HPE Community
Operating System - HP-UX
1822146 Members
4068 Online
109640 Solutions
New Discussion юеВ

CGI perl problem

 
pareshan
Regular Advisor

тАО08-12-2009 08:08 PM

тАО08-12-2009 08:08 PM

CGI perl problem

I am trying to create a web portal to log in using user name and password (like any regular site) using cgi/perl and do user name and password verification from the database and if it mateches show the profile of the user otherwise give the error and redirect to the same page. All the tables are ready and even CGI DBI part I have done more than half but I stuck in some position and seeking for help

my code is :

#!/usr/bin/perl
user DBI;
use CGI;
my $cgi =CGI-> new;
my $dbh = DBI->connect(DBI:mysql:database:localhost','username','password', {
RaiseError => 1,
AutoCommit => 1 }) or die "Can't connect to database: $DBI::errstr";

my $User_Nname=param('User_Name');
my $Password = param ('Password')

my $SEL= "select * from user where User_Name = $User_Name and Password =$Password";

my $sth = $dbh-> prepare ($SEL);
my $rv = $sth -> execute;

------------------------

I have done upto now and couldnt go further, Could anyone help me out plz.
First if I am doing correct or not?? if not what is the correct version of it.

Also now what is the next I can do so that I can verify the user name password and display error message if its not the same as in the database and show me the profile of the user if its correct.

Its really important for me.
Any help will be appreciated

Thanks alot
0 Kudos
Reply
2 REPLIES 2
H.Merijn Brand (procura
Honored Contributor

тАО08-13-2009 10:04 AM

тАО08-13-2009 10:04 AM

Re: CGI perl problem

I won't answer your question, I' affraid, as I don't know what the question is, but I advise you to think about changing a few small things

1. Set taint mode

#!/usr/bin/perl -T

2. Guard against SQL-injections

What will your system do when I enter username

[ ''; delete from user; ]

my $sth = $dbh->prepare ("select * from user where user_name = ? and password = ?");

$sth->execute ($user_name, $password);

is *EXTREMELY* safer than your code.
otherwise check $dbh->quote (). BTW your original select statement is obviously missing some quotes

3. Check for errors

4. Get the values back with a fetch method

my @record = $sth->fetchrow_array;

Enjoy, Have FUN! H.Merijn
Enjoy, Have FUN! H.Merijn
0 Kudos
Reply
pareshan
Regular Advisor

тАО08-14-2009 11:09 AM

тАО08-14-2009 11:09 AM

Re: CGI perl problem

looks like its not clear from earlier post I am pasting my all code whatever I have done
----------
I have developed the code in plain CGI and HTML format but what is the problem is I have to convert this code into CGI::Application (MVC Framework) and
HTML::Template for generating the HTML pages. and I have very basci knowledge of CGI::Application (MVC web developement framework) and HTML::Template so trying to take help to conver my code in that format so that I can learn from that to in the future when I need it.

here is my code

Login Form
--------


Log In Form

<script language="JavaScript" type="text/javascript">
function form_validation()
{
if (login.User_Name.value == "")
{
alert( ├в Please enter your user name" );
login.User_Name.focus();
return false ;
}
elsif (login.Password.value==├в ├в )
{
alert (├в Please enter your Password├в );
login.Password.focus();
return false;
}
else
{
return true;
}















User Name
Password




2)Logincheck.cgi
---------------------
#!/usr/bin/perl
use strict;
use DBI;
use CGI qw(:standard);
use CGI::Carp qw(warning's fatalsToBrowser);
$database = ├в Oracle├в ;
$db_server = ├в ECAT01B├в ;
$user = ├в ECSTWEB├в ;
$password = ├в ECSTWEB├в ;
My $cgi=CGI->new
print $cgi->header;
print $cgi->start_html(-title=>'Login Check Form');
my $dbh = DBI->connect (├в DBI: $database: $db_server ','$user ','$password ', { RaiseError => 1, AutoCommit => 0 } ) || die "Database connection not made: $DBI::errstr";
my $User_Name = param('User_Name');
my $Password = param('Password');
my $SEL = ├в select User_Name, Password from User_Info where User_Name = $User_Name and Password = $Password├в ;
my $sth = $dbh->prepare($SEL) or die ├в Couldn├в t prepare the query: $dbh->errstr├в ;
my $rv = $sth ->execute or die ├в Couldn├в t execute query: $dbh ->errstr├в ;
while (($SQLUser_Name, $SQLPassword) = $execute -> fetchrow_hashref())
{
if (($password eq ├в $SQLPassword├в ) and ( $User_Name eq ├в $SQLUser_Name├в ))
{
print $cgi->redirect( location=>"display.cgi");
}
else{

print $cgi->

print ├в Login Error!! Please Login Again, UserName Or Password Incorrect├в ;
print $cgi->table({border=1});
print
print $cgi->end_table;
print $cgi->



location=>"login.cgi" }
$dbh->disconnect;
print $cgi->end_html;
}


display.cgi
--------------
#!/usr/bin/perl
use strict;
use DBI;
use CGI qw(:standard);
use CGI::Carp qw(warning's fatalsToBrowser);
$database = ├в Oracle├в ;
$db_server = ├в ECAT01B├в ;
$user = ├в ECSTWEB├в ;
$password = ├в ECSTWEB├в ;
My $cgi=CGI->new
print $cgi ->header;
print $cgi->start_html(-title=>'Login Check Form');
my $dbh = DBI->connect (├в DBI: $database: $db_server ','$user ','$password ', { RaiseError => 1, AutoCommit => 0 } ) || die "Database connection not made: $DBI::errstr";
my $SEL = ├в SELECT First_Name, Last_Name, Address, User_Name, Status, University FROM User_Info a, Admission_Code b, Univ_Code c, User_Admission_Status WHERE a.User_Name=d.U_Name and b.Adm_Code=d.Admission_Code and c.Univ_Code=d.Univ_Code and a.User_Name='form.User_Name'├в ;
my $sth = $dbh->prepare($SEL) or die ├в Couldn├в t prepare the query: $dbh->errstr├в ;
my $rv = $sth ->execute or die ├в Couldn├в t execute query: $dbh ->errstr├в ;
print $cgi->table({border=1});
print";

while (my @row = $sth->fetchrow_array) {
print"\n";
}
print $cgi->end_table;
print $cgi->end_html;

I will really appreicate any help
its very important for me
Thank YOu
First_NameLast_NameAddressUser_nameStatusUniversity
$row[0]$row[1]$row[2]$row[3]$row[4]$row[5]
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.