Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

CGI - variables from first form to be seen in third form.

by valavanp (Curate)
on Nov 24, 2009 at 03:18 UTC ( [id://808985]=perlquestion: print w/replies, xml ) Need Help??

valavanp has asked for the wisdom of the Perl Monks concerning the following question:

Hi All,
I have a login form when it is submitted it will be directed to the login_1.cgi to check it with the database, after it is successful there is a view_user hyper link which directs it to the user information page. I wanted to have the user name from login page available to the user information page to get the values from the db. But i am not able to populate the user values available to the user information page. Because the user information page is the 3rd page which i am not able to populate the values from the first page. Could anyone suggest me a method. I also tried to have an hidden variable. But there is no form submission in the 2nd page. Here is the code drop for your reference and thanks for the time. 
login.html
----------
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<TITLE> New Document </TITLE>
</HEAD>

<BODY>
<form id="6" method="post" action="login_1.cgi" name="contact">

<label>Email Address:</label>
<div>
<input id="element_1" name="element_1" type="text" maxlength="255" val
+ue=""/> 
</div>

<label class="description" for="element_2">Web Panel Password:</label>
<div>
<input id="element_2" name="element_2" class="element text medium" typ
+e="password" maxlength="255" value=""/> 
</div>

<input id="saveForm" type="submit" name="Login" value="Login" />

</BODY>
</HTML>


login_1.cgi
-----------
#!c:/perl/bin/perl -w
use CGI qw(:standard);
use CGI::Carp qw(warningsToBrowser fatalsToBrowser); 
use DBI;

my $dbh=DBI->connect("dbi:mysql:$dbname;",,) || die("cannot connect $!
+\n");
$sth = $dbh->prepare("select * from users where email = ?") or &dbdie;
$sth->execute($usr) or &dbdie;

if (my $name = $sth->fetchrow_hashref) {
    my $sth = $dbh->prepare("select * from users where password = ?") 
+or &dbdie;
    $sth->execute($pwd) or &dbdie;
    if (my $pass = $sth->fetchrow_hashref){ 
        print "login successful";
        print qq(<a href = \"view_user_1.cgi\">user settings</a>);
    }
    else { 
        &dienice(qq(The password is invalid.); 
    }
}else { 
    &dienice(qq(E-mail does not exist.); 
}


view_user_1.cgi
---------------

#!c:/perl/bin/perl -w
use CGI qw(:standard);
use CGI::Carp qw(warningsToBrowser fatalsToBrowser); 
use DBI;

$q = new CGI;

$usr = $q->param('user');
#$usr=$FORM{'inputname'};
#$pwd = $q->param('element_2');
my $dbh=DBI->connect("dbi:mysql:$dbname;",,) || die("cannot connect $!
+\n");
$sth = $dbh->prepare("select * from users where email = ? ") or &dbdie
+;
$sth->execute($usr) or &dbdie;


print "Content-type:text/html\n\n";
print "here";
print $usr;


my $dbh=DBI->connect("dbi:mysql:$dbname;",,) || die("cannot connect $!
+\n");
$sth = $dbh->prepare("select * from users where email = ? ") or &dbdie
+;
$sth->execute($usr) or &dbdie;

[download]

Replies are listed 'Best First'.
Re: CGI - variables from first form to be seen in third form.
by FalseVinylShrub (Chaplain) on Nov 24, 2009 at 03:48 UTC

    Hi

    Hope this will be of help:

    • If you are actually trying to make something secure, you should probably look for a ready-made module. Sorry, I don't know what's considered the best at the moment, you'll have to do some research or wait for someone else to recommend one.
    • On the login page, you seem to be checking the username (email address) then checking to see if there is an account with the specified password. Surely you need to check that the password belongs to that user: it looks like you can log into anyones account with your password at the moment. Need to pull out the password from the submitted email address, then check it is equal to the password submitted in the login form.
    • To solve the problem you asked about, and anything else that needs password protection, you'll need to keep track of logged in users between pages. You can't just pass round the username, or anyone will be able to access any account by changing the URL/cookie/etc. One way to do this would be to generate a session cookie and keep a record of which account it belongs to. Managing all this is quite complex and I would recommend finding a module.

    Anyway depends exactly what you're doing but if you want some kind of security better do some research. Hope someone who knows more than me will provide more useful details..

    FVS

[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://808985]
Approved by ww
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (8)
As of 2024-04-23 10:51 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found