Hi, I am new to perl script. I have created a login using per/cgi script. It is running via apache server. I have set the default page in apache as login page. url-->ipadress: port. Whenever user tries to see the website its asks for the authetication. But i am facing a problem in authentication, suppose when user tries to use the url-->ipadress: port/home.html it directly redirects to the home page without asking for the login details. I need to redirect to the login page. So someone please help me to resolve this issue?
login.cgi: Code: #!/usr/bin/perl -w $|=1; use CGI qw/:standard/; $q=new CGI; if(!($line=~/#/)) { if ($line=~/User.*=(.*);(.*);(.*)/){ $user_name=$1;$user_pass=$2; $user{$user_name}=$user_pass; } } $username=$q->param("login"); $password=$q->param("password"); $username1="tamil"; $password1="arasu"; if ( $username eq $username1 && $password eq $password1 ) { $action="ip:port/home.html"; } else { $action="ip:port";} print $q->redirect($action);
So you are redirecting print $q->redirect($action); And I don't see you are asking user for any input for login.
Index.html: HTML: <HTML> <HEAD> <TITLE>Login</TITLE> <script language="javascript"> function Set_Cookie() { var path =''; var domain =''; var secure =''; // set time, it's in milliseconds var today = new Date(); today.setTime( today.getTime() ); /*if the expires variable is set, make the correct expires time, the current script below will set it for x number of days, to make it for hours,delete * 24, for minutes, delete * 60 * 24*/ var expires = 0 var expires_date = new Date( today.getTime() + (expires) ); document.cookie = "user" + "=" +escape( document.login_form.login.value ) + ( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) + ( ( path ) ? ";path=" + path : "" ) + ( ( domain ) ? ";domain=" + domain : "" ) + ( ( secure ) ? ";secure" : "" ); document.cookie = "password" + "=" +escape( document.login_form.password.value ) + ( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) + ( ( path ) ? ";path=" + path : "" ) + ( ( domain ) ? ";domain=" + domain : "" ) + ( ( secure ) ? ";secure" : "" ); document.login_form.submit(); } function redirectTo() { var txt = document.getElementById("login").value; var txt1 = document.getElementById("password").value; if(txt=='' && txt1=='') { alert('Please Enter a Username and Password'); } else if(txt1=='') { alert('Please Enter a Password'); } else if(txt=='') { alert('Please Enter a Username'); } } </script> </HEAD> <body> <form method="post" action="../cgi-bin/login.cgi" name=login_form> <center><table> <tr><td><font face="verdana,arial" size=-1>Username</td><td><input type="text" name="login"></td></tr> <tr></tr> <tr><td><font face="verdana,arial" size=-1>Password</td><td><input type="password" name="password"></td></tr> <tr></tr> <tr><td><font face="verdana,arial" size=-1><input type="submit" value="Enter" onclick="redirectTo()"></td></tr> <tr><td colspan=2></td></tr> </table></center> </form> </body> </HTML>
Hi Shabbir, Thanks for your reply. I am using nearly 10 static html pages in our website. As i already told i am accessing it via the apache server.How can i prevent the users to see the other html pages without login?
You cannot block HTML pages but only pages that has server side coding like CGI pages where the check at the top is to see if user is logged in or not and if not then redirect to a login page else show the content.
Ok then if i am changing all the htnl pages to cgi how can i achieve it? Can you please explain it briefly?
You have to set the cookies and check those cookies against the session and then validate or redirect.