PERL log-in

kb posted this at 01:04 — 3rd June 2002.

Joined: Feb 2002

i have a PERL script that supposedly checks a form, accesses a DB (.txt) for a user name and password, check to see if they match, and then allow them to move in...or not to move in. it doesnt work. i cant find anything wrong...heres my PERL

#!/usr/local/bin/perl

	use strict;

	use CGI;
	my $query = CGI->new();

	# now we retrieve the information passed to the script and
	# place it into our own variables.

	my $pass = $query->param('password');
	my $name = $query->param('loginname');

	# where's our database stored?
	my $file = "/home/restricted/userdata";

	# now we open up the database and slurp contents into
	# @contents. We use $/ to enable slurp mode.

	my @contents = ():

	{ local $/;

		open (DB,"<$file") or die $!;
		@contents = <DB>;
		close DB;
	}

	# now we've got the data out of the file, let's loop through
	# it and see what happens.

	foreach my $line (@contents) {

		chomp $line; 
		my ($db_name,$db_pass) = split(/\|/, $line); 

		# define url you send the user to if authentication is OK.
		my $url = "http://1eyefilms.hypermart.net/members.html/";

		if (($db_name eq "$name") and ($db_pass eq "$pass")) {
			print $query->redirect($url);
		}

		else {
			print $query->header();
			print "Your username and password didn't work";
		}

	}

'
and heres the form

<form><!-- Sign In -->
		<TD valign="right">
			<TABLE align="right" width="20%" cellpadding="5" cellspacing="0" border="0" bgcolor="#99CC99">
				<TR>
					<TD>
<P align="center">
						<FORM action="/cgi-bin/login.pl" method="post"><H1 class="menu">
User Name:
					</TD>
					<TD>						
						<INPUT type="text" name="user" size="15" maxlength="15">
					</TD>
				</TR></H1><BR>
				<TR>
					<TD><H1 class="menu">Password:
					</TD>
					<TD>						
						<INPUT type="password" name="pass" size="15" maxlength="15">
					</TD>
				</TR></H1><BR>
	</FORM>
				<TR>
					<TD>
					</TD>
					<TD><H1 class="menu">						
						<INPUT type="submit" value="Log-in">
					</TD>
				</TR></H1>
				<TR><H1 class="menu">					

				<tr><td><h1 class="menu">Not a Member?</td><td><font size="14px"><a href="http://1eyefilms.hypermart.net/signup.html">Sign Up!</a></font></td></tr>
			</table></font>
					</form>

and the data is in the form of username:password
and then a hard enter, and the next username:password
anybody have an idea? thanks!

Wil posted this at 11:08 — 3rd June 2002.

They have: 601 posts

Joined: Nov 2001

Look at these two lines in the code (I believe I wrote this one?):

	my $pass = $query->param('password');
	my $name = $query->param('loginname');

'
What does this tell you? That the variable names $pass, $name will be blessed with the contents of the parameters 'password' and 'loginname' respectively.

Now, look again at your HTML form. What do you see? Look hard this time.

You see two input boxes with the parameter names 'user' and 'pass'. Now, your choice of parameters does not match those expected by the script.

The reason I chose 'loginname' and 'password' was those were the ones originally supplied by yourself. You have gone back and changed the form without making the neccessary changes to your code.

To be fair, though, I should of added some error checking to see the variables were blessed simply with something like:

my $pass = $query->param('password') || die ("Uh-oh. What's going on? 
Is this the end of the world as we know it? No, relax, it's only this - $!"); 

Anyway, to answer your questions. Just make the neccessary changes to your form and leave the code alone. It's much easier that way.

Hope this helps.

- wil

kb posted this at 14:36 — 3rd June 2002.

He has: 1,380 posts

Joined: Feb 2002

lol..yea...i believe you did

i went back and changed the form..it doesnt even process it to give me an error, it just ignores it...

so the username:password format is correct?

Wil posted this at 17:49 — 3rd June 2002.

They have: 601 posts

Joined: Nov 2001

So, what you're mearning to say is that everytime the script is run it returns:

"Your username and password didn't work"

Correct?

kb posted this at 23:00 — 3rd June 2002.

He has: 1,380 posts

Joined: Feb 2002

no...you click the button..nothing happens at all

nike_guy_man posted this at 00:40 — 4th June 2002.

They have: 840 posts

Joined: Sep 2000

You don't have an action in the tag

Wil posted this at 11:32 — 4th June 2002.

They have: 601 posts

Joined: Nov 2001

Yeah, he has this?:

nike_guy_man posted this at 18:53 — 4th June 2002.

They have: 840 posts

Joined: Sep 2000

Look at the very top of the code
He just has

Below he has the

kb posted this at 01:19 — 5th June 2002.

He has: 1,380 posts

Joined: Feb 2002

o i see...maybe they are cancelling out...lemme try again

kb posted this at 01:21 — 5th June 2002.

He has: 1,380 posts

Joined: Feb 2002

well..i tried that, nothing happens (again)

Fataqui posted this at 14:47 — 5th June 2002.

They have: 17 posts

Joined: Jan 2002

You can try this one........

Only change the 2 $vars at the top of the script!

Also if your on unix add the (bang-bang line at the top of the script!)

If you on windows it is not needed!

password file should be like this......

username = Fataqui
user_type = mailuser
user_pass = 99999
user_last_name = Desbiens
user_first_name = Sonia
service_name = webmail

If you want to change the pass_file, you will need to change this line!

my ($username,$group,$encrypt,$lname,$fname,$services)=split(/\|/,$line);

The script...........

<?php
        use CGI;
        my $obj = new CGI;
        use strict;

        $| = 1;

        # change only these two $vars below

        # where the user database is located

        my $pass_file = \"/home/restricted/userdata\";

        # The url to redirect to with login is good

        my $url = \"http://www.ya-right.com/\";

        # end config..........

    my $pass = $obj->param('pass');
    my $user = $obj->param('user');
    my $send = $obj->param('send');
        my $error = 0;
        my $info = \"\";


        if ($send == 1) {
        if (($pass eq \"\")&&($user eq \"\")) {

        $error = 3;
        &show_form($error);
        
        }
        elsif (($pass ne \"\")&&($user eq \"\")) {

        $error = 2;
        &show_form($error);
        
        }
        elsif (($pass eq \"\")&&($user ne \"\")) {

        $error = 1;
        &show_form($error);
        
        } else {
     
        &check_pass($user,$pass);
        }

        } else {
        
        &show_form($error);
                
        }

        sub check_pass {
        my @users = ();
        open (FILE, \"$pass_file\");
        @users=<FILE>;
        close(FILE);
        my $found = 0;
        foreach my $line (@users) {
        my ($username,$group,$encrypt,$lname,$fname,$services)=split(/\|/,$line);
        if (($username eq $user)&&($encrypt eq $pass)) {
      $found=1;
      last;      }
              }
        if ($found) {

        print $obj->redirect($url);

        } else {

        $error = 4;
        &show_form($error);

        }
        }

        sub show_form {

        if ($error == 0) {

        $info = \"Please Enter Your Username And Password To Login...\";

        }
        elsif ($error == 1) {

        $info = \"<font color=#FF0000>The password field was left blank...</font>\";

        }
        elsif ($error == 2) {

        $info = \"<font color=#FF0000>You did not enter your username...</font>\";

        }
        elsif ($error == 3) {

        $info = \"Please Enter Your Username And Password To Login...\";

        }
        elsif ($error == 4) {

        $info = \"<font color=#FF0000>Sorry, no user found by that name or password...</font>\";

        }

       print $obj->header();
        print $obj->start_html(\"Welcome Please Login!\");
        print $obj->startform;
        print \"<EM>$info</EM><BR><BR>\n\";
        print \"<input type=\\"hidden\\" name=\\"send\\" value=\\"1\\">\n\";
        print \"<EM>Username:</EM> \";
        print \"<input type=\\"text\\" name=\\"user\\">\n\";
        print \"<BR><BR><EM>Password:</EM> \";
        print \"&nbsp;<input type=\\"password\\" name=\\"pass\\">\n\";
        print \"<BR>\n<BR>\n\";
        print \"<input type=\\"submit\\" name=\\"submit\\" value=\\"Submit\\">\n\";
        print \"</form>\n\";
        print $obj->end_html;
        
        exit;
     }

     
?>

example of the script here............
username = Fataqui
password = 99999

http://www.ya-right.com/cgi-bin/test.pl

Wil posted this at 14:53 — 5th June 2002.

They have: 601 posts

Joined: Nov 2001

Can you give us a link to your HTML page online?

Thanks.

kb posted this at 15:29 — 5th June 2002.

He has: 1,380 posts

Joined: Feb 2002

ok...two more questions...
#1- if i want to run this as a script, using an HTML form, can i take out the

print $obj->header();
        print $obj->start_html("Welcome Please Login!");
        print $obj->startform;
        print "<EM>$info</EM><BR><BR>\n";
        print "<input type=\"hidden\" name=\"send\" value=\"1\">\n";
        print "<EM>Username:</EM> ";
        print "<input type=\"text\" name=\"user\">\n";
        print "<BR><BR><EM>Password:</EM> ";
        print "&nbsp;<input type=\"password\" name=\"pass\">\n";
        print "<BR>\n<BR>\n";
        print "<input type=\"submit\" name=\"submit\" value=\"Submit\">\n";
        print "</form>\n";
        print $obj->end_html;

'?
#2- How would i submit to this form..just use a regular PHP form submission, with the same variable names? such as:

<?php
function validate_form()
{
           global $fname, $lname, $email, $age, $dob, $address, $city, $state, $phone1, $phone2, $phone3, $mname, $password, $agree;
         
