Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Perl > Perl Misc > Cookie not working for CGI logon script

Reply
Thread Tools

Cookie not working for CGI logon script

 
 
richardkreidl@northwesternmutual.com
Guest
Posts: n/a
 
      03-19-2006
I have the following two cgi scripts below, one is for logging into the
website as an admin.

The problem I'm having is that umzadmin.cgi script makes me login twice
before I can use the website. I think my cookie setuup is wrong.
Could you please review the scripts and see where I'm going wrong??

umzadmin.cgi script
#!/opt/perl/bin/perl

use CGI qw/:standard/;

my $filepath="/home/kre1973/umzadmin.txt";
my %userNames;
open (FILE, "$filepath") or die("Can't find file: $!");
while (<FILE>){
my @userarray = split /\:/,$_;
chomp $userarray[1];
$userNames{$userarray[0]} = $userarray[1];
}
close FILE;
if (!param()){
&loginScreen();
}#end if
else{
my $remote = param('username');
my $remote_pw = param('password');
my $count = 0;
foreach $key (keys %userNames){
my $value = $userNames{$key};
if ($key ne $remote) {next;}
elsif ($value ne $remote_pw){
&loginScreen("Password Incorrect<BR>");
} #end elsif
else {
my $cookie = cookie( -name => "COCS_TODO",
-value => "granted",
-expires => "+30m");
print << "EOF";
Set-Cookie: $cookie
Location: http://ihot1.nml.com./cgi-bin/dailyops/bin/umzinput.cgi
EOF

print "Location: /cgi-bin/dailyops/bin/umzinput.cgi\n\n";
} #end else
}#end foreach
&loginScreen("User name not found<BR>");
} #end else

sub loginScreen {
my $error;
if (!$_[0]) {$error = " "} else {$error = $_[0]}
print header;
print << "EOF";
<HTML><TITLE>UMZ Admin Login</TITLE>
<BODY>
<CENTER>
<H1>Login Screen</H1><BR>
$error
<FORM METHOD=post ACTION="/cgi-bin/dailyops/bin/umzadmin.cgi">
<INPUT NAME="username"><BR>
<INPUT TYPE=PASSWORD NAME="password"><BR>
<INPUT TYPE=submit value="Login"><INPUT TYPE=RESET>
</FORM>
</CENTER>
</BODY>
</HTML>
EOF
exit;
}




umzinput.cgi script

#!/opt/perl/bin/perl

use strict;
use CGI qw/:standard/;
use CGI::Carp qw(fatalsToBrowser);
use lib '/home/kre1973'; #path to home grown Modules.
use EDPM::WebLib; #NML Standard header module
my $scriptPath = "/cgi-bin/dailyops/bin/umzinput.cgi"; #path to
cgi-script.
my $mainTable = "/nmlprod/dailyops/rpts/tmp/umzinput.csv"; #name of
master table list
if (!param()){
&Startup(); #No params were passed, go to index page.
}#endif
elsif (param()){
&Main(); #Params were passed, start your engines.
}#end elsif
else {
error("Neither param or !param was sent, WTF: $!");
}#end else

################################################## ################################################
sub Startup {
SortForm();
}#end &Startup
################################################## ################################################
sub Main {
SWITCH: {

&SortForm(param('Sort')), last SWITCH if param('Sort');
&AddTaskForm(), last SWITCH if param('Add_Task');
&DeleteTask(), last SWITCH if param('DeleteTask');
&AddTaskSubmit(), last SWITCH if param('AddTaskSubmit');
&EditTaskSubmit(), last SWITCH if param('EditTaskSubmit');
&EditTodo(param('UMZ_ID')), last SWITCH if param('UMZ_ID');

}#end SWITCH
exit;
}#end &Main
################################################## ################################################
sub SpecificSort {
my $todoListCookie;
if (!param('Sort')) {$todoListCookie = cookie ( "CO_TODO_COOKIE")}
else {$todoListCookie = param('Sort');}
my $compNum;
if (!defined $todoListCookie){$compNum = 1}
elsif ($todoListCookie eq "UMZ_ID"){$compNum = 0}
elsif ($todoListCookie eq "Server_Name"){$compNum = 1}
elsif ($todoListCookie eq "UMZTYPE"){$compNum = 6}

my @first = split( '\^', $a );
my @second = split( '\^', $b );

my $compare = ( $first[$compNum] cmp $second[$compNum] ); #
job number
if ( $compare != 0 ) { return ( $compare ); }
$compare = ( $first[1] cmp $second[1] ); # job number
if ( $compare != 0 ) { return ( $compare ); }

}

sub SortForm {
################################################## ################################################
my $sortType = $_[0];
if (defined $sortType){
my $sortCookie = cookie ( -name => "CO_TODO_COOKIE",
-value => "$sortType",
-expires => "+1y");
print header(-cookie => [$sortCookie]);
print $cocsheader;

}
else {
print header;
print $cocsheader;
}

my $i = 0;
my @filerecs;
my $tableNam;
my $tableNum;
my $fieldSep;
my @columnheaders;
my $cookie = cookie( -name => "COCS_TODO" );
my $cookiestatus;
if (!defined($ENV{HTTP_COOKIE})) { $cookiestatus
="NOPE";}else{$cookiestatus = $ENV{HTTP_COOKIE};}
if (!defined $cookie){
print << "EOF";
<center><h1>Pre & Post Checkout Procedures for UMZ/SMZ/IMZ's</h1>
<pre><b><font color=red>Please follow instructions below only during a
normal recycle.
In all other situations please call contacts for
instructions.</b></pre></font></center>
<br>
<h3><u>When doing the Pre-Work for a box on a scheduled or emergency
UMZ, IMZ or SMZ remember to do the following:</u></h3>
<pre>1) Force start the Pre-Work AutoSys jobs that are listed on this
website for the box being worked on.
2) Perform any Pre-MVS (Mainframe) work listed on this website for the
box being worked on. </pre>

<h3><u>After the box is back up you should do the following:</u></h3>
<pre>1) Force start the Post-Work AutoSys jobs that are listed on this
website for the box being worked on.
2) Perform any Post-MVS (Mainframe) work listed on this website for the
box being worked on. </pre>

<font color=black><A HREF="umzadmin.cgi">Admin Login</A></font>

<center><b><font color="red">Last Updated: Feb. 20,
2006</font></center></b>
<script>printFooter("")</script>
<BR>

<BR>
EOF
}
else {
print << "EOF";
<A HREF="umzinput.cgi?Add_Task=Y">Add an UMZ</A>
EOF
}
print << "EOF";
<CENTER>
<TABLE BORDER=1 width="100%">
<TD WIDTH="5%"><FONT SIZE =2><B><A HREF="umzinput.cgi?Sort=UMZ_ID">UMZ
ID#</A></B></FONT></TD>
<TD WIDTH="5%"><FONT SIZE =2><B><A
HREF="umzinput.cgi?Sort=Server_Name">Server Name</A></B></FONT></TD>
<TD WIDTH="21%" bgcolor="cyan" align=center><FONT SIZE
=3><B>Pre-MVS</B></FONT></TD>
<TD WIDTH="21%" bgcolor="cyan" align=center><FONT SIZE
=3><B>Pre-C/S</B></FONT></TD>
<TD WIDTH="21%" bgcolor="cyan" align=center><FONT SIZE
=3><B>Post-MVS</B></FONT></TD>
<TD WIDTH="21%" bgcolor="cyan" align=center><FONT SIZE
=3><B>Post-C/S</B></FONT></TD>
<TD WIDTH="5%"><FONT SIZE =2><B><A
HREF="umzinput.cgi?Sort=UMZTYPE">Server Type</A></B></FONT></TD>
</TR>
EOF

open (TABLENAM, "$mainTable") || error("Error: $!");
while (<TABLENAM>){
$filerecs[$i++] = $_;
} #end while (<TABLENAM>)
my @sorted_recs = sort SpecificSort @filerecs;

# write sorted array to standard output
foreach my $line (@sorted_recs) {
my @rows = split(/\^/, $line);
print "<TR>";
if (defined $cookie) {
print << "EOF";
<TD>
<CENTER>
<FONT SIZE=2>
<A HREF="umzinput.cgi?UMZ_ID=$rows[0]">$rows[0]</A>
</FONT>
</CENTER>
</TD>
EOF
}
else {
print << "EOF";
<TD>
<CENTER>
<FONT SIZE=2>
$rows[0]
</FONT>
</CENTER>
</TD>
EOF
}
for (my $i = 1; $i < 7; $i++){
print << "EOF";
<TD bgcolor="lightgrey">
<CENTER>
<FONT SIZE=2><B>
$rows[$i]&nbsp;
</B></FONT>
</CENTER>
</TD>
EOF
}#end for loop
}
print << "EOF";
</TABLE>
</CENTER>
EOF
close TABLENAM;
exit;

}#end &SortForm
################################################## ################################################
sub AddTaskForm {

my $cellcounter;
my $newRow;

open (TABLENAM, "$mainTable") || error("Error: $!");
while (<TABLENAM>){
my @rows = split(/\^/, $_);
$newRow = $rows[0]+1;
} #end while (<TABLENAM>)

print header;
print $cocsheader;
print << "EOF";
<CENTER>
<BR><BR>
<H1>Add an UMZ</H1><BR><BR>
</CENTER>
<FORM METHOD=POST ACTION="umzinput.cgi">
</CENTER>
UMZ ID#: $newRow<INPUT TYPE=HIDDEN NAME="UMZ_ID" VALUE="$newRow"><BR>
Server Name: <INPUT NAME="Server_Name" SIZE=15><BR>
Pre-MVS:<BR>
<TEXTAREA COLS=80 ROWS=5 NAME="PREMVS"></TEXTAREA><BR>
Pre-C/S:<BR>
<TEXTAREA COLS=80 ROWS=5 NAME="PRECS"></TEXTAREA><BR>
Post-MVS:<BR>
<TEXTAREA COLS=80 ROWS=5 NAME="POSTMVS"></TEXTAREA><BR>
Post-C/S:<BR>
<TEXTAREA COLS=80 ROWS=5 NAME="POSTCS"></TEXTAREA><BR>
Server Type: <SELECT NAME=UMZTYPE>
<OPTION>AIX (IBM)
<OPTION>HP
<OPTION>SUN
<OPTION>NT
<OPTION>PROD Sybase
<OPTION>TEST Sybase
<OPTION>STAGE Sybase
</SELECT>
<BR>
<INPUT TYPE=SUBMIT VALUE="Add UMZ" NAME=AddTaskSubmit>
<INPUT TYPE=RESET VALUE="Reset Boxes">
EOF
}# end &AddTask
################################################## ################################################
sub AddTaskSubmit {
my $umz_id = "";
my $server_id = "";
my $pre_mvs = "";
my $pre_cs = "";
my $post_mvs = "";
my $post_cs = "";
my $umztype = "";


if (param('UMZ_ID')){$umz_id = param('UMZ_ID')}
if (param('Server_Name')){$server_id = param('Server_Name')}
if (param('PREMVS')){$pre_mvs = param('PREMVS')}
if (param('PRECS')){$pre_cs = param('PRECS')}
if (param('POSTMVS')){$post_mvs = param('POSTMVS')}
if (param('POSTCS')){$post_cs = param('POSTCS')}
if (param('UMZTYPE')){$umztype = param('UMZTYPE')}

$pre_mvs =~ s/\^M/<BR>/g;
$pre_cs =~ s/\^M/<BR>/g;
$post_mvs =~ s/\^M/<BR>/g;
$post_cs =~ s/\^M/<BR>/g;
$pre_mvs =~ s/\n/<BR>/g;
$pre_cs =~ s/\n/<BR>/g;
$post_mvs =~ s/\n/<BR>/g;
$post_cs =~ s/\n/<BR>/g;


my $insertString =
"$umz_id^$server_id^$pre_mvs^$pre_cs^$post_mvs^$po st_cs^$umztype";
open (INSERTFILE, ">>$mainTable") or die "Couldn't open file
$mainTable: $!";
print INSERTFILE "$insertString\n";
close INSERTFILE;
print "Location:
http://ihot1.nml.com/cgi-bin/dailyops/bin/umzinput.cgi\n\n";
} #AddTaskSubmit


Thanks

 
Reply With Quote
 
 
 
 
Matt Garrish
Guest
Posts: n/a
 
      03-19-2006

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
>I have the following two cgi scripts below, one is for logging into the
> website as an admin.
>
> The problem I'm having is that umzadmin.cgi script makes me login twice
> before I can use the website. I think my cookie setuup is wrong.
> Could you please review the scripts and see where I'm going wrong??
>
> umzadmin.cgi script
> #!/opt/perl/bin/perl
>
> use CGI qw/:standard/;
>
> my $filepath="/home/kre1973/umzadmin.txt";
> my %userNames;
> open (FILE, "$filepath") or die("Can't find file: $!");
> while (<FILE>){
> my @userarray = split /\:/,$_;
> chomp $userarray[1];
> $userNames{$userarray[0]} = $userarray[1];
> }
> close FILE;
> if (!param()){
> &loginScreen();
> }#end if
> else{
> my $remote = param('username');
> my $remote_pw = param('password');
> my $count = 0;



Why are you looping over the userName hash here? You already know what
username the person entered, right?

> foreach $key (keys %userNames){
> my $value = $userNames{$key};
> if ($key ne $remote) {next;}
> elsif ($value ne $remote_pw){
> &loginScreen("Password Incorrect<BR>");
> } #end elsif
> else {
> my $cookie = cookie( -name => "COCS_TODO",
> -value => "granted",
> -expires => "+30m");
> print << "EOF";
> Set-Cookie: $cookie
> Location: http://ihot1.nml.com./cgi-bin/dailyops/bin/umzinput.cgi
> EOF
>
> print "Location: /cgi-bin/dailyops/bin/umzinput.cgi\n\n";
> } #end else
> }#end foreach
> &loginScreen("User name not found<BR>");


I would get rid of that whole block and replace it with:

unless ($userName{$remote} and $userName{$remote} eq $remote_pw) {
loginScreen('Password Incorrect<br />');
}

print redirect(-uri => '
http://ihot1.nml.com./cgi-bin/dailyops/bin/umzinput.cgi', -cookie=>$cookie);


If you're running IIS 5, however, you're likely to run into the problem of
cookies not being set on a redirect, as you're attempting.

http://support.microsoft.com/kb/q176113/

If you need more help, please condense your code down to the smallest
example that demonstrates the problem (i.e., drop all the html generation
and other junk you included).

Matt


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Simple Cookie Script: Not recognising Cookie Jimbo Python 1 04-08-2010 07:34 AM
Is there a way to set a cookie with CGI::Cookie objects, from anrhtml file? Xeno Campanoli Ruby 2 07-09-2008 11:07 PM
what's wrong calling a Perl/CGI script in Perl/CGI script under Tomcat server? kath Perl Misc 4 04-09-2007 09:21 PM
Question Help: Logon vs Account Logon, Local Logon vs Authentication CJH Microsoft Certification 0 01-04-2006 04:03 PM
Problem: XP Home Logon Names Vanish - Cant Logon Graham Computer Support 0 01-24-2004 11:34 AM



Advertisments