#!/usr/bin/perl -wT
use CGI qw(:standard);
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
use lib '.';
use users;
use strict;

my $user = param('username');
my $pass = param('password');
my $username = "";

my $sth = $dbh->prepare("select * from users where username=?") or &dbdie;
if (my $rec = $sth->fetchrow_hashref) {
    my $salt = substr($rec->{password}, 0, 2);
    if ($rec->{password} ne crypt($pass, $salt) ) {
	&dienice(qq(You entered the wrong password. If you've forgotten your password, <a href="forgotpass.html">Click here to reset it</a>.));
    $username = $rec->{username};
} else {
    &dienice("Username <b>$user</b> does not exist.");
my $cookie_id = &random_id;
my $cookie = cookie(-name=>'cid', -value=>$cookie_id, -expires=>'+7d');

$sth = $dbh->prepare("replace into user_cookies values(?, ?, current_timestamp(), ?)") or &dbdie;
$sth->execute($cookie_id, $username, $ENV{REMOTE_ADDR}) or &dbdie;

if (param('page')) {
   my $url = param('page');
   # CGI.pm's redirect function can accept all of the same parameters
   # as the header function, so we can set a cookie and issue a redirect
   # at the same time.
   print redirect(-location=>"http://www.cgi101.com/$url", -cookie=>$cookie);
} else { 
   # no page was specified, so print a "you have logged in" message.
   # On a production site, you may want to change this to print
   # a redirect to your home page...
   print header(-cookie=>$cookie);
   print start_html("Logged In");
   print qq(<h2>Welcome</h2>\nYou're logged in as <b>$username</b>!<br>\n);
   print qq(<a href="securepage.cgi">go to secure page</a><br>\n);
   print qq(<a href="logout.cgi">log out</a><br>\n);
   print end_html;

sub random_id {
    # This routine generates a 32-character random string
    # out of letters and numbers.
    my $rid = "";
    my $alphas = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
    my @alphary = split(//, $alphas);
    foreach my $i (1..32) {
       my $letter = $alphary[int(rand(@alphary))];
       $rid .= $letter;
    return $rid;