CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Beginner:
[SOLVED] Script that worked with DBD::Pg is not working with DBD::Oracle

 



terrykhatri531
User

Aug 15, 2014, 4:40 AM

Post #1 of 8 (4215 views)
[SOLVED] Script that worked with DBD::Pg is not working with DBD::Oracle Can't Post

Hi,

I have a script that works fine when I use DBD::Pg, but when I tried the same script with DBD::Oracle its throwing the following error:


Code
  
perl login.pl
Status: 500
Content-type: text/html

<h1>Software error:</h1>
<pre>Use of uninitialized value $action in string eq at login.pl line 32.
</pre>
<p>
For help, please send mail to this site's webmaster, giving this error message
and the time and date of the error.

</p>
[Fri Aug 15 16:15:20 2014] login.pl: Use of uninitialized value $action in string eq at login.pl line 32.




Here is the relevant snippet of the code :


Code
  
#!/usr/local/bin/perl
use strict;
use CGI;
use CGI::Carp 'fatalsToBrowser'; #remove for prod
use DBI;
use CGI::Session ( '-ip_match' );
use CGI::Session::ExpireSessions;
use CGI::Cookie;
use warnings FATAL => qw(all);
use DBD::Oracle;

# get form parameters
my $q = new CGI;
my $action = $q->param('go');
my $empid = $q->param('empid');
my $password = $q->param('password');
my $upass = $q->param('upassword');
my $user = $q->param('name');
my $id = $q->param('empid');
my $dbh = dbh();
my $link = "http://192.168.56.105/nwind/cgi-bin";
my $session;


.....

if ( ($action eq "LOGIN") && ($empid =~ /\d+/)) {<<<< This is line # 32
if ($upass eq $password) {
$msg = "Login successful - redirecting !!!";
$session = new CGI::Session();
$session->expire("24h");
$session->param(user => $user);

my $session_cookie = CGI::Cookie->new(-name=>$session->name, -value=>$session->id, -httponly=>1);
my $user_cookie = CGI::Cookie->new(-name=>'user', -value=>$user, -httponly=>0);
my $id_cookie = CGI::Cookie->new(-name=>'id', -value=>$id, -httponly=>0);

print $q->redirect(-uri => "http://192.168.56.105/nwind/cgi-bin/index.pl?go=Details&user=$user&id=$id", -cookie=>[$session_cookie, $user_cookie, $id_cookie]);

} else {
$msg = "Wrong password";

}

} else {
$msg = "Please complete form";
}


Here is the full script :


Code
  
#!/usr/local/bin/perl
use strict;
use CGI;
use CGI::Carp 'fatalsToBrowser'; #remove for prod
use DBI;
use CGI::Session ( '-ip_match' );
use CGI::Session::ExpireSessions;
use CGI::Cookie;
use warnings FATAL => qw(all);
use DBD::Oracle;

# get form parameters
my $q = new CGI;
my $action = $q->param('go');
my $empid = $q->param('empid');
my $password = $q->param('password');
my $upass = $q->param('upassword');
my $user = $q->param('name');
my $id = $q->param('empid');
my $dbh = dbh();
my $link = "http://192.168.56.105/nwind/cgi-bin";
my $session;

# Implement log out first
$session = CGI::Session->load() or die CGI::Session->errstr;
$session->delete();
CGI::Session::ExpireSessions -> new(verbose => 1) -> expire_sessions();

my $msg;
# change validation to suit
if ( ($action eq "LOGIN") && ($empid =~ /\d+/)) {
if ($upass eq $password) {
$msg = "Login successful - redirecting !!!";
$session = new CGI::Session();
$session->expire("24h");
$session->param(user => $user);

my $session_cookie = CGI::Cookie->new(-name=>$session->name, -value=>$session->id, -httponly=>1);
my $user_cookie = CGI::Cookie->new(-name=>'user', -value=>$user, -httponly=>0);
my $id_cookie = CGI::Cookie->new(-name=>'id', -value=>$id, -httponly=>0);

print $q->redirect(-uri => "http://192.168.56.105/nwind/cgi-bin/index.pl?go=Details&user=$user&id=$id", -cookie=>[$session_cookie, $user_cookie, $id_cookie]);

} else {
$msg = "Wrong password";

}

} else {
$msg = "Please complete form";

}

# get employees
my $sql = qq!SELECT EMPLOYEEID AS empid,
FIRSTNAME || ' ' ||LASTNAME AS name
FROM employees ORDER BY 1 !;
my $ar = $dbh->selectall_arrayref($sql);

# Make up a pulldown menu
my $options = qq!<option value="">Select name</option>!;
for my $row (@$ar) {
$options .= qq!<option value="$row->[0]">$row->[1]</option>\n!;
}

# build html page
my $style = q!
body { background-color: #C0C0C0; color: #404040; }
.container { width: 500px; clear: both; }
.container input { width: 100%; clear: both;}
!;

# Send out the header and form
print $q->header;
print $q->start_html(-title=>'Login',
-style=>{ -code=>$style } );
print qq!<script type="text/javascript" src="$link/js/jquery-1.8.1.min.js"></script>

<script type="text/javascript" src="$link/js/jquery.cookie.js"></script>
<link type="text/css" rel="stylesheet" href="$link/css/button_styles.css" />
<link type="text/css" rel="stylesheet" href="$link/dc_css/dreamcodes.css" />
<script type="text/javascript" src="$link/dc_scripts/dreamcodes.js"></script>
<link type="text/css" rel="stylesheet" href="$link/dc_css/dreamtooltips.css" />
<script type="text/javascript" src="$link/dc_scripts/dreamtooltips.js"></script>
<div class="dtcodes_main">
<script type="text/javascript" src="$link/dc_scripts/dreammenu2.js"></script>
<noscript>
</noscript>
<br />
<div class="fr"><span class="ico-browserall16 taccess_browser-all16" title="Works in: Firefox, Internet Explorer, Chrome, Safari, Opera"></span></div>

<h1>Please log in</h1>!;

# Fetch the data
if ( $action eq "FETCH" ) {
print qq!<h3>Please type in your password </h3>!;
my $sql = qq!SELECT EMPLOYEEID, FIRSTNAME || ' ' ||LASTNAME AS name, PASSWORD
FROM employees
WHERE EMPLOYEEID = ?!;
my $hr = $dbh->selectrow_hashref($sql,undef,$empid);

print qq!<div class="container">
<form action="" method="post">
<input type="hidden" name="empid" value="$empid"/>
<input type="hidden" name="password" value="$hr->{'PASSWORD'}"/>
Name :<input name="name" value="$hr->{'NAME'}" readonly/><br>
<IMG SRC="tmp/$empid.jpg" WIDTH ="200" HEIGHT="300" ALIGN="Right" BORDER ="10" BORDERCOLOR="#333"/><br>
please type in your password :<input type="password" name="upassword" autocomplete="off"><br>
<input type="submit" class="tsc_c3b_large tsc_button tsc_c3b_grey tsc_c3b_input" name="go" value="LOGIN" />
</form>!;
} else {

print qq!<div class="container">
<form method="post" action="">
Select your name : <select name="empid"> $options </select><br/>
<input type="submit" class="tsc_c3b_large tsc_button tsc_c3b_grey tsc_c3b_input" name="go" value="FETCH" />
</form></div><hr/>!;

# Standard links to the rest of the application
print <<"FOOTER";
<b>$msg</b>

<hr/>
Edited by Terry on August, 10 2014.
FOOTER
}
print $q->end_html;

# connect to database
sub dbh {
my $dsn = 'dbi:Oracle:host=localhost;sid=orcl';
my $ORACLE_HOME = "/u01/app/oracle/product/12.1.0/db_1";
$ENV{ORACLE_HOME}=$ORACLE_HOME;
my $user = 'nwind';
my $pwd = 'nwind';
my $dbh = DBI -> connect($dsn,$user,$pwd,$ENV{'RaiseError' => 1});
return $dbh;
}




Many thanks !!

Terry


(This post was edited by terrykhatri531 on Aug 19, 2014, 1:58 PM)


FishMonger
Veteran / Moderator

Aug 15, 2014, 6:47 AM

Post #2 of 8 (4205 views)
Re: [terrykhatri531] Script that worked with DBD::Pg is not working with DBD::Oracle [In reply to] Can't Post

Based on how you've coded it, I would very much expect that warning/error.

When the page is initially loaded, the user has not yet had the opportunity to fill out and submit the form, so obviously $action will be undef. Solution is to test if this is the initial loading or is it a form submission (i.e., method eq POST).

Your code formatting, especially the html is very messy. When I used perltidy to clean it up, I received the following errors.

Code
 
79: print qq!<script type="text/javascript" src="$link/js/jquery.coo ...
----------------- ^
found bareword where operator expected (previous token underlined)

80: <link type="text/css" rel="stylesheet" href="$link/css/button_st ...
---------- ^
found bareword where operator expected (previous token underlined)

80: <link type="text/css" rel="stylesheet" href="$link/css/button_st ...
------------ ^
found bareword where operator expected (previous token underlined)

80: ... href="$link/css/button_styles.css" />
-^
found > where term expected (previous token underlined)

82: <script type="text/javascript" src="$link/dc_scripts/dreamcodes. ...
----------------- ^
found bareword where operator expected (previous token underlined)

83: <link type="text/css" rel="stylesheet" href="$link/dc_css/dreamt ...
---------- ^
found bareword where operator expected (previous token underlined)

There is no previous '?' to match a ':' on line 90
90: ... ccess_browser-all16" title="Works in: Firefox, Internet Explorer ...
^

Missing ';' above?

There is no previous '?' to match a ':' on line 108
108: please type in your password :<input type="password" name="upass ...
^
115:
Partial match to quote modifier [msixpodualgc] at word: 'select'
Please put a space between quote modifiers and trailing keywords.

There is no previous '{' to match a '}' on line 126
126: }
^
126: Starting negative indentation
130: resetting level to 0 at sub dbh
138: To save a full .LOG file rerun with -g



(This post was edited by FishMonger on Aug 15, 2014, 6:49 AM)


terrykhatri531
User

Aug 15, 2014, 7:00 AM

Post #3 of 8 (4201 views)
Re: [FishMonger] Script that worked with DBD::Pg is not working with DBD::Oracle [In reply to] Can't Post


In Reply To

When the page is initially loaded, the user has not yet had the opportunity to fill out and submit the form, so obviously $action will be undef. Solution is to test if this is the initial loading or is it a form submission (i.e., method eq POST). Yes, <form method="post" action=""> is the initial loading and as I said it works fine when I change the connection to postgresql database, but with oracle database its throwing this error, I wonder why its not getting to the initial loading !!. Many thanks !!Terry


(This post was edited by terrykhatri531 on Aug 15, 2014, 7:07 AM)


FishMonger
Veteran / Moderator

Aug 15, 2014, 7:22 AM

Post #4 of 8 (4196 views)
Re: [terrykhatri531] Script that worked with DBD::Pg is not working with DBD::Oracle [In reply to] Can't Post

If it works when connecting to postgresql, then you must have changed other things in addition to that connection change.

The error you're receiving is prior to the db connection and has nothing to do with any db connection.
Hmm, I missed the db connection call in the var initializations. However, since it's not failing at that point, that connection code is not what's causing the error you've posted in this thread.

Turn off the promoting of the warnings to fatal errors and see if that helps.
i.e., change:

Code
use warnings FATAL => qw(all);

to:

Code
use warnings;



(This post was edited by FishMonger on Aug 15, 2014, 7:27 AM)


terrykhatri531
User

Aug 15, 2014, 7:45 AM

Post #5 of 8 (4189 views)
Re: [FishMonger] Script that worked with DBD::Pg is not working with DBD::Oracle [In reply to] Can't Post

Wow !! You got it buddy !!
It works now.
Thank you very very much !!
Rgds.
Terry


FishMonger
Veteran / Moderator

Aug 15, 2014, 7:55 AM

Post #6 of 8 (4185 views)
Re: [terrykhatri531] Script that worked with DBD::Pg is not working with DBD::Oracle [In reply to] Can't Post

You should be aware that doing that just masks the underlying problem i.e., ignores the bug in your code.


Zhris
Enthusiast

Aug 15, 2014, 9:11 PM

Post #7 of 8 (4165 views)
Re: [terrykhatri531] Script that worked with DBD::Pg is not working with DBD::Oracle [In reply to] Can't Post

In one of your original threads, you had a similar issue. It was resolved by ensuring $action was given a default value i.e. my $action = $q->param('go') || 'FETCH';. Fishmonger has already discussed this issue with you in detail. I wanted to raise a major insecurity with your script. On login, you test to see if the user supplied password matches against the password in the database. The problem is you pass the password in the database in a hidden field, which isn't really hidden at all. All your user has to do is view the html source code of the login page, and copy the value of this "hidden" field. You should instead use the employee id to re-fetch the password from the database on submit.

Chris


terrykhatri531
User

Aug 18, 2014, 12:08 PM

Post #8 of 8 (4083 views)
Re: [Zhris] Script that worked with DBD::Pg is not working with DBD::Oracle [In reply to] Can't Post


In Reply To
I wanted to raise a major insecurity with your script. On login
Thanks Chris !! I will take care of it. Terry


 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives