2007-10-10 10:27:05 +00:00
|
|
|
require "/var/www/perl/include.pl";
|
|
|
|
|
2007-10-10 18:51:01 +00:00
|
|
|
#initialize session data
|
2007-10-10 13:25:41 +00:00
|
|
|
CGI::Session->name($session_name);
|
2007-10-10 15:14:05 +00:00
|
|
|
$query = new CGI;
|
2007-10-10 18:36:12 +00:00
|
|
|
$session = new CGI::Session;
|
2007-10-10 13:25:41 +00:00
|
|
|
|
2007-10-10 18:51:01 +00:00
|
|
|
#check if action is set
|
2007-10-10 15:14:05 +00:00
|
|
|
if($query->param('action')) {
|
2007-10-10 18:51:01 +00:00
|
|
|
#connect to db
|
2007-10-10 16:05:54 +00:00
|
|
|
$dbh = DBI->connect("DBI:mysql:$database:$dbhost", $dbuser, $dbpass);
|
2007-10-10 18:51:01 +00:00
|
|
|
|
|
|
|
#if login is requested
|
2007-10-10 15:14:05 +00:00
|
|
|
if($query->param('action') eq "login") {
|
2007-10-10 18:51:01 +00:00
|
|
|
#save POST data in local variables
|
2007-10-10 15:14:05 +00:00
|
|
|
my $user = $query->param('user');
|
|
|
|
my $pass = $query->param('pass');
|
2007-10-10 18:51:01 +00:00
|
|
|
|
|
|
|
#prepare query
|
2007-10-10 13:25:41 +00:00
|
|
|
my $sth = $dbh->prepare(qq{select username from users
|
2007-10-10 15:14:05 +00:00
|
|
|
where password = password('$pass')
|
|
|
|
and username = '$user'
|
2007-10-10 13:25:41 +00:00
|
|
|
limit 1 });
|
2007-10-10 18:51:01 +00:00
|
|
|
|
|
|
|
#execute query
|
2007-10-10 13:25:41 +00:00
|
|
|
$sth->execute();
|
|
|
|
|
2007-10-10 18:51:01 +00:00
|
|
|
#if something was returned username and password match
|
2007-10-10 13:25:41 +00:00
|
|
|
if($sth->fetchrow_array()) {
|
2007-10-10 18:51:01 +00:00
|
|
|
#store session id in local variable
|
2007-10-10 16:05:54 +00:00
|
|
|
my $sid = $session->id;
|
2007-10-10 18:51:01 +00:00
|
|
|
|
|
|
|
#store session id in database
|
2007-10-10 16:05:54 +00:00
|
|
|
$sth = $dbh->prepare(qq{update users set sid = '$sid' where username = '$user'});
|
|
|
|
$sth->execute();
|
|
|
|
$sth->finish();
|
2007-10-10 13:25:41 +00:00
|
|
|
print $session->header();
|
|
|
|
print "logged in";
|
|
|
|
} else {
|
2007-10-10 18:51:01 +00:00
|
|
|
#if not, print error
|
2007-10-10 13:25:41 +00:00
|
|
|
print $session->header();
|
2007-10-10 16:05:54 +00:00
|
|
|
print "could not log you in";
|
2007-10-10 13:25:41 +00:00
|
|
|
}
|
|
|
|
|
2007-10-10 15:14:05 +00:00
|
|
|
} elsif($query->param('action') eq "logout") {
|
2007-10-10 18:51:01 +00:00
|
|
|
#if logout is requested
|
|
|
|
#remove sid from database
|
2007-10-10 16:05:54 +00:00
|
|
|
$sth = $dbh->prepare(qq{update users set sid = '' where username = '$user'});
|
|
|
|
$sth->execute();
|
|
|
|
$sth->finish();
|
|
|
|
$session->delete();
|
2007-10-10 10:27:05 +00:00
|
|
|
print $session->header();
|
|
|
|
print "logged out";
|
2007-10-10 13:25:41 +00:00
|
|
|
} else {
|
2007-10-10 18:51:01 +00:00
|
|
|
#something ugly was passed
|
2007-10-10 13:25:41 +00:00
|
|
|
print $session->header();
|
|
|
|
print "wtf?";
|
2007-10-10 10:27:05 +00:00
|
|
|
}
|
2007-10-10 16:05:54 +00:00
|
|
|
|
2007-10-10 18:51:01 +00:00
|
|
|
#disconnect db
|
2007-10-10 16:05:54 +00:00
|
|
|
$dbh->disconnect();
|
2007-10-10 10:27:05 +00:00
|
|
|
} else {
|
2007-10-10 18:51:01 +00:00
|
|
|
#print login form
|
2007-10-10 10:27:05 +00:00
|
|
|
print $session->header();
|
2007-10-10 13:25:41 +00:00
|
|
|
print '<form action="" method="POST"><p>
|
|
|
|
<input name="action" type="hidden" value="login">
|
|
|
|
<input name="user" type="text" size="30" maxlength="30">
|
|
|
|
<input name="pass" type="password" size="30" maxlength="30">
|
|
|
|
<input type="submit" name="login" value=" login ">
|
|
|
|
</p></form>';
|
2007-10-10 10:27:05 +00:00
|
|
|
}
|