#!/usr/bin/perl ###################################################################### # logintest.cgi - (C) 2012 James Nonnemaker - james (AT) nonnemaker.us # # This program is merely to demonstrate my perl coding skills/style. # It actually does function, it is designed to simulate a login form # submission. This takes a username and password from an HTML form, # checks it against details stored in a database, and allows the user # to pass or not, depending on whether or not they've been verified. # # While this program does work, it's simply for demonstration purposes. # It may be unstable and/or buggy. If you require an actual program # similar to this one, please feel free to contac me. ####################################################################### print "Content-type: text/html\n\n"; $dbhost = "localhost"; $dbuser = "database"; $dbpass = "p@55w0rd"; $dbdb = "testdb"; use DBI; $dbhlocal = DBI->connect("DBI:mysql:$dbdb;host=$dbhost", "$dbuser", "$dbpass", { PrintError => 0 } ) || print "SQL Error $DBI::errstr"; read (STDIN, $input, $ENV{'CONTENT_LENGTH'}); @pairs = split(/&/, $input); foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair); $name =~ tr/+/ /; $name =~ s/\^/+/g; $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $value =~ tr/+/ /; $value =~ s/\^/+/g; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $value =~ tr/\|/+/d; $value =~ s/\.\.//g; $FORM{$name} = $value; } $username = $FORM{'username'}; $password = $FORM{'password'}; if ((!$username) or (!$password)) { print "Error! Username AND Password are both required."; exit; } $sql = "SELECT * FROM userdata where (username = '$username')"; $sth = $dbhlocal->prepare($sql); $sth->execute; $dbuserinfo = $sth->fetchrow_hashref; if (($dbuserinfo->{'username'} eq $username) and ($dbuserinfo->{'userpass'} eq $password)) { $realname = $dbuserinfo->{'realname'}; print "Welcome $realname, you've been logged in!"; } else { print "Invalid username and/or password. Please try again."; }