CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Beginner:
Cookies

 



perlkid
stranger

Mar 9, 2000, 3:04 AM

Post #1 of 4 (742 views)
Cookies Can't Post

 
Hi guys.

I need to set a cookie containing a user name and password from the last time that someone logged in to an administration panel. Then I need to read it and the next time they visit their user name and password will already be in the form. But if they typed in the wrong password or user name they can do it again and it will over write the other cookie.

Thanks

perlkid


RayStreet
Deleted

Mar 14, 2000, 3:17 PM

Post #2 of 4 (742 views)
Re: Cookies [In reply to] Can't Post

Be careful about storing the passwords and just reusing them - somebody other than the actual user could just go into the admin panel and start doing things - a big security issue.

If you are going to store a password in a cookie then don't store the actual password - store the password in an format because if somebody looks at the cookie and can see the actual password then it's a good bet that the user uses the same password for everything so you've opened up a huge security breach.

I personally don't have a problem with forcing the user to enter a password - saving a previous password is maybe OK if you're on a home PC but a business machine is different.

Anyway, that's your decision so this is roughly what you need to do to set up the password cookie.

$value = "junk=$username@$password;
$name = "passcookie";
print "Set-Cookie: ";
print ($name, "=", $value, "\n");

The cookie is stored with the username and password separated with an @ symbol.

Then to get the password cookie back something like this.

$hascookie = 0;

if ($hascookie = defined($ENV{'HTTP_COOKIE'})) {
$hascookie = 0;
@allcookies = split (/; /,$ENV{'HTTP_COOKIE'});
foreach $allcookie (@allcookies) {
($name,$junk,$details) = split (/=/,$allcookie);
if ($name eq "passcookie") {
$hascookie = 1;
last;
}
}
}

The above processing handles the case where you may have multiple cookies running around.

$hascookie is set if the cookie was found and the data is in the $details variable - just split it on the @ symbol.

Hope this makes some kind of sense.




RayStreet
Deleted

Mar 14, 2000, 3:19 PM

Post #3 of 4 (742 views)
Re: Cookies [In reply to] Can't Post

Oops - my typing is getting worse.

I meant to say you should store your password in an encrypted format, not just a format. There are a few encryption/scrambling progs out there for you to grab.


perlkid
stranger

Mar 16, 2000, 11:00 PM

Post #4 of 4 (742 views)
Re: Cookies [In reply to] Can't Post

 
Hey, thanks a lot,

I'll try that out tonight. Sorry for the delay though. I've been sooo busy.

perlkid

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives