Cookie not working for CGI logon script

Discussion in 'Perl Misc' started by richardkreidl@northwesternmutual.com, Mar 19, 2006.

  1. Guest

    I have the following two cgi scripts below, one is for logging into the
    website as an admin.

    The problem I'm having is that umzadmin.cgi script makes me login twice
    before I can use the website. I think my cookie setuup is wrong.
    Could you please review the scripts and see where I'm going wrong??

    umzadmin.cgi script
    #!/opt/perl/bin/perl

    use CGI qw/:standard/;

    my $filepath="/home/kre1973/umzadmin.txt";
    my %userNames;
    open (FILE, "$filepath") or die("Can't find file: $!");
    while (<FILE>){
    my @userarray = split /\:/,$_;
    chomp $userarray[1];
    $userNames{$userarray[0]} = $userarray[1];
    }
    close FILE;
    if (!param()){
    &loginScreen();
    }#end if
    else{
    my $remote = param('username');
    my $remote_pw = param('password');
    my $count = 0;
    foreach $key (keys %userNames){
    my $value = $userNames{$key};
    if ($key ne $remote) {next;}
    elsif ($value ne $remote_pw){
    &loginScreen("Password Incorrect<BR>");
    } #end elsif
    else {
    my $cookie = cookie( -name => "COCS_TODO",
    -value => "granted",
    -expires => "+30m");
    print << "EOF";
    Set-Cookie: $cookie
    Location: http://ihot1.nml.com./cgi-bin/dailyops/bin/umzinput.cgi
    EOF

    print "Location: /cgi-bin/dailyops/bin/umzinput.cgi\n\n";
    } #end else
    }#end foreach
    &loginScreen("User name not found<BR>");
    } #end else

    sub loginScreen {
    my $error;
    if (!$_[0]) {$error = " "} else {$error = $_[0]}
    print header;
    print << "EOF";
    <HTML><TITLE>UMZ Admin Login</TITLE>
    <BODY>
    <CENTER>
    <H1>Login Screen</H1><BR>
    $error
    <FORM METHOD=post ACTION="/cgi-bin/dailyops/bin/umzadmin.cgi">
    <INPUT NAME="username"><BR>
    <INPUT TYPE=PASSWORD NAME="password"><BR>
    <INPUT TYPE=submit value="Login"><INPUT TYPE=RESET>
    </FORM>
    </CENTER>
    </BODY>
    </HTML>
    EOF
    exit;
    }




    umzinput.cgi script

    #!/opt/perl/bin/perl

    use strict;
    use CGI qw/:standard/;
    use CGI::Carp qw(fatalsToBrowser);
    use lib '/home/kre1973'; #path to home grown Modules.
    use EDPM::WebLib; #NML Standard header module
    my $scriptPath = "/cgi-bin/dailyops/bin/umzinput.cgi"; #path to
    cgi-script.
    my $mainTable = "/nmlprod/dailyops/rpts/tmp/umzinput.csv"; #name of
    master table list
    if (!param()){
    &Startup(); #No params were passed, go to index page.
    }#endif
    elsif (param()){
    &Main(); #Params were passed, start your engines.
    }#end elsif
    else {
    error("Neither param or !param was sent, WTF: $!");
    }#end else

    ##################################################################################################
    sub Startup {
    SortForm();
    }#end &Startup
    ##################################################################################################
    sub Main {
    SWITCH: {

    &SortForm(param('Sort')), last SWITCH if param('Sort');
    &AddTaskForm(), last SWITCH if param('Add_Task');
    &DeleteTask(), last SWITCH if param('DeleteTask');
    &AddTaskSubmit(), last SWITCH if param('AddTaskSubmit');
    &EditTaskSubmit(), last SWITCH if param('EditTaskSubmit');
    &EditTodo(param('UMZ_ID')), last SWITCH if param('UMZ_ID');

    }#end SWITCH
    exit;
    }#end &Main
    ##################################################################################################
    sub SpecificSort {
    my $todoListCookie;
    if (!param('Sort')) {$todoListCookie = cookie ( "CO_TODO_COOKIE")}
    else {$todoListCookie = param('Sort');}
    my $compNum;
    if (!defined $todoListCookie){$compNum = 1}
    elsif ($todoListCookie eq "UMZ_ID"){$compNum = 0}
    elsif ($todoListCookie eq "Server_Name"){$compNum = 1}
    elsif ($todoListCookie eq "UMZTYPE"){$compNum = 6}

    my @first = split( '\^', $a );
    my @second = split( '\^', $b );

    my $compare = ( $first[$compNum] cmp $second[$compNum] ); #
    job number
    if ( $compare != 0 ) { return ( $compare ); }
    $compare = ( $first[1] cmp $second[1] ); # job number
    if ( $compare != 0 ) { return ( $compare ); }

    }

    sub SortForm {
    ##################################################################################################
    my $sortType = $_[0];
    if (defined $sortType){
    my $sortCookie = cookie ( -name => "CO_TODO_COOKIE",
    -value => "$sortType",
    -expires => "+1y");
    print header(-cookie => [$sortCookie]);
    print $cocsheader;

    }
    else {
    print header;
    print $cocsheader;
    }

    my $i = 0;
    my @filerecs;
    my $tableNam;
    my $tableNum;
    my $fieldSep;
    my @columnheaders;
    my $cookie = cookie( -name => "COCS_TODO" );
    my $cookiestatus;
    if (!defined($ENV{HTTP_COOKIE})) { $cookiestatus
    ="NOPE";}else{$cookiestatus = $ENV{HTTP_COOKIE};}
    if (!defined $cookie){
    print << "EOF";
    <center><h1>Pre & Post Checkout Procedures for UMZ/SMZ/IMZ's</h1>
    <pre><b><font color=red>Please follow instructions below only during a
    normal recycle.
    In all other situations please call contacts for
    instructions.</b></pre></font></center>
    <br>
    <h3><u>When doing the Pre-Work for a box on a scheduled or emergency
    UMZ, IMZ or SMZ remember to do the following:</u></h3>
    <pre>1) Force start the Pre-Work AutoSys jobs that are listed on this
    website for the box being worked on.
    2) Perform any Pre-MVS (Mainframe) work listed on this website for the
    box being worked on. </pre>

    <h3><u>After the box is back up you should do the following:</u></h3>
    <pre>1) Force start the Post-Work AutoSys jobs that are listed on this
    website for the box being worked on.
    2) Perform any Post-MVS (Mainframe) work listed on this website for the
    box being worked on. </pre>

    <font color=black><A HREF="umzadmin.cgi">Admin Login</A></font>

    <center><b><font color="red">Last Updated: Feb. 20,
    2006</font></center></b>
    <script>printFooter("")</script>
    <BR>

    <BR>
    EOF
    }
    else {
    print << "EOF";
    <A HREF="umzinput.cgi?Add_Task=Y">Add an UMZ</A>
    EOF
    }
    print << "EOF";
    <CENTER>
    <TABLE BORDER=1 width="100%">
    <TD WIDTH="5%"><FONT SIZE =2><B><A HREF="umzinput.cgi?Sort=UMZ_ID">UMZ
    ID#</A></B></FONT></TD>
    <TD WIDTH="5%"><FONT SIZE =2><B><A
    HREF="umzinput.cgi?Sort=Server_Name">Server Name</A></B></FONT></TD>
    <TD WIDTH="21%" bgcolor="cyan" align=center><FONT SIZE
    =3><B>Pre-MVS</B></FONT></TD>
    <TD WIDTH="21%" bgcolor="cyan" align=center><FONT SIZE
    =3><B>Pre-C/S</B></FONT></TD>
    <TD WIDTH="21%" bgcolor="cyan" align=center><FONT SIZE
    =3><B>Post-MVS</B></FONT></TD>
    <TD WIDTH="21%" bgcolor="cyan" align=center><FONT SIZE
    =3><B>Post-C/S</B></FONT></TD>
    <TD WIDTH="5%"><FONT SIZE =2><B><A
    HREF="umzinput.cgi?Sort=UMZTYPE">Server Type</A></B></FONT></TD>
    </TR>
    EOF

    open (TABLENAM, "$mainTable") || error("Error: $!");
    while (<TABLENAM>){
    $filerecs[$i++] = $_;
    } #end while (<TABLENAM>)
    my @sorted_recs = sort SpecificSort @filerecs;

    # write sorted array to standard output
    foreach my $line (@sorted_recs) {
    my @rows = split(/\^/, $line);
    print "<TR>";
    if (defined $cookie) {
    print << "EOF";
    <TD>
    <CENTER>
    <FONT SIZE=2>
    <A HREF="umzinput.cgi?UMZ_ID=$rows[0]">$rows[0]</A>
    </FONT>
    </CENTER>
    </TD>
    EOF
    }
    else {
    print << "EOF";
    <TD>
    <CENTER>
    <FONT SIZE=2>
    $rows[0]
    </FONT>
    </CENTER>
    </TD>
    EOF
    }
    for (my $i = 1; $i < 7; $i++){
    print << "EOF";
    <TD bgcolor="lightgrey">
    <CENTER>
    <FONT SIZE=2><B>
    $rows[$i]&nbsp;
    </B></FONT>
    </CENTER>
    </TD>
    EOF
    }#end for loop
    }
    print << "EOF";
    </TABLE>
    </CENTER>
    EOF
    close TABLENAM;
    exit;

    }#end &SortForm
    ##################################################################################################
    sub AddTaskForm {

    my $cellcounter;
    my $newRow;

    open (TABLENAM, "$mainTable") || error("Error: $!");
    while (<TABLENAM>){
    my @rows = split(/\^/, $_);
    $newRow = $rows[0]+1;
    } #end while (<TABLENAM>)

    print header;
    print $cocsheader;
    print << "EOF";
    <CENTER>
    <BR><BR>
    <H1>Add an UMZ</H1><BR><BR>
    </CENTER>
    <FORM METHOD=POST ACTION="umzinput.cgi">
    </CENTER>
    UMZ ID#: $newRow<INPUT TYPE=HIDDEN NAME="UMZ_ID" VALUE="$newRow"><BR>
    Server Name: <INPUT NAME="Server_Name" SIZE=15><BR>
    Pre-MVS:<BR>
    <TEXTAREA COLS=80 ROWS=5 NAME="PREMVS"></TEXTAREA><BR>
    Pre-C/S:<BR>
    <TEXTAREA COLS=80 ROWS=5 NAME="PRECS"></TEXTAREA><BR>
    Post-MVS:<BR>
    <TEXTAREA COLS=80 ROWS=5 NAME="POSTMVS"></TEXTAREA><BR>
    Post-C/S:<BR>
    <TEXTAREA COLS=80 ROWS=5 NAME="POSTCS"></TEXTAREA><BR>
    Server Type: <SELECT NAME=UMZTYPE>
    <OPTION>AIX (IBM)
    <OPTION>HP
    <OPTION>SUN
    <OPTION>NT
    <OPTION>PROD Sybase
    <OPTION>TEST Sybase
    <OPTION>STAGE Sybase
    </SELECT>
    <BR>
    <INPUT TYPE=SUBMIT VALUE="Add UMZ" NAME=AddTaskSubmit>
    <INPUT TYPE=RESET VALUE="Reset Boxes">
    EOF
    }# end &AddTask
    ##################################################################################################
    sub AddTaskSubmit {
    my $umz_id = "";
    my $server_id = "";
    my $pre_mvs = "";
    my $pre_cs = "";
    my $post_mvs = "";
    my $post_cs = "";
    my $umztype = "";


    if (param('UMZ_ID')){$umz_id = param('UMZ_ID')}
    if (param('Server_Name')){$server_id = param('Server_Name')}
    if (param('PREMVS')){$pre_mvs = param('PREMVS')}
    if (param('PRECS')){$pre_cs = param('PRECS')}
    if (param('POSTMVS')){$post_mvs = param('POSTMVS')}
    if (param('POSTCS')){$post_cs = param('POSTCS')}
    if (param('UMZTYPE')){$umztype = param('UMZTYPE')}

    $pre_mvs =~ s/\^M/<BR>/g;
    $pre_cs =~ s/\^M/<BR>/g;
    $post_mvs =~ s/\^M/<BR>/g;
    $post_cs =~ s/\^M/<BR>/g;
    $pre_mvs =~ s/\n/<BR>/g;
    $pre_cs =~ s/\n/<BR>/g;
    $post_mvs =~ s/\n/<BR>/g;
    $post_cs =~ s/\n/<BR>/g;


    my $insertString =
    "$umz_id^$server_id^$pre_mvs^$pre_cs^$post_mvs^$post_cs^$umztype";
    open (INSERTFILE, ">>$mainTable") or die "Couldn't open file
    $mainTable: $!";
    print INSERTFILE "$insertString\n";
    close INSERTFILE;
    print "Location:
    http://ihot1.nml.com/cgi-bin/dailyops/bin/umzinput.cgi\n\n";
    } #AddTaskSubmit


    Thanks
     
    , Mar 19, 2006
    #1
    1. Advertising

  2. Matt Garrish Guest

    <> wrote in message
    news:...
    >I have the following two cgi scripts below, one is for logging into the
    > website as an admin.
    >
    > The problem I'm having is that umzadmin.cgi script makes me login twice
    > before I can use the website. I think my cookie setuup is wrong.
    > Could you please review the scripts and see where I'm going wrong??
    >
    > umzadmin.cgi script
    > #!/opt/perl/bin/perl
    >
    > use CGI qw/:standard/;
    >
    > my $filepath="/home/kre1973/umzadmin.txt";
    > my %userNames;
    > open (FILE, "$filepath") or die("Can't find file: $!");
    > while (<FILE>){
    > my @userarray = split /\:/,$_;
    > chomp $userarray[1];
    > $userNames{$userarray[0]} = $userarray[1];
    > }
    > close FILE;
    > if (!param()){
    > &loginScreen();
    > }#end if
    > else{
    > my $remote = param('username');
    > my $remote_pw = param('password');
    > my $count = 0;



    Why are you looping over the userName hash here? You already know what
    username the person entered, right?

    > foreach $key (keys %userNames){
    > my $value = $userNames{$key};
    > if ($key ne $remote) {next;}
    > elsif ($value ne $remote_pw){
    > &loginScreen("Password Incorrect<BR>");
    > } #end elsif
    > else {
    > my $cookie = cookie( -name => "COCS_TODO",
    > -value => "granted",
    > -expires => "+30m");
    > print << "EOF";
    > Set-Cookie: $cookie
    > Location: http://ihot1.nml.com./cgi-bin/dailyops/bin/umzinput.cgi
    > EOF
    >
    > print "Location: /cgi-bin/dailyops/bin/umzinput.cgi\n\n";
    > } #end else
    > }#end foreach
    > &loginScreen("User name not found<BR>");


    I would get rid of that whole block and replace it with:

    unless ($userName{$remote} and $userName{$remote} eq $remote_pw) {
    loginScreen('Password Incorrect<br />');
    }

    print redirect(-uri => '
    http://ihot1.nml.com./cgi-bin/dailyops/bin/umzinput.cgi', -cookie=>$cookie);


    If you're running IIS 5, however, you're likely to run into the problem of
    cookies not being set on a redirect, as you're attempting.

    http://support.microsoft.com/kb/q176113/

    If you need more help, please condense your code down to the smallest
    example that demonstrates the problem (i.e., drop all the html generation
    and other junk you included).

    Matt
     
    Matt Garrish, Mar 19, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jimbo
    Replies:
    1
    Views:
    665
    Pierre Quentel
    Apr 8, 2010
  2. Kjell Kristiansson
    Replies:
    0
    Views:
    293
    Kjell Kristiansson
    Nov 30, 2005
  3. Xeno Campanoli
    Replies:
    2
    Views:
    148
    Xeno Campanoli
    Jul 10, 2008
  4. henry
    Replies:
    6
    Views:
    183
    Gunnar Hjalmarsson
    Feb 28, 2004
  5. kath
    Replies:
    4
    Views:
    654
    J. Gleixner
    Apr 9, 2007
Loading...

Share This Page