Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris

basic login

by bigup401 (Pilgrim)
on Apr 14, 2017 at 11:49 UTC ( #1187922=perlquestion: print w/replies, xml ) Need Help??

bigup401 has asked for the wisdom of the Perl Monks concerning the following question:

$usr='admin'; $pwd='admin'; if ($usr eq 'admin' && $pwd eq 'admin') { #inside content print "Content-type: text/html\n\n"; print <<START_HTML; #html content after seccessfully login START_HTML exit; #exit so that we dont mix html content for login and inside } #outside content print "Content-type: text/html\n\n"; print <<START_HTML; #login form for user and pass START_HTML

everything is ok, but the only problem am facing. after login and make query to the inside content. it redirect me to login any idea how i can make it to not log me out when making query to inside content its like when you make command the page redirect you back to login

Replies are listed 'Best First'.
Re: basic login
by shmem (Chancellor) on Apr 14, 2017 at 12:03 UTC

      apart from CGI::Session. any alternative coz i already tried cgi session and works bt any other alternative

        any alternative coz i already tried cgi session and works bt any other alternative

        coz? ah, because. Why? what's wrong with CGI::Session? what doesn't work for you? CPAN Search is open for you, too; look there.

        Of course, you could also roll your own. CGI::Session should get you started.

        perl -le'print map{pack c,($-++?1:13)+ord}split//,ESEL'
Re: basic login
by scorpio17 (Canon) on Apr 14, 2017 at 15:52 UTC

      when i look at ur tutorial. it involves mysql. what am doing i dont want to call any database or session. i just want something simple if the login details are ok stay on same page display wanted content dont move away even if there are refresh until i command to logout

      there are alot method for good login page. but am not looking for that. if u know php basic login . which doesn't involves calling database or using session

      but finally i have got some idea it seems to work now

        Despite this being a Perl site, many of us are familiar as well with other languages including PHP. In PHP sessions are used for tracking logins from one page to the next. It can involve a database or it can be in the filesystem. It can also be in a keystore like memcached. All of those are also possible in Perl.

        Now it's possible to set a cookie and honor that cookie without tracking the session on the server side. That's actually quite simple to do. If you're not tracking it on the server side, though, you don't know if the cookie is forged. That is, unless you cryptographically sign a data structure on the server that includes a session ID, user ID, expiration, and such; then make sure the ciphered text is encoded to text (perhaps using something like base64); then store that in the cookie. Then when the cookie is returned the server can decode, then decrypt it, and check its validity. I doubt if you don't understand how basic sessions are tracked with existing support in the libraries though that you're quite ready to tackle that sort of solution.

        If you don't want to use a database, use a file on the filesystem or a hardcoded check in your program.

Re: basic login
by Your Mother (Archbishop) on Apr 14, 2017 at 17:30 UTC

    What you are asking for is by definition a session. There are quite a few ways to achieve it, including using URL parameters instead of cookies. All the Perl webframeworks support sessions easily out of the box but the frameworks themselves have big to huge learning curves. So CGI::Session is probably the easiest way to do it.

    If I have time later I'll post a file storage (not a DB) mini-version because the docs are a little hard to follow if you don't already understand all the moving parts.

