Hi guys,

been reading up books abit on Perl but I am still cluessless how to really start.

Assuming I have a MS Access database named Student.mdb

I want them to login w their username and password. while doing so, I have to validate that only alphanumeric is accepted in the field and not including signs and symbols.

I will be glad if someone can help me and includes explanation for me to understand thanks alot!:)

how far along are you? Do you have any code so far?

hi there,

thanks for yr reply.

I think i will try out first.

btw, how do i validate that the txtfield is empty?

i try the coding below but dont think it works. I dunno how to make use of /s to identify blank spaces. Can help me? I read up books but they r so vague in explanation i dont understand.

if($usernameCheck !~ /[A-Z][a-z][0-9]/ || $passwordCheck !~ /[A-Z][a-z][0-9]/){
print 'Please enter your username or password';
}
else{
print 'login successfully'
}

Thanks:)

here is some suedo code...


unless ($username && $password) {
print 'Please enter your username or password';

}
else {
if( userPassMatch($username,$password)){
print 'login successfully';
}
else{
print 'Nice Try';
}

}


Where userPassMatch() is a sub that does the test and returns 1 or 0 depending if the username matches or not.


...
...


to match against a regular expression is done like this...


if ($username =~ m/\w/) { #do stuff; }


this tests to see that $username is a word (a-z)(A-Z)(_).

I don't like this test because what if my password is 'Pir@te!'?

hi silent11,

I am not really sure whether what i m doing below is correct. The previous short codes you gave me does not help much in my understanding. Hmm anyway pls take a look at the codes below.

I am not sure if I have make use of the subroutine correctly or whether it can be used to compare in that way.


#!/perl/bin/perl

use CGI ":standard";

sub checkUserPass (){
$username = param('loginName');
$password = param('loginPassword');
if($username eq "" || $password eq ""){
return 0;
}
}


sub matchUserPass (){

$host = "DBI:mysql:webber:localhost";
$dbh = DBI->connect($host, 'myusername', 'mypassword')
or die 'Unable to connect to the darn database $dbh->errstr\n';

$query = <<END;
select username, password
from Member
END

$memberData = $dbh->prepare($query);
$memberData->execute($username, $password)
or die 'Unable to execute SQL command. $dbh->errstr';
$data_ref = $memberData->fetchrow_hashref();
memberData->finish ();
$dbh->disconnect ();
}

print header; start_html('Login Result');

if(sub checkUserPass () = 0)
{
print 'Invalid. Please enter your username or password';
elsif(sub matchUserPass() = true){
print 'Login Successfully';
else
print 'Invalid. Please enter your username or password';
}
}

"stuck...dunno what to do"

print end_html;

}

#!/perl/bin/perl

use strict; ## always use strict
use CGI ":standard";

## do this first, making $dbh a global for this script. You are likely to use it many times within a script
my $host = "DBI:mysql:webber:localhost";
my $dbh = DBI->connect($host, 'myusername', 'mypassword') or die 'Unable to connect to the darn database $dbh->errstr\n';

## I like to put the main section first, followed by the subroutines

my $errmsg = "";
my $username = param('loginName');
my $password = param('loginPassword');

## correctly use {} and '=='. Read up on syntax
if ($username eq "" || $password eq "") { $errmsg = 'Please enter your username and password'; }
elsif (&matchUserPass() == 0) { $errmsg = 'Invalid username or password'; }

## "stuck...dunno what to do"
if (!$errmsg) {
## What do you want to do? Return a member page, perhaps!
## so do that here!

} else {
## Error page returned
print header;
start_html('Login Result');
print $errmsg;
print end_html;
}

$dbh->disconnect(); exit;


#======= SUBROUTINES
sub matchUserPass() {
## returns 1 if valid and 0 in not found
my $query = "SELECT COUNT(*) FROM member WHERE username='$username' AND password='$password'";
return $dbh->selectrow_array($query);
}

Hi Nedals,

Thanks for your debugging. Greatly appreciated it. Read some books but all presented in snippets and when I wanted to combine the snippets to create a application like login, I have problems.

Now, the next step I want to do is to use the Tainted checking to check for meta characters. When using Tainted checking, what is the shebang to enter actually? I have noticed '-Tw' Pls advise.


#!/perl/bin/perl #-Tw?

use strict;
use CGI ":standard";
use CGI; #what the different with this and the CGI:Standard?

my $host = "DBI:mysql:webber:localhost";
my $dbh = DBI->connect($host, 'myusername', 'mypassword') or die 'Unable to connect to the darn database $dbh->errstr\n';

my $errmsg = "";
my $username = param('loginName');
my $password = param('loginPassword');


if ($username eq "" || $password eq "") { $errmsg = 'Please enter your username and password'; }

#I have created the subroutine for Taint Checking but I dont know how to use it here.

elsif (&matchUserPass() == 0) { $errmsg = 'Invalid username or password'; }
if (!$errmsg) {

$back = new CGI;
#anyway to add time countdown with perl redirect?
print $back->redirect('memberProfile.htm');
} else {
print header;
start_html('Login Result');
print $errmsg;
print $back->redirect('login.htm');
print end_html;
}

$dbh->disconnect(); exit;


#======= SUBROUTINES
sub matchUserPass() {
## returns 1 if valid and 0 in not found
my $query = "SELECT COUNT(*) FROM member WHERE username='$username' AND password='$password'";
return $dbh->selectrow_array($query);
}

sub Untained{
$val = ($_[0]);

if($val =~ /([&0-9a-z.@\/]+)/){
$val = $1;
}
else{
&Death("$_[1]", "Program aborting: Tainted data");
}
return $val;
}

sub Death{
$script = $_[0];
$msg = $_[0];

$return = new CGI("");
print $return->header();
print $return->start_html(-title=>"Fatal Runtime Error");
print <<_DONE
The script $script returned the following error message: $msg.
_DONE

print $return->footer();
die("Fatal Error: $msg");
}
}
}

#!/perl/bin/perl -Tw
## the 'w' is for warnings

...what the different with this and the CGI:Standard?
http://search.cpan.org/~lds/CGI.pm-3.05/CGI.pm

...print $back->redirect('memberProfile.htm');
This is not such a good idea. What if I enter 'www.domain.com/memberProfile.htm'?
It will take me to your member page WITHOUT logging in?

...I want to do is to use the Tainted checking
http://www.gunther.web66.com/FAQS/taintmode.html