
FishMonger
Veteran
/ Moderator
Apr 1, 2011, 9:29 AM
Post #8 of 15
(28512 views)
|
Re: [hwnd] Is there a better way to write this to check login information?
[In reply to]
|
Can't Post
|
|
This is a rough example. In actual production code I'd have more checks and balances.
#!/usr/bin/perl -T use strict; use warnings FATAL => 'all'; use DBI; use CGI; use CGI::Carp qw( fatalsToBrowser ); my $cgi = CGI->new; print $cgi->header, $cgi->start_html('Site Login'); display_login_form() and exit unless $cgi->param('login'); my $authorized = authenticate($cgi->param('user'), $cgi->param('pass')); if ( $authorized ) { print "good login\n"; } else { print "bad login\n"; } # ***************************************** sub display_login_form { # code that generates the login form } sub authenticate { my $user = shift; my $pass = shift; return 0 unless $user && $pass; my $dbh = DBI->connect("DBI:mysql:hwnd_news:localhost", "hwnd_hwnd", "b71lnk") or die $DBI::errstr; my $sth = $dbh->prepare( "SELECT id, name, pass from news_users WHERE name = ? AND pass = ? LIMIT 1" ); $sth->execute($user, $pass); my ( $id, $name, $pw ) = $sth->fetchrow_array(); $dbh->disconnect; return ($name eq $user and $pw eq $pass) ? 1 : 0; }
(This post was edited by FishMonger on Apr 1, 2011, 9:29 AM)
|