Perl CGI 初体验

开始还满怀信心的打算拿 Perl 写一个文件上传管理程序,可是在写完了登陆部分之后就泄气了。原因很简单,服务器不支持 CGI::Session,而我又不想花时间去研究 Perl Cookie。

[code lang="perl" title="login.cgi"]
#!/usr/bin/perl -w
# ***********************************************
# * Handle User Login *
# ***********************************************
use strict;

use DBI;
#use CGI::Session;
use CGI;
use Digest::MD5 qw(md5_hex);

# Get the CGI form data
my $cgi = new CGI;
# Fetch login username and password
my $user_name = $cgi->param('username');
my $user_pass = $cgi->param('password');
$user_name =~ s/(?:\012\015|\012|\015)//g;
$user_pass =~ s/(?:\012\015|\012|\015)//g;
$user_pass = md5_hex($user_pass);
my $user_login = 0

require "config.pm"

# Import Database configuration
our $db_host;
our $db_use;
our $db_user;
our $db_pass;
our $db_table;

# Connect to database
my $db_conn = DBI->connect("DBI:mysql:database=$db_use;host=$db_host","$db_user","$db_pass", {'RaiseError' => 1});
print "Location: /error-503\n\n" unless $db_conn;

# Check if we have such password in database
my $sql = $db_conn->prepare("SELECT username FROM `$db_table` WHERE user_password='$user_pass'");
$sql->execute() or print "Location: /error-503\n\n";

# Process query result
while(my @result = $sql->fetchrow_array()) {
if($user_name eq $result[0]) {
# Here we go. A user is found with the same username and password.
$user_login = 1
last;
}
}

# Disconnect from database
$db_conn->disconnect();

# Not pass user check? Kick it out!
print "Location: /error-401\n\n" unless $user_login;

# User check successful! Log it in!
print "Content-type: text/plain\n\nYes !";

exit(0);
[/code]

其中登陆部分采用了《突发奇想,小改动解决安全问题》其中的方法。

看来要重操 PHP 旧业了……

添加新评论