CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Beginner:
ENV varible passing

 



ypwong
Deleted

Jan 13, 2000, 2:44 AM

Post #1 of 5 (1259 views)
ENV varible passing Can't Post

I have seen that some script uses hidden env variable passing.
[ex]
after you login the address bar on top reads: www.fool.com/run.pl?passwd
where my real password is hidden and not shown, I was wondering how do you do that. only the varible name passwd is shown. I have try to look up tutorial on web but they don't help much. if it is possible could you write a simple working script for me that just do that.


Borderline
Deleted

Jan 13, 2000, 5:14 AM

Post #2 of 5 (1259 views)
Re: ENV varible passing [In reply to] Can't Post

Hi

There are only 3 ways I know of to keep the password hidden.
1) You would use method post and hidden tags.
2) You use Cookies and method post.
3) You use .htaccess.
In my opinion doing it with cookies are the best way....
Here is a Cookie Password example
<BLOCKQUOTE><font size="1" face="Arial,Helvetica,sans serif">code:</font><HR>


#!/usr/bin/perl -w

my $login = 'mylogin';
my $pass = 'mypass';

use strict;
use vars qw(%h);
use CGI;
my $q = new CGI;

if (not &check_pass) { &login; exit; }

print $q->header(%h);

# Rest of your script here
print 'You made it';

sub check_pass {
if (($q->param('login') and $q->param('password')) and
$q->param('login') eq $login and
$q->param('password') eq $pass)
{
my $c1 = $q->cookie(-name=>'login',
-value=>$login);
my $c2 = $q->cookie(-name=>'password',
-value=>$pass);
%h = (-cookie=>[$c1,$c2]);
return 1;
}
elsif ($q->cookie('login') eq $login and
$q->cookie('password') eq $pass)
{
return 1;
}
else {
return 0;
}
}

sub login {
print $q->header;

print <<END_OF_HTML;
<HTML>
<HEAD><TITLE>Login</TITLE></HEAD>
<BODY bgcolor=#FFFFFF>
<FORM method=post>
Login: <INPUT type=text name=login><BR>
Password: <INPUT type=password name=password><BR>
<INPUT type=submit value=Login>
</FORM>
</BODY></HTML>
END_OF_HTML
}</pre><HR></BLOCKQUOTE>

Hope this helped
Scott

[This message has been edited by Borderline (edited 01-13-2000).]


brian.hayes
User

Jan 14, 2000, 4:26 AM

Post #3 of 5 (1259 views)
Re: ENV varible passing [In reply to] Can't Post

Some one correct me if I'm wrong, but if you notice that the Web page is using POST method. Post method will not show anything in the Browser window. Thus keeping all variables out of site. WHen you use GET method in a form you get something like "/login.pl?name=foo&pass=password". POST method will display "/login.pl" thats it.


By using CGI.pm like in the code above you do not need to use GET method in your web page, but you could.

Or, you could if you want make the form method POST and the action of the form "/login.pl?login".
<FORM METHOD="POST" ACTION="/login.pl?login">


Then in your script you could add

if (!defined $p->param('login')){
code here.....
} elsif (defined $p->param('login')){
code here.......
} else {
code here.......
}


Good luck.

Brian Hayes


ypwong
Deleted

Jan 14, 2000, 10:51 AM

Post #4 of 5 (1259 views)
Re: ENV varible passing [In reply to] Can't Post

Thank you so much...
Sorry I have to ask you a question like this.
but how do I get this script runing....

what do I put after the
mydomain.com/run.pl ?????
in order to get it work??

Thank YOu so much you have been a lot of help.


japhy
Enthusiast

Jan 14, 2000, 9:11 PM

Post #5 of 5 (1259 views)
Re: ENV varible passing [In reply to] Can't Post

When using CGI.pm, if there is data in the query string (prog.cgi?...) in the form tag's action attribute, but the form's method is "post", then only the form fields can be accessed via param(). The data in the URL after the ? can be accessed via url_param().

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives