Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- #use strict;
- use warnings;
- use CGI;
- use DBI;
- use CGI::Session;
- use CGI::Session::Driver::mysql;
- use Digest::MD5 qw/md5_hex/;
- ### subs
- sub db_connect {
- open(CONF, shift || "./config.txt") || return 0;
- # read config file
- @a = <CONF>;
- chomp @a;
- my ($dbhost, $dbuser, $dbpass, $dbname) = @a;
- close CONF;
- $k = DBI->connect("DBI:mysql:$dbname;host=$dbhost", $dbuser, $dbpass);
- return $k;
- }
- sub db_query {
- $q = $kapcs->prepare(shift);
- $q->execute();
- while($row = $q->fetchrow_hashref()) {
- push @ret, \%$row;
- }
- return @ret;
- }
- sub check_login {
- $nev = shift; $nev =~ s/'/\\'/; # avoid sql injection
- $pass = shift; $pass = md5_hex $pass;
- $kapcs = db_connect;
- $q = $kapcs->prepare("SELECT uid FROM users WHERE nev='$nev' AND pass='$pass'");
- $q->execute();
- $row = $q->fetchrow_hashref();
- return $row->{uid};
- }
- sub session_start {
- open(CONF, shift || "./config.txt") || return 0;
- # read config file
- @a = <CONF>;
- chomp @a;
- my ($dbhost, $dbuser, $dbpass, $dbname) = @a;
- close CONF;
- $session = CGI::Session->new("driver:mysql", undef, {DataSource => "DBI:mysql:$dbname;host=$dbhost", User => $dbuser, Password => $dbpass});
- $session->expire(shift || '+30m');
- #return CGI::Cookie->new(-name=>$session->name, -value=>$session->id, -path=>shift||'/');
- return $session;
- }
- sub session_stop {
- $session->delete();
- $session->flush();
- }
- sub session_set {
- # takes: string1 string2
- $session->param(shift, shift);
- $session->flush();
- }
- sub session_get {
- # takes: string
- # returns: value of variable represented by string
- return $session->param(shift);
- }
- sub form_read {
- if($ENV{REQUEST_METHOD} =~ /GET/i) {
- $q = $ENV{QUERY_STRING};
- @pairs = split(/&/, $q);
- foreach $pair (@pairs) {
- ($var, $val) = split(/=/, $pair);
- $val =~ tr/+/ /;
- $val =~ s/%(..)/pack("C", hex($1))/eg;
- $form{$var} = $val;
- }
- } elsif($ENV{REQUEST_METHOD} =~ /POST/i) {
- #read(STDIN, $q, $ENV{CONTENT_LENGTH});
- foreach $field ($cgi->param()) {
- $form{$field} = $cgi->param($field);
- }
- }
- return %form;
- }
- ### end subs
- ### globals
- our $session = 0;
- our $cgi=CGI->new();
- our %form;
- ### end globals
- ### headers
- $session = CGI::Session->load();
- if($session->is_expired()) {
- $session->delete();
- }
- if(not $session or $session->is_empty()) {
- $session = session_start;
- } else {
- }
- print $cgi->header(-type, "text/html", -charset, "UTF-8", -cookie, CGI::Cookie->new(-name=>$session->name, -value=>$session->id));
- ### end headers
- ## read GET/POST variables
- %form = form_read;
- if(not $session->is_empty() and session_get("uid")) {
- ### MAIN PART
- $email = session_get("email");
- $nev = session_get("nev");
- if($kapcs = db_connect()) {
- @rows = db_query "SELECT uid,email,nev FROM users";
- foreach my $row1 (@rows) {
- foreach my $col1 (keys %$row1) {
- print " | ".$row1->{$col1}."";
- }
- print "\n";
- }
- } else {
- die "Error: $DBI::errstr";
- }
- ### END MAIN PART
- } else {
- if($form{nev}) {
- if($uid = check_login $form{nev}, $form{pass} ) {
- session_set 'uid', $uid;
- print "logged in";
- } else {
- # incorrect login/pass
- print "incorrect";
- }
- } else {
- # login screen
- print "please login!";
- }
- }
- print "\n";
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement