#!/usr/bin/perl -wT use CGI qw(:standard); use CGI::Carp qw(warningsToBrowser fatalsToBrowser); use lib '.'; use users; use strict; my $user = param('username'); my $pass = param('password'); my $username = ""; my $sth = $dbh->prepare("select * from users where username=?") or &dbdie; $sth->execute($user); if (my $rec = $sth->fetchrow_hashref) { my $salt = substr($rec->{password}, 0, 2); if ($rec->{password} ne crypt($pass, $salt) ) { &dienice(qq(You entered the wrong password. If you've forgotten your password, <a href="forgotpass.html">Click here to reset it</a>.)); } $username = $rec->{username}; } else { &dienice("Username <b>$user</b> does not exist."); } my $cookie_id = &random_id; my $cookie = cookie(-name=>'cid', -value=>$cookie_id, -expires=>'+7d'); $sth = $dbh->prepare("replace into user_cookies values(?, ?, current_timestamp(), ?)") or &dbdie; $sth->execute($cookie_id, $username, $ENV{REMOTE_ADDR}) or &dbdie; if (param('page')) { my $url = param('page'); # CGI.pm's redirect function can accept all of the same parameters # as the header function, so we can set a cookie and issue a redirect # at the same time. print redirect(-location=>"http://www.cgi101.com/$url", -cookie=>$cookie); } else { # no page was specified, so print a "you have logged in" message. # On a production site, you may want to change this to print # a redirect to your home page... print header(-cookie=>$cookie); print start_html("Logged In"); print qq(<h2>Welcome</h2>\nYou're logged in as <b>$username</b>!<br>\n); print qq(<a href="securepage.cgi">go to secure page</a><br>\n); print qq(<a href="logout.cgi">log out</a><br>\n); print end_html; } sub random_id { # This routine generates a 32-character random string # out of letters and numbers. my $rid = ""; my $alphas = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; my @alphary = split(//, $alphas); foreach my $i (1..32) { my $letter = $alphary[int(rand(@alphary))]; $rid .= $letter; } return $rid; }