...

View Full Version : Retrieving ASP Cookies with Perl



pppebble88
11-18-2009, 08:24 PM
Hello,

I am still working on developing the project that so many of you have helped with. Now that I got the authentication working and the ASP authentication page is creating a cookie once validated and redirecting to a perl script, I want to do the following:

1) At the top of each page, create a check to ensure that the user has logged in (a cookie exists)...If it doesn't, redirect them to the login page
2) In the "authMySql.pl" file (the script that the login page redirects to), I also want to capture the user name entered on the ASP form and validate it against a mySQL table we have created. The query will use the username entered to capture the "role" of the user logging in. If the username exists in the table, the perl script will then modify the SAME cookie to store the role and display the "admin" rights...

Below is the ASP page and the "authMySql.pl" page, respectively. Thanks for all of the help.



<%

strServerName = "SERVER"
strName = Request("username")
strPassword = Request("password")
ActionIN = request("Action")

If ActionIn = "Logon" then

If strName = "" OR strPassword = "" then
msg = "You must include both a User Name and a Password."
End If

If strName <> "" AND strPassword <> "" then

'Establish an object connection and set up the query to find the DN
set oConn = CreateObject("ADODB.Connection")

set oCommand = CreateObject("ADODB.Command")
set oRS = CreateObject("ADODB.Recordset")
oConn.Provider = "ADsDSOObject"
oConn.Open "Ads Provider"
set oCommand.ActiveConnection = oConn 'set the active connection

strQuery = "<LDAP://" & strServername & ">;(&(cn=" & strName & "*));Adspath,cn;subtree"
'response.write "strQuery = " & strQuery & "<BR>"

oCommand.CommandText = strQuery
set oRS = oCommand.Execute 'Execute the query

'Dissect the object to find the DN (Adspath)
BadAccount = ""
If oRS.EOF then
BadAccount = "Y"
msg = "You have entered incorrect credentials. Please re-enter your login information."
End If

Do While Not oRS.EOF
mydn = oRS.Fields(0)
ReturnValue2 = oRS.Fields(0)
Exit Do

'response.write "mydn = " & mydn & "<BR>"
'response.write "ReturnValue2 = " & ReturnValue2 & "<BR>"

oRS.MoveNext
Loop

'response.write "mydn = " & mydn & "<BR>"

'Dissect the variable to get the string we want
querydn = InStrRev(mydn, "/")
querydn = Mid(mydn, querydn + 1)

'response.write "querydn = " & querydn & "<BR>"

'Now that we have our DN we requery to check for authentication

On Error Resume Next

strDSN = "LDAP://SERVER"
Set dso = GetObject("LDAP:")
Set comp = dso.OpenDSObject(strDSN,querydn,strPassword,0)


'response.write "Error Number = " & Err.Number & "<BR>"
If Err.Number = 0 AND BadAccount = "" Then
Response.redirect "honorBase.html"
Response.Cookies("honorCookie")("userID")= strName
Response.Cookies("honorCookie")("role")=""
End If

If Err.Number <> 0 Then
msg = "You have entered incorrect credentials. Please re-enter your login information."
End If
End If
End If
%>


authMySql.pl



#!/usr/local/bin/perl

#source: http://forums.speedguide.net/showthread.php?t=190821

# PERL MODULES WE WILL BE USING
use DBI;
use DBD::mysql;
use CGI qw( :standard );
use CGI::Carp qw(fatalsToBrowser);

#print "Content-type: text/html \n\n";

$userPassed = param("userID");

# CONFIG VARIABLES
$platform = "mysql";
$database = "";
$host = "";
$port = "";
$tablename = "";
$user = "";
$pw = "";

# DATA SOURCE NAME
$dsn = "dbi:$platform:$database:$host:$port";

# PERL DBI CONNECT
$connect = DBI->connect($dsn, $user, $pw)
or die "Connection Error: $DBI::errstr\n";

# PREPARE THE QUERY
my $query = "SELECT * FROM $tablename WHERE User = '$userPassed'";
my $query_handle = $connect->prepare($query);

#print ($query);

# EXECUTE THE QUERY
$query_handle->execute();

while (@row = $query_handle->fetchrow_array) {
$roleIn = "$row[2]";
#print ("$roleIN");
}

$query = new CGI; # create a new CGI object
$cookie = $query->cookie ( -name => 'Role',
-value => "$roleIn",
-path => '/',
-expires => '+60m');

$location = '';

print $query->header(-cookie=>$cookie);
print "var myjsvar = '","$cookie","';\n";

print qq{<meta http-equiv="REFRESH" content="0;URL=">\n};

# HTTP HEADER
#print( header() );
#print ( start_html() );

# Print XHTML footer
#print ( end_html() );



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum