[Athens-pm] <a href="my_script.pl?argument1=string>Click this</a> can't fix it!
Antonis Faragitakis
skatoulininis at yahoo.com
Thu Feb 27 08:42:49 CST 2003
--- Philip Lees <pjlees at ics.forth.gr> wrote:
> Mark Pors wrote:
>
> > This works for me if I call the script with
> '?goto_url=test':
> >
> > if ($goto_url eq 'test' and $user_pass) {
> > print $q->start_html(-title=>'It works').
> > $q->p(q(Ok it works)).
> > $q->end_html();
> > }
>
> The trouble is it doesn't work if one of the
> parameters is missing - all
> it outputs is the CGI header (not enough) Try this:
>
> if ($goto_url eq 'test' and $user_pass) {
> print $q->start_html(-title=>'It works');
> print $q->p(q(Ok it works)); # No special
> reason to
> use q here
> }else{
> print $q->start_html(-title=>'Error!');
> print $q->p( 'Your error message' );
> }
>
> print $q->end_html;
>
> However, I think the main problem with Antonis'
> login script is this:
>
> my $goto_url = $cgi->param("goto_url");
>
> ... then at the end:
>
> if ($goto_url eq 'test' and $user_pass) {
>
> In the form in index.htm there is no field called
> goto_url, so this will
> always fail.
>
> Also, I think that this:
>
> if ($user_name and $user_pass and $user_pass eq
> $users{$user_name}) {
>
> could safely be written more simply as:
>
> if ( $user_pass eq $users{$user_name} ) {
I used the code you writen in my CGI, the problem was,
that when you submited the login form without username
and password you still have access to the system.
That's why i check if $user_name and $user_pass
> since you are in control of the username/password
> combinations.
>
> Philip
> --
> Philip Lees
> Working Group on Cardiology
> ICS-FORTH, Science and Technology Park of Crete
> Vassilika Vouton, P.O. Box 1385, GR 711 10
> Heraklion, Crete, GREECE
>
> tel.: +30-2810-391680, fax: +30-2810-391601, e-mail:
> pjlees at ics.forth.gr
>
> 'The aim of high technology should be to simplify,
> not complicate' -
> Hans Christian von Baeyer
>
>
> _______________________________________________
> Athens-pm mailing list
> Athens-pm at mail.pm.org
> http://mail.pm.org/mailman/listinfo/athens-pm
More information about the Athens-pm
mailing list