Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 15 of 15
  1. #1
    New Coder
    Join Date
    Oct 2009
    Posts
    41
    Thanks
    4
    Thanked 0 Times in 0 Posts

    Perl Session Variables/Admin Privileges

    Hello,

    I am trying to figure out how to have a perl script determine what display on an HTML page. The idea is that when a person logs in, their "role" is retrieved from a mySQL database. That role is then stored in a session variable. Based on the role being "general" or "admin," determines whether or not they have access to the link "Insert.html" If they are an admin, I want the link to to be displayed...If they are not an admin, I don't want them to see it. Is this possible using Perl?

    Also, how can I prevent them from being able to hard-code the link in there as well?

    Thanks a lot.

  • #2
    Super Moderator
    Join Date
    May 2005
    Location
    Southern tip of Silicon Valley
    Posts
    2,953
    Thanks
    2
    Thanked 172 Times in 167 Posts
    Quote Originally Posted by pppebble88 View Post
    Hello,

    I am trying to figure out how to have a perl script determine what display on an HTML page. The idea is that when a person logs in, their "role" is retrieved from a mySQL database. That role is then stored in a session variable. Based on the role being "general" or "admin," determines whether or not they have access to the link "Insert.html" If they are an admin, I want the link to to be displayed...If they are not an admin, I don't want them to see it. Is this possible using Perl?
    Yes, that is fairly easy to do in Perl, once you understand how to work with sessions.

    See:
    CGI::Session http://search.cpan.org/~markstos/CGI...CGI/Session.pm

    CGI::Session::Tutorial http://search.cpan.org/~markstos/CGI...on/Tutorial.pm

    For the HTML side, I'd use:
    HTML::Template http://search.cpan.org/~samtregar/HT....9/Template.pm

    CGI http://search.cpan.org/~lds/CGI.pm-3.48/lib/CGI.pm

  • #3
    New Coder
    Join Date
    Oct 2009
    Posts
    41
    Thanks
    4
    Thanked 0 Times in 0 Posts
    Thanks for the help...Question: For the HTML::Template, is the actual link going to be http://www.#####.com/test.tmpl? It seems like I have never seen an address such as that, but they have always been .html pages. Thanks.

  • #4
    Super Moderator
    Join Date
    May 2005
    Location
    Southern tip of Silicon Valley
    Posts
    2,953
    Thanks
    2
    Thanked 172 Times in 167 Posts
    Assuming a default apache configuration, the url would be http://www.mydomain.com/cgi-bin/test.pl

    However, with url rewriting and other apache directives, the url could simply be http://www.mydomain.com/test.htm or http://www.mydomain.com/test.pl or even just http://www.mydomain.com

  • #5
    New Coder
    Join Date
    Oct 2009
    Posts
    41
    Thanks
    4
    Thanked 0 Times in 0 Posts
    you mention URL rewriting, etc...Is this part of the Session and Template tutorials, or is that something different? Sorry, I am just new to all of this...Thanks

  • #6
    Super Moderator
    Join Date
    May 2005
    Location
    Southern tip of Silicon Valley
    Posts
    2,953
    Thanks
    2
    Thanked 172 Times in 167 Posts
    No, it's not part of CGI::Session

    http://en.wikipedia.org/wiki/Rewrite_engine

    http://httpd.apache.org/docs/2.0/misc/rewriteguide.html

    For now, I wouldn't worry about url rewriting. First get your site designed and working the way you want, then look into the apache directives.

  • #7
    New Coder
    Join Date
    Oct 2009
    Posts
    41
    Thanks
    4
    Thanked 0 Times in 0 Posts
    Here is what I have so far...For some reason, instead of storing the cookie and redirecting to the proper page, it shows the following:

    Set-Cookie: Role=Super; expires=Sat Nov 14 08:21:32 2009; path= Location: http://www.address to go to.com
    The code is below:
    Code:
    #!/usr/local/bin/perl
    
    
    # PERL MODULES WE WILL BE USING
    use DBI;
    use DBD::mysql;
    use CGI qw( :standard );
    use CGI::Carp qw(fatalsToBrowser);
    
    print "Content-type: text/html \n\n";
    
    $userPassed = param("userID");
    
    # CONFIG VARIABLES
    $platform = "mysql";
    $database = 
    $host = 
    $port = 
    $tablename = 
    $user = 
    $pw = 
    
    # DATA SOURCE NAME
    $dsn = "dbi:$platform:$database:$host:$port";
    
    # PERL DBI CONNECT
    $connect = DBI->connect($dsn, $user, $pw)
    or die "Connection Error: $DBI::errstr\n";
    
    # PREPARE THE QUERY
    my $query = "SELECT * FROM $tablename WHERE User = '$userPassed'";
    my $query_handle = $connect->prepare($query);
    
    #print ($query);
    
    # EXECUTE THE QUERY
    $query_handle->execute();
    
    while (@row = $query_handle->fetchrow_array) {
    	$roleIn = "$row[2]";
    	#print ("$roleIN");
    	}
    	
    $expires = gmtime( time() + 3600 );
    print( "Set-Cookie: Role=$roleIn; expires=$expires; path=\n" );
    
    print "Location: http://www.address to go to.com";
    
    # HTTP HEADER
    #print( header() );
    #print ( start_html() );
    
    # Print XHTML footer
    #print ( end_html() );
    Any ideas? Thanks a lot.

  • #8
    Super Moderator
    Join Date
    May 2005
    Location
    Southern tip of Silicon Valley
    Posts
    2,953
    Thanks
    2
    Thanked 172 Times in 167 Posts
    Don't print the HTML headers.

