By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,661 Members | 1,330 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,661 IT Pros & Developers. It's quick & easy.

cgi script with password_field parameter

P: 4
Hi,

I have this cgi script which is a simple authentication web page, it check the value of the password_field and if correct call the subroutine alfa.

I don't know why it stops with an error when I click on "insert new stream"

I tried to call the subroutine without the authentication part and it works.
Expand|Select|Wrap|Line Numbers
  1. #!/usr/bin/perl -Tw
  2. use CGI;
  3. $query = new CGI;
  4. print $query->header;
  5. print $query->start_html();
  6. if (!$query->param) {
  7.         print $query->startform;
  8.         print $query->password_field(-name=>'the_password',
  9.                 -size=>35,
  10.                 -maxlength=>50);
  11.         print $query->br;
  12.         print $query->submit(-value=>'Submit your password');
  13.         print $query->endform;
  14. } else {
  15.         $yourPassword = $query->param('the_password');
  16. if ($yourPassword eq '123') { alfa ();} {print 'error';}
  17.  
  18. }
  19.  
  20. print $query->end_html;
  21.  
  22.  
  23.  
  24. sub alfa () {
  25. use strict;
  26. use CGI::Carp qw(fatalsToBrowser);
  27. use CGI qw(:standard);
  28. use DBI;
  29. my $mode = param('mode');
  30. my $url = url;
  31. print header,
  32. start_html;
  33.  
  34. print h2('insert values'),
  35.      start_form(),
  36. textfield('DETAILS'),  'detail bor bla bla..' . br,
  37. textfield('TARGET_DATABASE') . br ,
  38. textfield('TARGET_HOST'). br,
  39. textfield('TARGET_IP') . br,
  40. textfield('TARGET_ACCOUNT') . br,
  41. textfield('SOURCE_DATABASE') . br,
  42. textfield('SOURCE_HOST'). br,
  43. textfield('SOUCE_IP') . br,
  44. textfield('SOURCE_ACCOUNT') . br,
  45. textfield('STREAM_NAME') . br,
  46. textfield('ID') . br,
  47. submit('insert new stream'),
  48.      end_form;
  49.  
  50. if($mode eq 'process_form')
  51.    {
  52. my $dbh = DBI->connect('DBI:Oracle:(DESCRIPTION = (ADDRESS_LIST =(ADDRESS = (PROTOCOL = TCP)(HOST = xx.xx.xx.xx)(PORT = xxxx)))(CONNECT_DATA =(SERVICE_
  53. NAME = xxxxxxx)))', 'monitor', 'monitor', {RaiseError=>'1'});
  54. my $sth = $dbh->prepare('insert into s_test (DETAILS, TARGET_DATABASE, TARGET_HOST, TARGET_IP, TARGET_ACCOUNT, SOURCE_DATABASE, SOURCE_HOST, SOUCE_IP, S
  55. OURCE_ACCOUNT,STREAM_NAME, ID)  values (? , ? , ?, ?, ?, ?, ?, ?, ?, ?, ?)');
  56.      $sth->execute(param('DETAILS'), param('TARGET_DATABASE'), param('TARGET_HOST'), param('TARGET_IP'), param('TARGET_ACCOUNT'), param('SOURCE_DATABASE
  57. '), param('SOURCE_HOST'), param('SOUCE_IP'), param('SOURCE_ACCOUNT'),param('STREAM_NAME'), param('ID'));
  58.      $dbh->disconnect;
  59.    }
  60.    print end_html;
  61. }
  62.  
Dec 28 '09 #1
Share this Question
Share on Google+
11 Replies


numberwhun
Expert Mod 2.5K+
P: 3,503
In line 16, shown here:

Expand|Select|Wrap|Line Numbers
  1. if ($yourPassword eq '123') { alfa ();} {print 'error';}
  2.  
I took out the {print 'error';} and it gave a bunch of output. Try removing that and see if that is what you were looking for. Not sure why you had that print statement there, but it overrode the subroutine execution, or so it seems.

Also, any time you post code in the forums, please use code tags.

Regards,

Jeff
Dec 28 '09 #2

Expert Mod 100+
P: 589
Here are some questions for you to think about. As you answer them, your problem and solution should be discovered.

Why are you loading the CGI module twice?

Why are you using CGI's OO interface in the begining but then switch over to the functional interface in the sub?

Why do you have the use statements in the sub and not at the beginning of the script?

Why are you specifying an empty prototype in the subroutine declaration? You should be receiving this warning:
main::alfa() called too early to check prototype at m4x123.pl line 16
Why are you enclosing the print 'error'; statement in it's own block?

Why are you outputting 2 sets of headers?
Dec 28 '09 #3

Expert Mod 100+
P: 589
I have not tested the script but I don't think that print error statement prevented the script from working correctly.

After fixing the formatting of that else block, here is what it looks like.
Expand|Select|Wrap|Line Numbers
  1. else {
  2.     $yourPassword = $query->param('the_password');
  3.  
  4.     if ($yourPassword eq '123') {
  5.         alfa();
  6.     }
  7.  
  8.     { print 'error'; }
  9. }
It's more likely that it's the prototype that's causing the problem.
Dec 28 '09 #4

numberwhun
Expert Mod 2.5K+
P: 3,503
I agree with you that I don't see why that would have effected it, but when I removed the print statement it produced a totally different output.
Dec 28 '09 #5

Expert Mod 100+
P: 589
I just tested the script as written by the OP and the only "error message" I receive is the one that is hard coded into the script and is displayed whenever the user clicks on the 'Submit your password' button.

The script works exactly as I would expect. Meaning that the form in the alfa() sub is displayed, but since there is no form field with the name of 'mode' anywhere in the script, then the corresponding DB code won't be executed.
Dec 29 '09 #6

P: 4
Hi,
First of all thanks to all of you for the help.
I changed the code as follow(see m4x123.txt attached):

1) implemented the Rob's formatting at line 16-21
2) I've updated the script with form field with method=post, hidden name and value='process_form'

I tested the subroutine again removing lines from 1 to 25 and using only "alfa ();" to call it and it works.

when I use all the script I can access the form for inserting the values in the form but after clicking on
the insert button I get the print 'error'; from line 23

from the error.log on the apache server:
[Tue Dec 29 11:46:39 2009] null: Use of uninitialized value in string eq at /u01/appl/ora102/product/http10g/Apache/Apache/cgi-bin/inspwd.pl line 19.

Still cannot figure out why the subroutine doesn't work if I call it from if statement.

should I use a different form ?

regards,
max
Attached Files
File Type: txt m4x123.txt (2.5 KB, 301 views)
Dec 29 '09 #7

Expert Mod 100+
P: 589
What makes you think the subroutine is not working? For me, it works exactly as I'd expect, but clearly it's not what you want. What are your expectations.

One of the first and most important steps in writing and troubleshooting code is the ability to clearly describe step by step what the code needs to do. This is called writing pseudo code. From there you fill in the code details to accomplish each step.

I have a good idea of what you want the script to do, but as written has a number of logic errors, which is why it's not doing what you want.
Dec 29 '09 #8

Expert Mod 100+
P: 589
Line 31 is one logic error example.

How can you retrieve the value of a hidden form field before creating the form in which it is defined?
Dec 29 '09 #9

P: 4
Hi Ron,

I just tried to reuse some code which I've found on internet since I like the flexibility and simplicity of perl/cgi but of course I'm not a perl expert

this for the insert into the database:
http://www.expertwebinstalls.com/cgi...ipulation.html

and http://www.devdaily.com/perl/perl-cg...ield-html-form
for the authentication

btw I don't want necessarily use this code what I'm trying to do is just creating a simple form for inserting a row in my table after authentication through another form. If you could address me I would really appreciate it.

thanks,
Max
Dec 29 '09 #10

Expert Mod 100+
P: 589
Your starting point should be to get a good beginners Perl book, such as Learning Perl http://oreilly.com/catalog/9780596520113

Once you have the basics, then move on to learning CGI and DBI programing with Perl.

I'm not going to rewrite your entire script, but I will give you a big head start by giving you the skeleton code.

Expand|Select|Wrap|Line Numbers
  1. #!/usr/bin/perl -T
  2.  
  3. use strict;
  4. use warnings;
  5. use DBI;
  6. use CGI;
  7. use CGI::Carp qw<fatalsToBrowser>;
  8.  
  9. my $cgi = CGI->new;
  10. my %form = $cgi->Vars;
  11. my %dispatch = (
  12.     login_form   => \&display_login_form,
  13.     authenticate => \&authenticate_user,
  14.     db_form      => \&display_db_form,
  15.     process      => \&insert_db_data,
  16.     error        => \&display_error,
  17. );
  18.  
  19. print $cgi->header, $cgi->start_html;
  20.  
  21. if (exists $dispatch{ $form{action}} ) {
  22.     $dispatch{ $form{action} }->();
  23. }
  24. else {
  25.     $dispatch{ login_form }->();
  26. }
  27.  
  28. exit;
  29.  
  30.  
  31. ### subroutine declarations ###
  32.  
  33. sub display_login_form {
  34.     # output your form
  35. }
  36.  
  37. sub authenticate_user {
  38.     # if successful auth, display the DB form
  39.     # else display error and login form
  40. }
  41.  
  42. sub display_db_form {
  43.     # output your form
  44. }
  45.  
  46. sub insert_db_data {
  47.     # db stuff
  48. }
  49.  
  50. sub display_error {
  51.     # some error message
  52. }
Dec 30 '09 #11

P: 4
Hi Ron,
I was thinking to download/buy some book but I didn't know which one would have worked better thks!!!
I've found now a code that works but I'll try to put it as your skeleton code.
Really appreciated your help and your valuable suggestions, thanks a LOT!!

Expand|Select|Wrap|Line Numbers
  1.      1  #!/usr/bin/perl -w
  2.      2  use strict;
  3.      3  use CGI qw(:standard);
  4.      4  use DBI;
  5.      5  my $dbh = DBI->connect('DBI:Oracle:(DESCRIPTION = (ADDRESS_LIST =(ADDRESS = (PROTOCOL = TCP)(HOST = xxxxxx)(PORT = xxxx)))
  6.      6  (CONNECT_DATA =(SERVICE_NAME = xxxxx)))', 'xxxx', 'xxxx', {RaiseError=>'1'});
  7.      7  my $mode = param('mode');
  8.      8  my $url = url;
  9.      9  print header,
  10.     10  start_html;
  11.     11  print h2({-align=>'center'}, 'Please insert the admin password to access this page'),
  12.     12   start_form(-action=>$url,
  13.     13                  -method=>'post'),
  14.     14       hidden(-name=>'mode',
  15.     15              -override=>2),
  16.     16  password_field ('password') . br ,
  17.     17  submit('check password'),
  18.     18       end_form,
  19.     19  ,br,hr,"\n";
  20.     20
  21.     21  if (param('password') eq 'a')
  22.     22     {
  23.     23  print h2('insert values'),
  24.     24       start_form(-action=>$url,
  25.     25                  -method=>'post'),
  26.     26       hidden(-name=>'mode',
  27.     27              -value=>'process_form',
  28.     28              -override=>2),
  29.     29  textfield('DETAILS'),  'detail bor bla bla..' . br,
  30.     30  textfield('TARGET_DATABASE') . br ,
  31.     31  textfield('TARGET_HOST'). br,
  32.     32  textfield('TARGET_IP') . br,
  33.     33  textfield('TARGET_ACCOUNT') . br,
  34.     34  textfield('SOURCE_DATABASE') . br,
  35.     35  textfield('SOURCE_HOST'). br,
  36.     36  textfield('SOUCE_IP') . br,
  37.     37  textfield('SOURCE_ACCOUNT') . br,
  38.     38  textfield('STREAM_NAME') . br,
  39.     39  textfield('ID') . br,
  40.     40  submit('insert new stream'),
  41.     41       end_form;
  42.     42     }
  43.     43  elsif ($mode eq 'process_form')
  44.     44     {
  45.     45  my $sth = $dbh->prepare('insert into s_test (DETAILS, TARGET_DATABASE, TARGET_HOST, TARGET_IP, TARGET_ACCOUNT, SOURCE_DATABASE,
  46.     46  SOURCE_HOST, SOUCE_IP, SOURCE_ACCOUNT,STREAM_NAME, ID)  values (? , ? , ?, ?, ?, ?, ?, ?, ?, ?, ?)');
  47.     47  $sth->execute(param('DETAILS'), param('TARGET_DATABASE'), param('TARGET_HOST'), param('TARGET_IP'), param('TARGET_ACCOUNT'),
  48.     48  param('SOURCE_DATABASE'), param('SOURCE_HOST'), param('SOUCE_IP'), param('SOURCE_ACCOUNT'),param('STREAM_NAME'), param('ID'));
  49.     49       print redirect($url . '?mode=read_submitted_names');
  50.     50       $dbh->disconnect;
  51.     51     }
  52.     52  elsif($mode eq 'read_submitted_names')
  53.     53     {
  54.     54       my $sth = $dbh->prepare('select *  from s_test');
  55.     55       $sth->execute;
  56.     56       while(my $row_href = $sth->fetchrow_hashref)
  57.     57       {
  58.     58         print $row_href->{ID};
  59.     59         print $row_href->{TARGET_DATABASE};
  60.     60         print $row_href->{TARGET_HOST};
  61.     61         print $row_href->{TARGET_IP};
  62.     62         print $row_href->{TARGET_ACCOUNT};
  63.     63         print $row_href->{SOURCE_DATABASE};
  64.     64         print $row_href->{SOURCE_HOST};
  65.     65         print $row_href->{SOUCE_IP};
  66.     66         print $row_href->{SOURCE_ACCOUNT};
  67.     67         print $row_href->{STRERAM_NAME};
  68.     68         print $row_href->{DETAILS};
  69.     69       }
  70.     70         $dbh->disconnect;
  71.     71     }
  72.     72     print end_html;
Dec 30 '09 #12

Post your reply

Sign in to post your reply or Sign up for a free account.