Problem with perl script

Yook

Basically what this code is trying to do is check a username and password against a file. This is my first time writing perl. For some reason when I type in the correct username and password $passok isnt set to 1. This is the code im currently debugging:

#!/usr/bin/perl

use Text::ParseWords;
use Digest::MD5 qw(md5 md5_hex md5_base64);

$passok = 0;
print "\nUsername: ";
$user = <STDIN>;
print "Password: ";
$pass = <STDIN>;

$verpass = md5_hex($pass);
verpass();

if ($passok){
	print("\nLogin Successful!");
}else{
	print("\nLogin Failed. Please Try again\n\n");
}

sub verpass(){

	print "\nInput Username: ";
	print "$user";
	print "Input Password: ";
	print "$verpass";

	open (PASSFILE, "users.db") || die print "Error: couldnt open the file!";
	my $record = <PASSFILE>;
	close PASSFILE;

	my @words = &quotewords('\s+', 0, $record);

	print "\n\nDatabase User: ";
	print "$words[0]";
	print "\nDatabase Pass: ";
	print "$words[1]";

	if(($words[0] eq $user) && ($words[1] eq $verpass)){
		print"\nhere!";
		$passok = 1;
	}else{
		print"\nbad here!";
		$passok = 0;
	}
	print ("\nPassok: ");
	print ($passok);
}

The input:

print "\nInput Username: ";
print "$user";
print "Input Password: ";
print "$verpass";

and file:

print "\n\nDatabase User: ";
print "$words[0]";
print "\nDatabase Pass: ";
print "$words[1]";

return exactly the same thing when the right username and password is typed
in.

The only thing I can think is wrong, is possibly the syntax of:

if(($words[0] eq $user) && ($words[1] eq $verpass)){

Any suggestions would be great!
Thanks a lot.

Zaltais

When you accept the username and password from the user, you don't remove the newline character (chomp) so when you do your comparison

if(($words[0] eq $user) && ($words[1] eq $verpass)){

it equates to

if(('username' eq 'username\n') && ('password' eq 'password\n')){

Change this:

$passok = 0;
print "\nUsername: ";
$user = <STDIN>;
print "Password: ";
$pass = <STDIN>;

$verpass = md5_hex($pass);
verpass();

to:

$passok = 0;
print "\nUsername: ";
$user = <STDIN>;
print "Password: ";
$pass = <STDIN>;

chomp($user);
chomp($pass);

$verpass = md5_hex($pass);
verpass();

Yook

Cheers mate! That did it!

Yook

Oh one more thing:

my @words = &quotewords('\s+', 0, $record);

I've tried putting in '|' for the delimiter but I cant seem to get it to work. I must be doing something stupid.

Zaltais

At a guess I'd say the first argument to quotewords is a regex. If so | is a special character, so you could try escaping it, like so:

my @words = &quotewords('\|', 0, $record);

Yook

I have a couple more questions if you dont mind.

This is going to be a cgi script. How do i redirect to another script if it authenticates, and how do I secure the other script so it cant be opened without going though this one?

Cheers mate!

daymobrew

Yook wrote:

This is going to be a cgi script. How do i redirect to another script if it authenticates

use CGI qw/ redirect /;
print redirect( $URL-of-page-to-redirect-to );

Yook wrote:

and how do I secure the other script so it cant be opened without going though this one?

Look at using cookies or sessions.

Google "site:stonehenge.com cookies" for a bunch of articles written by Randal Schwartz, author of multiple perl books including "Learning Perl".

PhantomBeaker

Checking referrers could also be a good way to make sure you go through one script before going to the next... I know it caused a bit of trouble for me recently with a form (it was checking referrers, and for some reason, the referrer I was using wasn't on the guest-list so to speak)

Aoife

daymobrew

PhantomBeaker wrote:

Checking referrers could also be a good way to make sure you go through one script before going to the next

The referer is easily faked. For example with wget you can specify the referer thus circumventing such checks.

wget --referer=URL           include `Referer: URL' header in HTTP request.