login page

eanair's Avatar, Join Date: Dec 2006
Light Poster
Hi i am writing a log on page for a web application. What i want it to do is take a user name and password as input pass these to a cgi file using the 'post' method, then using dbi compare the username and passwords to the contents of a mysql table which in which all usernames and passwords are stored.

I am having a problem recieving the username and password, i think my html form is fine, and that the problem is in my cgi file.

This is the code that i am using to recieve the username and password from the html form

Code:
$query_string = $ENV{'QUERY_STRING'}; $first = split(/&/, $query_string); ($u_name, $pass) = split(/=/, $first);
Another area where there might be a problem is my select statement

Code:
$sth = $dbh->prepare(q{SELECT table1.name, table1.address, usertable.password from table1, usertable where table1.name = usertable.user_name and user.user_name = ?}); $sth->execute($u_name);
The desired output here is the name, address and password of the user with the username passed in by the form.

I am not sure if the "?" is right in the select statement? I am also unsure about the value $u_name in the brackets, when i enter a sample username in the place of the "?" in the select statement, the result will not print out unless i remove the $u_name from the brackets in the line below.

I would appreciate any help or suggestions, as i have spent many hours working on this and have run out of ideas

Thanks
0
pradeep's Avatar, Join Date: Apr 2005
Team Leader
Firstly, its a bad practice to send username password in the querystring.
Secondly, you can use the CGI module to get form data.
Checkout the example below

Code: Perl
#!/usr/bin/perl

use CGI;

if($ENV{REQUEST_METHOD} eq 'POST')
{
    $q = new CGI;
   
    $username = $q->param('username');
    $password = $q->param('password');

    #do the rest of your checking here
}
else
{
    # show ur form
}
0
eanair's Avatar, Join Date: Dec 2006
Light Poster
Thanks for the help.

Can anybody recommend a good perl /dbi tutorial i am new to all this and not to sure about the best ways to go about it. Thanks
0
pradeep's Avatar, Join Date: Apr 2005
Team Leader
The CPAN would be of the best help to you know about the DBI module, just visit http://cpantools.com and try it out yourself, and in case you are stuck you know where to get help ;-)
0
eanair's Avatar, Join Date: Dec 2006
Light Poster
Thanks for the help. I have come accross one more perl issue. How do i check if a variable is empty.
I have tried
Code:
if($variable eq ""){
 #do something
}
and
Code:
if(not(defined ($variable))){
 #do something
}
and finally
Code:
if(undef $variable ){
 #do something
}
but none seem to work, what is the correct way of doing this? Thanks
0
eanair's Avatar, Join Date: Dec 2006
Light Poster
I got it working, it was justs a bracket out of line!
0
pradeep's Avatar, Join Date: Apr 2005
Team Leader
LOL! All the best.
Try an post different query/problems in different threads.