGIN RESULTS: <b><h2>$text</h2></b>\n";


print "</body></html>";


this one might work faster I think,

How can I forward the user to a page if login was successfull.

And if the login was successul, can I do something on rest of the cgi pages which would require a login?
0
 
Adam314Commented:
This script allows for only 1 username and 1 password - you would not be able to have multiple users.  Also, it does not create a session, so your other pages will not be aware that the login was successful.
0
 
ShivtekAuthor Commented:
I am getting the same 500 server error once I click on login on a html page to go to the second script I pasted.

Does all the syntax look ok to you? do I need the cgi-lib.pl file?, I dont have that file.
0
 
ShivtekAuthor Commented:
Ok, So going back to the mysql solution, can I enter all of my pages into the same session?
0
 
Adam314Commented:
>>can I enter all of my pages into the same session
Not sure what you mean by this.

The way a session works:
1) You create a session on the server.  This tells the server you want to store information about this client session on the server.  The session gets an ID (made up by CGI::Session).  This ID is sent to the browser as a cookie.
2) Whenever the browser gets one of your pages, it sends the Session ID cookie to the server.
3) The CGI::Session checks that cookie.  If the session exists and is valid, your programs can access all of the session variables.

For the script above, you will need the cgi-lib.pl file.  To find the cause of the errors, you need to look in your error log.  What webserver are you using?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.