      Here is my try at an example

      #!/usr/bin/perl use strict; use warnings; select STDOUT; $| = 1; my $session_dir='/home/huck/monks-sessions'; # must exist and be wr +iteable by www userid my $expires='+1m'; # '+7d' '+1h' ; my $cookieexpires=$expires; use CGI; use CGI::Session; use CGI::Cookie; my $session; my $notloggedin=''; my $cookies; my %passwords=(admin=>'admin',huck=>'huck'); my $cgi = CGI->new; my $tssid = $cgi->cookie('TSSID'); my $timelast; unless ($tssid){ my $userid =$cgi->param('userid'); my $password=$cgi->param('password'); $userid='' unless ($userid); $password='' unless ($password); unless ( $userid) {$notloggedin='Ple +ase Login';} elsif (! $passwords{$userid}) {$notloggedin='Bad + Userid';} elsif ($password ne $passwords{$userid}) {$notloggedin='Bad + Password';} else { $session = CGI::Session->new(undef, undef, {Directory=>$sess +ion_dir}); $cookies = [CGI::Cookie->new(-name => 'TSSID', -value => $session->id, -expires => $cookieexpires )]; $session->expires($expires); $session->param('user_id',$userid); $session->param('timein' , time); $session->param('timelast', time); $timelast=time; $session->flush(); } # ok } # no tssid else { $session = CGI::Session->load(undef, $tssid, {Directory=>$sessio +n_dir}); if ( $session->is_expired ) { $notloggedin='login expired ' ; $session->delete(); $session->flush(); } elsif ( $session->is_empty ) { $notloggedin='login not found'; +} else { $cookies = [CGI::Cookie->new(-name => 'TSSID', -value => $session->id, -expires => $cookieexpires )]; $timelast=$session->param('timelast'); $session->param('timelast', time); $session->flush(); } } if ($notloggedin){ $cookies = [$cgi->cookie(TSSID => '')]; print $cgi->header(-cookie=>$cookies); print '<html><head><title>Must login</title></head><body>'."\n"; + print '<h1>Must login</h1>'."\n"; print '<h3>'.$notloggedin.'</h3>'."\n"; print '<form method="POST">'."\n"; print 'Userid:<input type="text" name="userid">'."\n"; print ' Password:<input type="text" name="password">'."\n"; print '<input type="submit" value="Login">'."\n"; print '</form>'."\n"; } else { if ($cookies) {print $cgi->header(-cookie=>$cookies); } else { print $cgi->header(); } print '#html content after seccessfully login'; print '<br>hi '.$session->param('user_id'); print ' loggedin for '.(time-$session->param('timein')).' second +s'; print ' last seen '.(time-$timelast).' seconds ago'; } print '</body></html>'; CGI::Session->find(undef ,sub {} ,{Directory=>$session_dir}); # clea +n expired sessions

Re: basic login
by mr_mischief (Monsignor) on Apr 14, 2017 at 21:07 UTC

    Do you mean "basic login" as in a simple cookie-based login or do you mean HTTP Basic Authentication, which is part of the HTTP standard and is handled by the web server optionally with the help of your programming language of choice? The former is common but the latter has nothing to do with cookies or independently managed sessions. Apache, Nginx, Lighttpd, Lightspeed, IIS, Cherokee, or whatever should be enough to take care of HTTP Basic Authentication although a program can contain code to do that part rather than using their configuration.

Re: basic login
by Anonymous Monk on Apr 14, 2017 at 15:02 UTC
    If you're determined to do this on your own, it's going to be something like this:
    if ($usr eq 'admin' && $pwd eq 'admin') { $cookie = ...; #inside content print "Content-Type: text/html\r\n"; print "Set-Cookie: login="$cookie"\r\n\r\n"; ... }
    The client will send a Cookie header on subsequent requests. You have a lot of choices about what exactly to put in $cookie. You might use something like this:
    my $cipher = Crypt::CBC->new(-key=>$secret_key, -cipher => 'Rijndael') +; my $cookie = MIME::Base64::encode_base64($cipher->encrypt("$usr:$pwd") +, '');
    ..assuming the user name doesn't include colons.

      am not sure it can work this way. and yes i tried it and fail

        To the ignorant or those in conventional industries, your recent failure may seem like a failure. But we in this Monastery all know that failures just like this one are really stepping stones. What those in dying business sectors call failure, we in tech know to be pre-greatness.
        If you want useful answers, you need to give us more information. What does "fail" mean? Did it produce an error message like "Can't locate Crypt/ in @INC"? That's easy to fix by installing a module. Since you said elsewhere that you have something working now, I'm not going to worry about this any more. But please, in the future, try to be more specific!
Re: basic login
by Anonymous Monk on Apr 14, 2017 at 22:03 UTC

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://1187922]
Approved by shmem
Front-paged by Corion
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (4)
As of 2022-12-02 04:07 GMT
Find Nodes?
    Voting Booth?