Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

CromeDome (4395)

CromeDome
  (email not shown publicly)
http://www.cromedome.net/
AOL IM: TheOneCromeDome (Add Buddy, Send Message)
Hello, I'm MrCromeDome from Perl Monks. [perlmonks.org] See my account there or my home page for more info.

Journal of CromeDome (4395)

Tuesday February 15, 2005
10:10 PM

Stupid mistake #371

[ #23210 ]

Valuable bonus points* will be awarded to the first person to detect the stupid error found in this code snippet:


        # Check the login credentials
        my $username = untaint_string($self->query->param("username"));
        my $password = untaint_string($self->query->param("password"));

        if($username ne "" and $password ne "")
        {
                use KW::Users;
                my $user = KW::Users->retrieve($username);

                if($user and $user->login_password eq encrypt($password))
                {
                        # Last check! User info matches, but are they active?
                        if($user->active_yn eq "Y")
                        {
                                # Log the user in
                                $self->session->param("username", $username);
                                $self->session->param("is_logged_in", 1);
                        }
                }
        }

        $self->param("message", "Please enter a valid username and password combination.")
                unless $self->session->param("is_logged_in", 1);

        # Return the user to their chosen destination
        return $self->redirect($redirect);

Stupid mistake aside, there's a bigger issue above that I am unsure as to how to deal with. Traditionally, I've used the session parameter message when I've wanted to tell my output function to throw a message at the top of the page (to indicate an error, etc.). I've always done this in the context of a single script before - for example, user is trying to login (as above), fails the login (and therefore sets a message), and I call the function to redisplay the login form again, and the message gets displayed. Nowadays, I'm potentially redirecting to another script in another process, and so my message parameter goes out of scope. Any suggestions on how to do what I want?

Thanks in advance!

* Valuable Bonus Points have no real or imaginary value. They do, however, give you bragging rights (for whatever THAT is worth!) ;)


List all Journal entries
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Stupid mistake #371 2 Comments More | Login | Reply /

 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • You don't show a session becoming "un logged in" when a password doesn't match (nor do you show anything about session lifetime). And I would expect to stay on whatever the login page was rather than get redirected on a failed login attempt.
    • Stupid error #372 is posting the corrected code without the bug removed. I meant to post this:

      $self->param("message", "Please enter a valid username and password combination.")
                                      unless $self->session->param("is_logged_in", 1);
      when I originally posted this:

      $self->param("message", "Please enter a valid username and password combination.")
                 
Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.