#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2000
    Location
    Norman, OK, USA
    Posts
    12
    Rep Power
    0
    Hello All.

    the following sub is for a simple login page, where a user has to enter their username and password. As it works now, it will verify that the password belongs to the username, but if no username is specified, it will go ahead and let anyone in, even if they enter an arbitrary password (it does send them to a specific user account).
    The question, what do I add to this sub to make it confirm that a username & password have been entered?

    Code:

    sub login(){
    my $user = CGI: aram('UserName');
    my $password = CGI: aram('Password');
    my $rows = 0;

    $RstFindUser = $dbh->prepare("SELECT Username, Password FROM user WHERE Username = '$user'");
    $RstFindUser->execute;
    $rows = $RstFindUser->rows;
    my ($uname, $pword) = $RstFindUser->fetchrow;
    $RstFindUser->finish;
    if($rows){
    if($password=~$pword){
    showForm($user,$password);
    }
    else {
    print CGI::header();
    print qq{
    <HTML>
    <HEAD>
    <TITLE>E-Commerce Login</TITLE>
    </HEAD>
    <BODY BGCOLOR="white">
    <H2>The Password you entered is invalid for User: $user<BR><a href="contest_input">Pick a different Username or Try Again!</
    a>
    </BODY>
    </HTML>};
    }
    } else {
    showForm($user,$password);
    }
    } # login


    -Loki
  2. #2
  3. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    my ($user) = $q->param('UserName');
    my ($password) = $q->param('Password');
    unless ($user and $password) {
    &error;
    last;
    }

    sub error {
    print "Content-type: text/htmlnn";
    print "Missing field(s)n";
    }
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2000
    Location
    Norman, OK, USA
    Posts
    12
    Rep Power
    0
    Oops.. I should have posted earlier, but got tied up with something. Thanks for the replay freebsd. Actually, here's what I ended up doing, and it worked!

    code:
    sub login(){
    my $user = CGI: aram('UserName') &#0124; &#0124; undef;
    my $password = CGI: aram('Password') &#0124; &#0124; undef;
    my $rows = 0;

    my $error = "";
    $error .= &checkvalid($user,'UserName',B);
    $error .= &checkvalid($password,'Password',B);

    if ($error) {
    $form .= "<H3 ALIGN="CENTER">Error</H3><CENTER><FONT SIZE="4">You have some invalid or missing information.</FONT>n";
    $form .= "<BR> $error</center>n";
    $TEMPLATE = $TEMPLATE_DIR . "/" . $plaintmpl;
    print CGI::header();

    open TEMPLATE;

    while(<TEMPLATE> ) {
    $_ =~ s/<%CONTESTFORM%>/$form/g;
    print $_;
    }
    } else {

    $RstFindUser = $dbh->prepare("SELECT Username, Password FROM user WHERE Username = '$user'");
    $RstFindUser->execute;
    $rows = $RstFindUser->rows;
    my ($uname, $pword) = $RstFindUser->fetchrow;
    $RstFindUser->finish;

    if($rows){
    if($password=~$pword){
    showForm($user,$password);
    }
    else {
    print CGI::header();
    print qq{
    <HTML>
    <HEAD>
    <TITLE>Total Football Login</TITLE>
    </HEAD>
    <BODY BGCOLOR="white">
    <H2>The Password you entered is invalid for User: $user<BR><a href="total_football">Pick a different Username or Try Again!</a>
    </BODY>
    </HTML>};
    }

    } else {
    showForm($user,$password);
    }
    }
    } # login


    ---------------------------------

    Yeah, seems to be ALOT more code than your fix. hehe.. but it works.

IMN logo majestic logo threadwatch logo seochat tools logo