"use CGI " hangs "CGI time out "

[GMI]

I am writing a simple login program to get a ID and Password check agains a
MySQL database , send a cookie.

when these 2 line added :
use CGI;
$Query = new CGI;

The program, it hangs and after a long time system comes with a CGI time
out error?
in DOS mode however the routine works fine.
Can someone out there help?
-----------------------------------
here is part of the code
---------------------

#Login process for NOYQ
require "subparseform.lib";
use CGI;
$Query = new CGI;
my $ErrMsg,$ErrNo=0, $ID ;
my $PassWord,$fName,$lName;
my $Dte_Lst,$Cookie;
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtime(time);
$mon=$mon+1;
$year=$year+1900;
$Date = "$year-$mon-$mday $hour:$min:$sec" ;
Parse_Form();
NOinitFrm();
$ID='***';$PassWord='******',$Continue='Continue';
#
if ($Continue ne "Continue")
{
# this is the initial run (Not continue & not Cancel)
$LgNo =1;
$ErrMsg='';
#Just print the form and exit
NoClPrnFrm();
exit
};
$ErrMsg='';
if($ID le '' ) {
$ErrNo++;
$ErrMsg="$ErrMsg $ErrNo - Please enter a valid ID";
}
elsif(! DB_Connect())
{$ErrNo++; $ErrMsg="$ErrMsg $ErrNo- Failed to Connect to SQL server."
}

elsif (! CheckPW($ID,$PassWord))
{ $ErrNo++;
$ErrMsg= "$ErrMsg $ErrNo- Password or ID invalid! $ID,$PW $SqlString ";
}
elsif(! NORecDte())
{ $ErrNo++;
$ErrMsg="$ErrMsg $ErrNo- Could not Update Login! "
};


if ($ErrNo = 0) {
SendCookie('NOYQSecure',$ID,'+1d','/' ,'WWW.NOYQ.ca',0) ;
print "<title>'NOYQ User Logged'</title></head>
<body> Welcome back $fName $lName. Last Login was.:$Dte_Lst <BR>
<p><a href='/' target=_top>Home</a></P> '
</body>
</html>
";
exit
};

------------------------------------------------
HERE IS THE DOS COMMAND OUTPUT...........
c:>Perl No-logi1.pl
---------
Content-type: text/html

<P>Use Post or GetSet-Cookie: NOYQSecure=bazil; domain=WWW.NOYQ.ca; path=/;
expires=Tue, 21-Jun-2005 13:56:21 GMT
Date: Mon, 20 Jun 2005 13:56:21 GMT
Content-Type: text/html; charset=ISO-8859-1

<html><head><title>'NOYQ User Logged'</title></head>
<body> Welcome back Bazil Ghassemlou. Last Login was.:2005-6-20 9:52:7
<BR>
<p><a href='/' target=_top>Home</a></P> '
</body>
</html>

 

[A. Sinan Unur]

The program, it hangs and after a long time system comes with a CGI
time out error?
in DOS mode however the routine works fine.

perldoc -q 500

might help when you encounter this type of situation. However, see my
specific comments below:

#Login process for NOYQ
require "subparseform.lib";

This is probably some crappy cargo cult CGI processing thingy: Dump it.

use CGI;
$Query = new CGI;

You should have

use strict;
use warnings;

in your code.

This seems to be a good time for you to peruse the posting guidelines
for this group: They contain invaluable information on how you can help
yourself, and help others help you.

my $ErrMsg,$ErrNo=0, $ID ;
my $PassWord,$fName,$lName;

You should always declare variables in the smallest applicable scope,
and name them so they are readable.

my $Dte_Lst,$Cookie;
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtime(time);
$mon=$mon+1;
$year=$year+1900;
$Date = "$year-$mon-$mday $hour:$min:$sec" ;

This is crazy.

Parse_Form();

What's happening is that instantiating a CGI object consumes the input
coming in, there is nothing for Parse_Form to read from STDIN, so it
waits for input until the web server decides to kill it.

You have a choise to make here: Either use the crappy code, or use CGI,
not both. I think the choice is clear.

It also seems clear to me that you should read "Learning Perl".

NOinitFrm();
$ID='***';$PassWord='******',$Continue='Continue';
#
if ($Continue ne "Continue")

WTF? How can this happen?

{
# this is the initial run (Not continue & not Cancel)

Most of the code from this point on is fairly incomprehensible to me.

You really, really need to o back to the basics. You have just told me
how to crack my way in to www.noyq.ca. Please do not use this script for
any purpose. You need some *intensive* studying of both Perl and web
security fundamentals.

This is for your own good.

Sinan

 

[Brian Wakem]

You should always declare variables in the smallest applicable scope,
and name them so they are readable.


Sinan

It's also worth pointing out that when using strict, 4 errors will occur
in the above two lines as the my only applies to the first variable in
each case.

 

[Alfred Z. Newmane]

It's also worth pointing out that when using strict, 4 errors will
occur in the above two lines as the my only applies to the first
variable in each case.

True. I believe thats an error that cna come from spending a long time
with langs like C or C++, wher you can start with the typename and have
a comma delimited list of variables taking that type:

int a,b,c;

All that needs to be done with thw code in question is add ()'s around
the variable list:
(Also note the initialization of $ErrNo=0 had to be corrected as well.)

my ($ErrMsg, $ErrNo, $ID) = (undef, 0);
my ($PassWord, $fName, $lName);

 

[A. Sinan Unur]

True. I believe thats an error that cna come from spending a long time
with langs like C or C++, wher you can start with the typename and
have a comma delimited list of variables taking that type:

int a,b,c;

How about:

int* a, b;

Sinan

 

[Big and Blue]

How about:

int* a, b;

One reason to always write "int *a, b;" (in C, since you would never
declare a or b scalars in Perl).

 

[Eric Bohlman]

How about:

int* a, b;

[now getting hopelessly OT]

I got in the habit of writing "type *v" rather than "type* v", reading it
as "the thing v points to is this type" (which, IIRC, is actually how K&R
explained it). "int *a, b;" reads to me unambiguously as "both the
thingy a points to and b are integers" without implying that b is a
pointer. The underlying concept is that pointeritude[tm] and type are
parallel attributes of a variable, rather than pointeritude being an
attribute of type, and therefore the indicator of pointeritude should be
closer to the variable name than the type name.

 

[A. Sinan Unur]

How about:

int* a, b;

[now getting hopelessly OT]

I got in the habit of writing "type *v" rather than "type* v", reading
it as "the thing v points to is this type" (which, IIRC, is actually
how K&R explained it).

I agree, and that's the style I use as well. However, my remark was
related to the following:

# #
#>>> #>>>
#>>>> my $ErrMsg,$ErrNo=0, $ID ;
#>>>> my $PassWord,$fName,$lName;
#
# I believe thats an error that cna come from spending a long time
# with langs like C or C++, wher you can start with the typename
# and have a comma delimited list of variables taking that type:

I was trying to point out that similar errors can be made in C as well.

Anyway, sorry for the drift.

Sinan

 

[Bart Lateur]

"int *a, b;" reads to me unambiguously as "both the
thingy a points to and b are integers" without implying that b is a
pointer.

You've gotten used to it, then.

The you can declare both a pointer and an integer in the same combined
line is, IMHO, a major design flaw in C. Delaring an integer and a
pointer to an integer are two totally dissimilar tasks. Less similar
than declaring a double and an integer, and you can't combine those two
declarations.

 

[Tassilo v. Parseval]

Also sprach Bart Lateur:

You've gotten used to it, then.

The you can declare both a pointer and an integer in the same combined
line is, IMHO, a major design flaw in C. Delaring an integer and a
pointer to an integer are two totally dissimilar tasks. Less similar
than declaring a double and an integer, and you can't combine those two
declarations.

Strictly speaking, C doesn't say: "Variable p is of type 'pointer to
int'". Instead it says: "Variable p, when dereferenced, is an int".
That's why the dereference operator is used for declaring pointers:

int *p;

Hence your analogy to declaring both a double and and int in the same
statement is not applicable. In:

int a, *p;

both 'a' and '*p' are integers.

Tassilo

 

[Bart Lateur]

Hence your analogy to declaring both a double and and int in the same
statement is not applicable. In:

int a, *p;

both 'a' and '*p' are integers.

But it doesn't declare *p, it declares p. That's what it's for. *p does
actually even exist yet, as p is NULL.

 

[Alfred Z. Newmane]

How about:

int* a, b;

[now getting hopelessly OT]

I got in the habit of writing "type *v" rather than "type* v",
reading it as "the thing v points to is this type" (which, IIRC, is
actually how K&R explained it).

I agree, and that's the style I use as well. However, my remark was
related to the following:

# #
#>>> #>>>
#>>>> my $ErrMsg,$ErrNo=0, $ID ;
#>>>> my $PassWord,$fName,$lName;
#
# I believe thats an error that cna come from spending a long time
# with langs like C or C++, wher you can start with the typename
# and have a comma delimited list of variables taking that type:

I was trying to point out that similar errors can be made in C as
well.

True.

(And I'm also sorry to add to the topicular-steller drift here, but...)

For the record, I use that style when declaring pointers as well:

type *var;

The only time I put the * next to the type-name is for function return
types:

type* somefunc() { }

As there is no var in this case. I talways made sense to me, as you are
/returning/ a pointer-to-type.

Other than that I keep the * by the var-name, when there /is/ a var-name


...........

So what are some of your prefs on function return types that are
pointers? * is beside the type-name or the
function-name/calling-convention (the next token after the return type)
?

 

[Alfred Z. Newmane]

You've gotten used to it, then.

The you can declare both a pointer and an integer in the same combined
line is, IMHO, a major design flaw in C. Delaring an integer and a
pointer to an integer are two totally dissimilar tasks. Less similar
than declaring a double and an integer, and you can't combine those
two declarations.

I disagree it's a disgn flaw.

int *p /points/ to an int, it's root type is still int, so why does it
not make sense to have a one liner like:

int n, *p;

?

What this is really saying is: I want n to be an int, and I want p to be
a pointer to an int, both of which can give an int.

An "pointer" is not a type, but more of a modifier, that affects how you
retrieve the type (making you dereference it), but it's type is still
"type" (int in this case.)

The main diference is where the value of "type" is being stored. Instead
of in the pantry (stack), it's in the warehouse (heap.) But the item
being stored is the same (type of) item.

Going with the anology, a can of beans is the same can weather you put
it in your pantry or in the warehouse

 

[Alfred Z. Newmane]

Also sprach Bart Lateur:


Strictly speaking, C doesn't say: "Variable p is of type 'pointer to
int'". Instead it says: "Variable p, when dereferenced, is an int".
That's why the dereference operator is used for declaring pointers:

int *p;

Hence your analogy to declaring both a double and and int in the same
statement is not applicable. In:

int a, *p;

both 'a' and '*p' are integers.

Thats exactly what I was getting at. (See my post parallel to this one.)
Though I think your explanation came out better than mine

 

[Alfred Z. Newmane]

But it doesn't declare *p, it declares p. That's what it's for. *p
does actually even exist yet, as p is NULL.

in c and c++ variables that are uninialized usually have a random value,
not NULL or 0 (zero.)

Someone correct me if I'm wrong, but it's the value of an uninialized
variable simply the value that was last i nthe address the new var now
occupies? (I never really thought about it like this before this
thread.)

 

[A. Sinan Unur]

in c and c++ variables that are uninialized usually have a random value,
not NULL or 0 (zero.)

Someone correct me if I'm wrong,

I don't think you are wrong, however, you might want to move this
discussion to comp.lang.c

Sinan

 

[Alfred Z. Newmane]

I don't think you are wrong, however, you might want to move this
discussion to comp.lang.c

Thats probably a good idea.

Also, please be careful with your quoting, you cut off my sentance, thus
throwing off the context a little:

From: "Alfred Z. Newmane" <[email protected]>
Newsgroups: comp.lang.perl.misc
Subject: Re: [OT] Re: "use CGI " hangs "CGI time out "
Date: Thu, 23 Jun 2005 10:21:06 -0700
Message-ID: <[email protected]>

But it doesn't declare *p, it declares p. That's what it's for. *p
does actually even exist yet, as p is NULL.

in c and c++ variables that are uninialized usually have a random value,
not NULL or 0 (zero.)

Someone correct me if I'm wrong, but it's the value of an uninialized
variable simply the value that was last i nthe address the new var now
occupies? (I never really thought about it like this before this
thread.)

 

[A. Sinan Unur]

Thats probably a good idea.

Also, please be careful with your quoting, you cut off my sentance,
thus throwing off the context a little:

My comments were not related to your theorizing regarding the value of
an uninitialized variable. I have been trying to point out that this
topic is not appropriate for c.l.p.misc for a while now.

I am so sorry that my attempt at correcting your bogus explanation of
why the OP my the mistake of declaring variables as in

my $x, $y, $z;

has led to this to the materialization of this thread.

Please, if you want to discuss C, comp.lang.c is the place. There was no
reason to bring C into this thread (which you originally did, and which
is why I marked my response to you OT).

I have lost patience.

*PLONK*

Sinan

 

[Eric Sosman]

Correct.

Well, partly correct. An uninitialized variable of
`auto' or `register' storage class "contains garbage" --
formally, its value is indeterminate.

Things are different, though, for variables declared
at file scope (outside any function) or for function-local
variables declared `static'. If no initializer is present,
these variables are initialized to zero or NULL before
the program starts executing. At file scope,

int i;
double d;
char *p;

is equivalent to

int i = 0;
double d = 0.0;
char *p = 0; /* NULL */

 

[Alfred Z. Newmane]

My comments were not related to your theorizing regarding the value of
an uninitialized variable. I have been trying to point out that this
topic is not appropriate for c.l.p.misc for a while now.

I am so sorry that my attempt at correcting your bogus explanation of
why the OP my the mistake of declaring variables as in

my $x, $y, $z;

has led to this to the materialization of this thread.

Please, if you want to discuss C, comp.lang.c is the place. There was
no reason to bring C into this thread (which you originally did, and
which is why I marked my response to you OT).

I originally mentioned C/C++ as an example of where the OP's thinking
may have come from. It branched off from there. I did not know it was
such a heinous crime. I'm sorry, but there is nothing wrong with side
discussions, it's something that happens sometimes UseNet and even real
life conversations.

Why you need to act like you're being forced into this thread is beyond
me, as the user of a news reader can pick what they want to read, and
pass on the ones they don't like. Try it sometime.

I have lost patience.

Why are you replying then?

*PLONK*

And you really think anyone else with a brain and a life gives a
flipping damn?

Why are you even replying then if you don't care about it? Is it that
hard for you to just go on to other threads instead of acting like this
thread should be ignored by everyone just because /YOU/ deem it
unworthy? If so, it seems others disagree with you as there appeared to
be a good wholesome conversation going on here, involving others besides
myself.

A lot of people here have been programming for quite a while, and it's a
no-brainier that plenty of Perl programmers started in C and/or C++. The
reason I added comp.lang.c to the ng list was that I wanted to move the
discussion to the c group, but not leave out the folks in c.l.p.m who
were following it out in the cold, which to me would seem like a rude
thing to do.