         $errors=0;
         if (!trim($fname))
         {
              echo "<br><font color="#FF0000"><b>First Name</b> is required.";
            $errors++;
         }
         
         if (!trim($lname))
         {
              echo "<br><font color="#FF0000"><b>Last Name</b> is required.";
            $errors++
         }
         
         if (!trim($email))
         {
              echo "<br><font color="FF0000"><b>Email Address</b> is required.";
            
         }
         
         if (!trim($age))
         {
              echo "<br><font color="FF0000"><b>Age</b> is required.";
         }
         
         if (!trim($dob))
         {
              echo "<br><font color="FF0000"><b>Date of Birth</b> is required.";
         }
         
         if (!trim($address))
         {
              echo "<br><font color="FF0000"><b>Address</b> is required.";
         }
         
         if (!trim($city))
         {
              echo "<br><font color="FF0000"><b>City</b> is required.";
         }
         if (!trim($state))
         {
              echo "<br><font color="FF0000"><b>State</b> is required.";
         }
         if (!trim($phone1, $phone2, $phone3))
         {
              echo "<br><font color="FF0000"><b>Phone Number</b> is required.";
         }
         
         if (!trim($mname))
         {
              echo "<br><font color="FF0000"><b>Member Name</b> is required.";
         }
         
         if (!trim($password))
         {
              echo "<br><font color="FF0000"><b>Password</b> is required.";
         }
         
         if (!trim($agree))
         {
              echo "<br><font color="FF0000"><b>Agreement to TOS and User Agreement</b> is required.";
         }
              switch ($errors)
            {
            case 0:
                 return TRUE;
                 
                 case 1:
                 echo "<br><br>Please go back and fill in the required fields.";
                 return FALSE;
                 
                 default:
                 echo "<br><br>Please go back and fill in the required fields.";
                 return FALSE;
            }
}

function update_database()
{
          echo "<br>Thank your for signing up to become a <i>1Eye Films</i> member.";
$ok = validate_form()
$fp = fopen ("/home/restricted/userdata.txt", "w");
  fwrite($fp, "$mname");
  fwrite($fp, "$password");
  fwrite($fp, "$fname");
  fwrite($fp, "$lname");
  fwrite($fp, "$email");
  fwrite($fp, "$address");
  fwrite($fp, "$city");
  fwrite($fp, "$state");
  fwrite($fp, "$phone1");
  fwrite($fp, "$phone2");
  fwrite($fp, "$phone3");
  fwrite($fp, "$age");
  fwrite($fp, "$agree");
  fclose ($fp);
}

if ($ok)
       update_database();
?>

</body>
</html>

#2.5- What tag can i put on a page to mark it as a members only, if not logged in, then goes to a login page?

(sorry if i am asking alot...i am very new at PHP)...THANKS

kb posted this at 15:32 — 5th June 2002.

He has: 1,380 posts

Joined: Feb 2002

and btw...the actual form submission is at http://1eyefilms.hypermart.net/home.html

i apologize for the ads... hopefully i can get some money soon for a domain and no ads!

Wil posted this at 16:30 — 5th June 2002.

They have: 601 posts

Joined: Nov 2001

OK. Here's your HTML:

<!-- Sign In -->
		<TD valign="right">
			<TABLE align="right" width="20%" cellpadding="5" cellspacing="0" border="0" bgcolor="#99CC99">
				<TR>
					<TD>
<P align="center">
						<FORM action="/cgi-bin/login.pl" method="post"><H1 class="menu">
User Name:
					</TD>
					<TD>						
						<INPUT type="text" name="loginname" size="15" maxlength="15">
					</TD>
				</TR></H1><BR>
				<TR>
					<TD><H1 class="menu">Password:
					</TD>
					<TD>						
						<INPUT type="password" name="pass" size="15" maxlength="15">
					</TD>
				</TR></H1><BR>
	<strong></FORM></strong>
				<TR>
					<TD>
					</TD>
					<TD><H1 class="menu">						
						<INPUT type="submit" value="Log-in">
					</TD>
				</TR></H1>
				<TR><H1 class="menu">					

				<tr><td><h1 class="menu">Not a Member?</td><td><font size="14px"><a href="http://1eyefilms.hypermart.net/signup.html">Sign Up!</a></font></td></tr>
			</table></font>
					</form>

Take out the bit in red/bald above. Your closing the form too early before your submit button.

- wil

kb posted this at 16:55 — 5th June 2002.

He has: 1,380 posts

Joined: Feb 2002

ok...(thinking to self)why didnt i see that? lol...thanks

ROB posted this at 20:31 — 5th June 2002.

They have: 447 posts

Joined: Oct 1999

action="/cgi-bin/login.pl"

that's not a relative path, and is referring to the root directory of localhost- lose the first slash or add a dot in front of it...

action="cgi-bin/login.pl"
action="./cgi-bin/login.pl"

kb posted this at 21:05 — 6th June 2002.

He has: 1,380 posts

Joined: Feb 2002

ok...does anybody have an idea as to if my script i showed on the first page will work? i dont have PHP support, but i will soon, thats why i cant test it.