Login page perl/CGI

S

sandy

hello,,,,,,,,,
i am creating login page using Perl/CGI facing prob... able to
connect DB but from there facing prob
If u have related code of login page in Perl please send me on
(e-mail address removed)

please help me


i am using MySQL as DB user name:root password:root database name:ITS

and Table is User_login,
Column 1: User_Name
Column 2: User_Pass

--
#!c:/perl/bin/perl.exe
use CGI qw:)standard);
use CGI::Carp qw(warning's fatalsToBrowser);
use strict;
use DBI;


print "Content-type: text/html\n\n";
print <<BodyHTML;
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://
www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd ">
<html lang="en" xml:lang="en" xmlns=" http://www.w3.org/1999/xhtml">
<head>
<title>Registration Form</title>
</head>

<body>
<form name = "login" action = "logincheck.cgi " method = "POST">
<table>
<tr>
<td>
User Name<br />(25 characters or less)
</td>
<td>
Password<br />(8 - 15 alphanumeric characters)
</td>
</tr>
<tr>
<td><input type = "text" name = "UserName" id = "UserName" size = "25"
maxlength = "25" tabindex = "0" />
</td>
<td><input type = "text" name = "Password" id = "Password" size = "15"
maxlength = "15" tabindex = "1" />
</tr>
<tr>
<td>
<input type = "submit" value = "Login" tabindex = "2" />
</td>
</tr>
<tr>
<td>
<p>To register go to the <a href = "register.cgi">registration</a>
page.</p>
</td>
</tr>
</table>
</form>
BodyHTML
print end_html;

my $dbh = DBI->connect("DBI:mysql:database:localhost","its","root",
{ RaiseError => 1,
AutoCommit => 1 }) or &dienice("Can't connect to database:
$DBI::errstr");

my $UserName=param('UserName');
my $Password=param('Password');
my $sth = $dbh->prepare("select * from User_Login where User_Name
= ?") or &dbdie;
$sth->execute($UserName) or &dbdie;
if (my $name = $sth->fetchrow_hashref)
{
my $sth = $dbh->prepare("select * from user_Login where root = ?") or
&dbdie;
$sth->execute($Password) or &dbdie;
if (my $pass = $sth->fetchrow_hashref)
{
print redirect(- location=>"index.cgi");
}
else { &dienice(qq(The password is invalid. Go to the <a href =
"passreset.cgi">password reset</a> page to reset your password.)); }
}
else { &dienice(qq(Username does not exist. Go to the <a href = "
custreg.cgi">registration</a> page to register.)); }
$dbh->disconnect;
print end_html;

sub dienice {
my ($msg) = @_;
print "<h1>$msg</h1>";
exit;
}

sub dbdie {
my ($errmsg) = "$DBI::errstr<br />";
&dienice($errmsg);
}
Sandip B Bhosale.
 
J

J. Gleixner

sandy said:
hello,,,,,,,,,
i am creating login page using Perl/CGI facing prob... able to
connect DB but from there facing prob

Try facing North instead of prob.
[...]
please help me

Create a program that works from the command line, no HTML. Once
that works, then add in the HTML.
i am using MySQL as DB user name:root password:xxxx database name:ITS
ahhhh.. the values for your username and password and database aren't
important..
and Table is User_login,
Column 1: User_Name
Column 2: User_Pass

--
#!c:/perl/bin/perl.exe
use CGI qw:)standard);
use CGI::Carp qw(warning's fatalsToBrowser);
use strict;
use DBI;


print "Content-type: text/html\n\n";
[...]

sooo.. you're using the CGI module but you aren't using any of CGI's
modules to help you with your HTML???.. If all you want is the
param method, then you don't need :standard. If you're going to
include all of the 'standard' methods, then use them.

my $dbh = DBI->connect("DBI:mysql:database:localhost","its","root",
{ RaiseError => 1,
AutoCommit => 1 }) or &dienice("Can't connect to database:
$DBI::errstr");

Read up on what 'RaiseError' does. 'dienice' for a subroutine that
doesn't actually call die, isn't nice.

No need for '&'.
my $UserName=param('UserName');
my $Password=param('Password');
my $sth = $dbh->prepare("select * from User_Login where User_Name
= ?") or &dbdie;

Hopefully you're not storing your customer's passwords in clear text.
Encrypt them, somehow.
$sth->execute($UserName) or &dbdie;
if (my $name = $sth->fetchrow_hashref)
{
my $sth = $dbh->prepare("select * from user_Login where root = ?") or
&dbdie;

'where root = ?' ????

You have a column named 'root'?

Maybe...

if( param('UserName') and param('Password') )
{
my $sql = 'select 1 from user_login where user_name=? and user_pass=?';
my $sth = $dbh->prepare( $sql );
$sth->execute( param('UserName'), param('Password') );
etc..
}
else
{
#print some message here..
}
$sth->execute($Password) or &dbdie;
if (my $pass = $sth->fetchrow_hashref)
{
print redirect(- location=>"index.cgi");
}
else { &dienice(qq(The password is invalid. Go to the <a href =
"passreset.cgi">password reset</a> page to reset your password.)); }
}
else { &dienice(qq(Username does not exist. Go to the <a href = "
custreg.cgi">registration</a> page to register.)); }

If your site has any personal information on it, about the customer,
then don't provide the reason why it failed. Just state that the
username or password is not found, in one message.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,969
Messages
2,570,161
Members
46,708
Latest member
SherleneF1

Latest Threads

Top