    The first print statement should be the redirection.

    http://search.cpan.org/~lds/CGI.pm-3...RECTION_HEADER

  • #9
    New Coder
    Join Date
    Oct 2009
    Posts
    41
    Thanks
    4
    Thanked 0 Times in 0 Posts
    How does it store the cookie if the redirect is the first thing printed? Below is the code i have...It works (by works, I mean it redirects properly)...

    Question: How can I retrieve the cookie set in this perl program using javascript, and then use that javascript to determine what to display? Is this a workable/good solution?

    Thanks. Code is below.

    Code:
    #!/usr/local/bin/perl
    
    
    # This page was created and worked on by 2/C Collard, 2/C Waymouth, 2/C Troisi, and 2/C Cunha 
    #source: http://forums.speedguide.net/showthread.php?t=190821
    
    # PERL MODULES WE WILL BE USING
    use DBI;
    use DBD::mysql;
    use CGI qw( :standard );
    use CGI::Carp qw(fatalsToBrowser);
    
    #print "Content-type: text/html \n\n";
    
    $userPassed = param("userID");
    
    # CONFIG VARIABLES
    $platform = "";
    $database = "";
    $host = "";
    $port = "";
    $tablename = "";
    $user = "";
    $pw = "";
    
    # DATA SOURCE NAME
    $dsn = "dbi:$platform:$database:$host:$port";
    
    # PERL DBI CONNECT
    $connect = DBI->connect($dsn, $user, $pw)
    or die "Connection Error: $DBI::errstr\n";
    
    # PREPARE THE QUERY
    my $query = "SELECT * FROM $tablename WHERE User = '$userPassed'";
    my $query_handle = $connect->prepare($query);
    
    #print ($query);
    
    # EXECUTE THE QUERY
    $query_handle->execute();
    
    while (@row = $query_handle->fetchrow_array) {
    	$roleIn = "$row[2]";
    	#print ("$roleIN");
    	}
    	
    $query = new CGI; # create a new CGI object
    $cookie = $query->cookie ( -name => 'Role',
                               -value => '$roleIn',
                               -path => '/',
                               -expires => '+60m');
    
    $location = '';
    
    print $query->header(-cookie=>$cookie);
    print qq{<meta http-equiv="REFRESH" content="0;URL=http://www.togoto.com">\n};
    
    # HTTP HEADER
    #print( header() );
    #print ( start_html() );
    
    # Print XHTML footer
    #print ( end_html() );

  • #10
    Super Moderator
    Join Date
    May 2005
    Location
    Southern tip of Silicon Valley
    Posts
    2,953
    Thanks
    2
    Thanked 172 Times in 167 Posts
    The first thing to decide on is do you want to use client side cookies or server side sessions as indicated in your original post?

    If you're going to use server side sessions, then sending the cookie is optional, but if used, it only stores the session id.

  • #11
    Master Coder
    Join Date
    Apr 2003
    Location
    in my house
    Posts
    5,211
    Thanks
    39
    Thanked 201 Times in 197 Posts
    it'll depend on whether you use server-side sessions or not but, instead of printing the cgi->header(); you could print $session->header();

    Then you can add things to the session (or delete them) and I think you can then redirect if you want.

    hth

    bazz

    Edit:
    print $cgi->header(); is used instead of print "Content-type: text/html \n\n";
    "The day you stop learning is the day you become obsolete"! - my late Dad.

    Why do some people say "I don't know for sure"? If they don't know for sure then, they don't know!
    Useful MySQL resource
    Useful MySQL link

  • #12
    Super Moderator
    Join Date
    May 2005
    Location
    Southern tip of Silicon Valley
    Posts
    2,953
    Thanks
    2
    Thanked 172 Times in 167 Posts
    Here's an example pulled from one of my production scripts.

    Code:
    #!/usr/bin/perl
    
    use warnings;
    use strict;
    use DBI;
    use CGI;
    use CGI::Carp qw(fatalsToBrowser warningsToBrowser);
    use CGI::Session;
    use HTML::Template;
    use Crypt::PasswdMD5;
    
    my $title     = 'Email Administration Login';
    my $cgi       = CGI->new;
    my $session   = CGI::Session->new or die CGI::Session->errstr;
    my $template  = HTML::Template->new(
                          filename          => '../../html/emadmin/login.tmpl',
                          associate         => [$session],
                          die_on_bad_params => 0,
                          global_vars       => 1,
                          cache             => 0,
                    );
    
    $SIG{__DIE__} = \&dying;
    
    #$session->clear(['admin', 'logged_in']) if $cgi->param('logout');
    $session->clear if $cgi->param('logout');
    $session->param('hostname', `hostname`);
    
    
    # is user logging-in
    if ( $cgi->param('Login') ) {
       my $home = 'http://mydomain.com/admin/search.pl';
       print $cgi->redirect($home) if autherized_user();
    }
    
    
    # if we reach this point, the default login page will be shown
    print $session->header;
    warningsToBrowser(1);
    print $template->output;
    
    exit;
    
    #  End of main body of script
    #  Subroutine definitions to follow below

  • #13
    New Coder
    Join Date
    Oct 2009
    Posts
    41
    Thanks
    4
    Thanked 0 Times in 0 Posts
    Thanks for all of the help thus far...I am doing my best to keep up and try to understand.

    You mentioned that there are server-side and user-side cookies...Is the way I have it setup (code above) server-side or client side? In addition, what are the advantages/disadvantages to either?

    In your script, FishMonger, I noticed that you determine what to do based on if they are logging in, etc. Why is that necessary? More clearly, if we take them to a login page, which redirects to this perl script, they are obviously not "logging out." Is this script called somewhere else?

    Also, if I use the method I am currently using to store cookies (hopefully that is what it is doing) can I use javascript to pull the value of "role" out of the cookie and display page content accordingly?

    Thanks a lot for all of the help!

  • #14
    Master Coder
    Join Date
    Dec 2007
    Posts
    6,682
    Thanks
    436
    Thanked 890 Times in 879 Posts
    Quote Originally Posted by pppebble88 View Post
    Thanks for all of the help thus far...I am doing my best to keep up and try to understand.

    You mentioned that there are server-side and user-side cookies...Is the way I have it setup (code above) server-side or client side? In addition, what are the advantages/disadvantages to either?
    web is stateless, you can't decide in what state you are if you don't preserve that information some way. FishMonger talk about storing the cookie( which reperesnt the state) on both parts, in the client browser and on your server. You can compare what you get from client with what you store on your computer and this way you can determine the state.
    The explanation is a little general but this why is happend what is happend,

    In your script, FishMonger, I noticed that you determine what to do based on if they are logging in, etc. Why is that necessary? More clearly, if we take them to a login page, which redirects to this perl script, they are obviously not "logging out." Is this script called somewhere else?
    FishMonger will explain this better then I can do,

    Also, if I use the method I am currently using to store cookies (hopefully that is what it is doing) can I use javascript to pull the value of "role" out of the cookie and display page content accordingly?

    Thanks a lot for all of the help!
    you fetch the cookie using perl and generate js code to pass the variable. It's not big deal but I don't understand why do you need that. After FishMonger answer your previous question I guess you will have no need of js for what you want to do with "role".

    best regards

  • #15
    Super Moderator
    Join Date
    May 2005
    Location
    Southern tip of Silicon Valley
    Posts
    2,953
    Thanks
    2
    Thanked 172 Times in 167 Posts
    Quote Originally Posted by pppebble88 View Post
    Thanks for all of the help thus far...I am doing my best to keep up and try to understand.

    You mentioned that there are server-side and user-side cookies...Is the way I have it setup (code above) server-side or client side? In addition, what are the advantages/disadvantages to either?
    Your code is using client side cookies to maintain all state information.

    My code is using server side sessions to maintain the state info. CGI::Session can also send a client side cookie to store the session id but no other state info is sent in the cookie, or you can pass the session id in the query string.

    With server side sessions you control the storing and retrieving of session data. With client side cookies, the user has a fair amount of control over it. They can modify, delete or disable cookies. Server side sessions are more secure.

    In your script, FishMonger, I noticed that you determine what to do based on if they are logging in, etc. Why is that necessary? More clearly, if we take them to a login page, which redirects to this perl script, they are obviously not "logging out." Is this script called somewhere else?
    The example I gave was chosen to address the points in your opening question:

    The idea is that when a person logs in, their "role" is retrieved from a mySQL database. That role is then stored in a session variable.
    That's exactly what my code does; I just didn't show you my subroutines that query the database and assign that info to the session variables.

    On each of my pages I have a logout button that calls this login script, and this script is configured in apache to be my index (home) page. So, if there is a "Logout" parameter passed, I then clear the session which forces the user to log back in if they want to continue.

    Also, if I use the method I am currently using to store cookies (hopefully that is what it is doing) can I use javascript to pull the value of "role" out of the cookie and display page content accordingly?
    I'm fairly sure you can, but you'll need to ask that question in the Javascript topic area.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •