Please log in:
Don't have an account yet? Just register. It's free, easy, and we never abuse or divulge your data. (See our privacy policy.)
Forgot your username or password? We can email it to you.
<%init> my $time = scalar localtime; my @err = (); # if a login was attempted, process it if ($ARGS{submit}) { # check for missing data fields push(@err, "You must enter a username.") unless $ARGS{un}; push(@err, "You must enter a password.") unless $ARGS{pw}; if(@err == ()) { # no errors, process the username and password if("$ARGS{un}:$ARGS{pw}" eq 'admin:alt123') { # hardcoded admin entry in case datbase is down $m->session->{username} = 'admin'; $m->session->{uid} = '0'; # $m->session->{login_ip} = $r->connection->remote_host(); $m->session->{login_time} = scalar localtime; # fetch the user group array $m->redirect('/admin/'); } else { # otherwise check user database (IS THIS SAFE AGAINST MALICIOUS DATA?) my $sql = 'select uname from web_user where uname=? and pword=?'; my $sth = $dbh->prepare($sql); if ($sth->execute($ARGS{un},Digest::MD5::md5_hex($ARGS{pw}))) { $m->session->{username} = $ARGS{un}; $m->session->{uid} = $sth->{id}; # $m->session->{login_ip} = $r->connection->remote_host(); $m->session->{login_time} = scalar localtime; # fetch the user group array $m->redirect('/user/'); } else { @err = 'Invalid username/password'; } } } } <%doc> # here is an array of hashes #@fields = ( #{ name=>'fname', label=>'first name:', size=>10 }, #{ name=>'lname', label=>'last name:', size=>20 } #); process form: check for required fields without data eliminate leading/trailing/multiple spaces/tabs convert blank data to undef or null string preserve primary key data data validation by field type and size specific (eg state codes) data formatting by field standardize case strip non-digits remove punctuation s/[^ A-Za-z0-9]//g; check for duplicate/overlapping records insert statement sub looks_like_email { return ($str =~ / ^ # match beginning of string [^@]+ # match non-empty sequence of non-@ characters @ # match literal @ character [^.]+ # match non-empty sequence of non-period characters \. # match literal period [^.] # require at least one more non-period character /x); } my $sql = q/ SELECT pid FROM web_user WHERE uname = ? AND pword = ? /; $auth::sth::login = $main::dbh->prepare($sql) or die "Can't prepare sql login statement: $!"; $sql = q/ SELECT g.gname,g.gid FROM web_member m, web_group g WHERE g.gid = m.gid AND pid = ? /; $auth::sth::group = $main::dbh->prepare($sql) or die "Can't prepare sql group statement: $!"; my $rv = $auth::sth::login->execute($ARGS{un},md5_hex($ARGS{pw})); if ($rv == 1) { # login succeeded, set UNAME, UID $session::hash{uname} = $ARGS{un}; my @row = $auth::sth::login->fetchrow_array; $session::hash{uid} = $row[0]; # fetch GROUPS $rv = $auth::sth::group->execute($session::hash{uid}); $session::hash{group} = ''; while (@row = $auth::sth::group->fetchrow_array) { $session::hash{group} .= $row[0] . ' '; } } else { }