require "/var/www/perl/include.pl"; #initialize session data CGI::Session->name($session_name); $query = new CGI; $session = new CGI::Session; #check if action is set if($query->param('action')) { #connect to db $dbh = DBI->connect("DBI:mysql:$database:$dbhost", $dbuser, $dbpass); #if login is requested if($query->param('action') eq "login") { #save POST data in local variables my $user = $query->param('user'); my $pass = $query->param('pass'); #prepare query my $sth = $dbh->prepare(qq{select username from users where password = password('$pass') and username = '$user' limit 1 }); #execute query $sth->execute(); #if something was returned username and password match if($sth->fetchrow_array()) { #store session id in local variable my $sid = $session->id; #store session id in database $sth = $dbh->prepare(qq{update users set sid = '$sid' where username = '$user'}); $sth->execute(); $sth->finish(); print $session->header(); print "logged in"; } else { #if not, print error print $session->header(); print "could not log you in"; } } elsif($query->param('action') eq "logout") { #if logout is requested #remove sid from database $sth = $dbh->prepare(qq{update users set sid = '' where username = '$user'}); $sth->execute(); $sth->finish(); $session->delete(); print $session->header(); print "logged out"; } else { #something ugly was passed print $session->header(); print "wtf?"; } #disconnect db $dbh->disconnect(); } else { #print login form print $session->header(); print '
'; }