Hi everyone, how are yall doing?

I am developing a system where upon login (valid username and password) a session is started.


$session = new CGI::Session("driver:File", undef, {Directory=>"/tmp"});
$cookie = $cgi->cookie(CGISESSID => $session->id);
print $cgi->header( -cookie=>$cookie );


I want to check at top of every page if the session is still valid or the user has logged out. If the user has logged out they should be redirected to the login.pl page.

$sid = $cgi->cookie("CGISESSID") || undef;
$session = new CGI::Session(undef, $sid, {Directory=>'/tmp'});



My concern is if someone has logged out, or the CGISESSID cookie is not set at all and if some one creates a cookie with name CGISESSID (using tools like firefox webdeveloper too) they could not be granted access. :eek:

I have been trying to fix this for 2-3 days but its just not happening

I would really apprecite if you could provide me with the script for creating session after successful login and validating this session at everypage.

Thankyou all for your prompt help and concern.

-Rakesh Gupta

Rakish ...

I thought that the whole point of using sessions is to keep the session
data stored on the server, not the client. Each person that creates
a session is unique? Am I correct about that? I don't think anyone can just
go in with a cookie and gain access.

If you wish a person to have persistant access, you send them a cookie,
but it's compared to the session variables in the server when they access
a page. Someone may be able to "shag" the cookie, but their IP address
wouldn't match when the compare takes place.

I think this explains it (in a PHP way):
http://www.mtdev.com/2002/07/creating-a-secure-php-login-script/

well, you need the session ID in a cookie, otherwise how does the session get associated with a user?

See if this helps:

http://search.cpan.org/~markstos/CGI-Session-4.14/lib/CGI/Session/Tutorial.pm

I will try to read the tutorial and figure out how to associate a user with a session.

I would really appreciate if you guys have some handy scripts that implements shows me how to associate a user ( i think i am getting greedy) but i have already spent like 3-4 days reading stuff.

Thankyou once again

-Rakesh

use strict;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
use CGI::Session;
use Crypt::PasswdMD5;
use DBI;
use globals;

my $cgi = new CGI;
my $self = $cgi->url;
my %login = $cgi->Vars;
my ($authenticated, $roll, $name);
my $session = new CGI::Session($cgi) or die CGI::Session->errstr;


if ( $login{'logout'} || ! $session->param('logged_in') ) {
$session->clear;
$session->delete();
}

if ( $cgi->param('Login') ) {
($authenticated, $roll, $name) = authenticate_user();
}

($authenticated || $session->param('logged_in') ) ? admin_page() : login();



sub authenticate_user {
if ( defined $login{'username'} && defined $login{'password'} ) {
my ($encrypted_pass, $roll, $name) = queryDB($login{'username'});
if ( $encrypted_pass ) {
my $salt = substr($encrypted_pass, 3,8);
my $password = unix_md5_crypt( $login{'password'}, $salt );
if ( $password eq $encrypted_pass ) {
$session->param('logged_in', 1);
return (1, $roll, $name);
}
}
}
$login{'failed'} = 'Invalid username, or password...Please try again';
return 0;
}

sub login {
print $cgi->header,
$cgi->start_html(-title=>'Email Administration Login',
-style=>{-src=>'/emadmin.css'}
);

print "<img src='/logo.gif' />\n",
$cgi->h1("Email Administration").$/,
$cgi->start_form(-name=>'login'),
'<p>Username: ', $cgi->textfield('username'), "<br>\n",
'Password:&nbsp ', $cgi->password_field('password', ''), "</p>\n",
'<p>', $cgi->submit('Login', 'Login'), "</p>\n",
$cgi->end_form;

print $login{'failed'} if defined $login{'failed'};
print $cgi->end_html;
}

You should look at this method for loading an existing session.
$session = CGI::Session->load() or die CGI::Session->errstr;

Info on this can be found in the "DELETING A SESSION" section of the tutorial that Kevin posted.

Kevin ...

how does the session get associated with a user?

I never made that connection ... now I see it.

So the ID is the really long (encrypted) session number
that gets saved in the cookie? It looks like a string of
random numbers?

Kevin ...

I never made that connection ... now I see it.

So the ID is the really long (encrypted) session number
that gets saved in the cookie? It looks like a string of
random numbers?


Yes, that is how it works. Just the session ID gets stored in a cookie. But if the user has cookies disabled you have to pass the session ID in the query string or in a form field, usually a hidden field.

FishMonger,

Thankyou for providing me with the script, I will try to implement the sessions tomorrow when i get back to work..

I appreciate and thank you all for helping me out.

May God Bless you.



-Rakesh

groan,

OK, using FishMonger's login script I am trying to add sessionID's.

Having successfully logged in, the script runs the admin sub and it is here I am adding to the session vars. (well trying to). After this, the sub redirects you to the index file and in it, I am trying to call from the session vars, the varaible $Client_Full_Details.

But, I am stuck.

here is the login script which, needless to say, works. (it's Fishmonger's :) )

It's the admin sub which is mine and is yet to work.


sub admin_page {
my $cgi = new CGI;
my $self = $cgi->url;
my %login = $cgi->Vars;
my $session = new CGI::Session($cgi) or die CGI::Session->errstr;
my $CGISESSID = $session->id();

if ( $login{'logout'} || ! $session->param('logged_in') ) {
$session->clear;
$session->delete();
}
my ($authenticated, $StoredUserName, $Client_Full_Details) = authenticate_user() if $cgi->param('Login');

($authenticated || $session->param('logged_in') ) ? admin_page() : login();



sub admin_page {


##=========##
my $query = new CGI;
my $cgi = new CGI;
my $self = $cgi->url;
my %login = $cgi->Vars;
my $session = new CGI::Session($cgi) or die CGI::Session->errstr;

if ( $login{'logout'} || ! $session->param('logged_in') ) {
$session->clear;
$session->delete();
}

## consult cookie on users PC.
my $cookie = $query->cookie( -name => $session->name,
-value => $session->id );
my $sessionID = $query->header( -cookie=>$cookie );
#print "sessionId=$sessionID<br />";
#print "cookie=$cookie";

#print $session->header();
$session->param('StoredUserName',$StoredUserName);
$session->param('Client_Full_Details',$Client_Full_Details);


print "Location: http://cms.thechrissystem.com/cgi-bin/EazyEdit/index?$cookie\n\n";
#printf "Location: http://cms.thechrissystem.com/cgi-bin/EazyEdit/index?%s=%s, $session->name, $session->id\n\n";
}




here is the sessionID part of the index file.



# SESSION ID STUFF ###


##=========##
my $cgi = new CGI;
my $self = $cgi->url;
my %login = $cgi->Vars;
my $session = new CGI::Session($cgi) or die CGI::Session->errstr;

if ( $login{'logout'} || ! $session->param('logged_in') ) {
$session->clear;
$session->delete();
}

## consult cookie on users PC.
my $cookie = $query->cookie( -name => $session->name,
-value => $session->id );
my $sessionID = $query->header( -cookie=>$cookie );
#print "sessionId=$sessionID<br />";
#print "cookie=$cookie";

#print $session->header();
my $cfd=$query->param('Client_Full_Details');



I am stuck on setting session vars and retrieving them. The tutes I have don't seem to be getting through to me. :(

bazz

OK i have worked on this some more and am nearly there, I think.

I just seem to not be carrying the session through to the index page.

The admin sub of the login script is below


sub admin_page {

my $Client_Full_Details = authenticate_user{"$Client_Full_Details"}; # gets the full details for the business
my $storedUserName = authenticate_user{"$StoredUserName"}; # gets the username from the Database.
my $CGISESSID = $session->id();
#print $session->header();
#my $session->param('Client_Full_Details',$Client_Full_Details); # stores the variable on the server.

# Send the cookie linking the user to the server session
my $id = $session->id();
my $host = $ENV{'HTTP_HOST'};
#print "Set-Cookie: session=$id; domain=.$host; path=/\n";


#my $CGISESSID = $session->id();
#print 'Content-type: text/html'."\n\n";
#print "cfd=$Client_Full_Details<br />";
#print "storedUserName=$StoredUserName";


print "Location: http://mydomain.com/cgi-bin/EazyEdit/index?CGISESSID=$CGISESSID\n\n";

}

and the start of the index file, which has to use the session varibales is like this.


use CGI::Session ( '-ip_match' );

my $session = CGI::Session->load();
my $q = new CGI;

if($session->is_expired)
{
print $q->header(-cache_control=>"no-cache, no-store, must-revalidate");
print "Your has session expired. Please login again.";
print "<br/><a href='login.pl>Login</a>";
}
elsif($session->is_empty)
{
print $q->header(-cache_control=>"no-cache, no-store, must-revalidate");
print "You have not logged in";
}
else
{
print $q->header(-cache_control=>"no-cache, no-store, must-revalidate");
print "<h2>Welcome";
print "<a href='login.pl?action=logout'>Logout";
}
#my $session = new CGI::Session($cgi) or die CGI::Session->errstr;
print $session->header,





The result I get, in index is this.

Cache-control: no-cache, no-store, must-revalidate Content-Type: text/html; charset=ISO-8859-1 You have not logged inSet-Cookie: 1ff48c1f30fac0d5a25d129f858988c9 Date: Fri, 08 Jun 2007 23:19:40 GMT Content-Type: text/html; charset=ISO-8859-1 /var/www/vhosts/mydomain/subdomains/cms/httpdocs

Am I missing something really obvious??

bazz

Bazz,

I'm on vacation and have been trying to stay away from the computer, but thought I'd check-in.

It looks like you're getting farther away from a working solution.
my $Client_Full_Details = authenticate_user{"$Client_Full_Details"}; # gets the full details for the business
my $storedUserName = authenticate_user{"$StoredUserName"}; # gets the username from the Database.That's going to generate this error:
Global symbol "$Client_Full_Details" requires explicit package name at ...
Global symbol "$StoredUserName" requires explicit package name at ...

Instead of going over the other issues in your modifications to my script, my recommendation is for you to revert back to my working example. Just modify the db querry portion to return the proper values. Once you get it working to that point, instead of doing the redirection, replace the iframe section with whatever html your index page is outputting.

I'll be back from vacation next week and, if you wish, you can send me a complete copy of your script(s) and I'll take a closer look.

FishMonger, Thank you.

I have changed the scripts a bit from my last post so what is shown earlier is now out-of-date. I now have it working in the iframe and the $Client_Full_Details variable is reaching the sub 'admin'.

Using the iframe sounds simpler so that is probably why I didn't think of it. :rolleyes:

I shall work on the following issues which I think are still there.

1. stopping access to the index file unless its in this iframe - perhaps with htaccess - deny from all
2. making other scripts load into the iframe as appropriate, ie. those which index links to. duh! already does this.
3. getting the iframe to use the variable which is already int the sub routine. done.

bazz

OK, so I am making lovely progress now and have it all working, with my scripts modified now so that I have one (of each ), for all clients instead of one of each file, for each client. (I did used to make things difficult didn't I). (Rhetorical question follks!!) :)

Just one remaining thing to resolve. I want to stop people accessing the index file (well all 12 files actually), directly through their browser. I have tried checking for session or login and thought I was onto something when I then found I couldn't access the files through the iframe.

I would appreciate some advice so that I can crack this.

bazz

Bazz,

Is the index file a Perl script or is it a plain html file that you get redirected to after logging in?

If you want to send me a copy of your login script and index file, I'll see if I can spot the problem. Things are a little busy at the moment, so it might take a few days before I have any free time.

BTW, even though this falls in line with Rakish's original question, it would be best to start a knew thread instead of tagging it onto this one.

Thanks FishMonger, I'll do that if I have to post another question.

Yes, when logging in, the iframe is populated with a perl file, which links to a series of perl files all of which load into the iframe. They are for different aspects of the CMS.

your (amended by me) login code. Still seems to work well


#!/usr/bin/perl


use CGI::Carp qw(fatalsToBrowser);
use strict;
use CGI qw(:all);
use CGI::Session;
use Crypt::PasswdMD5;
use DBI;
use lib '/var/www/vhosts/mydomain/cgi-bin/';
my $cgi = new CGI;
my $self = $cgi->url;
my %login = $cgi->Vars;
my $session = new CGI::Session($cgi) or die CGI::Session->errstr;

if ( $login{'logout'} || ! $session->param('logged_in') ) {
$session->clear;
$session->delete();
}
my ($authenticated, $StoredUserName, $Client_Full_Details) = authenticate_user() if $cgi->param('Login');

($authenticated || $session->param('logged_in') ) ? admin_page() : login();

#####################################################################

sub login {
require 'myheader.pm'; # appends my doctype and the first part of the 'head' section.
require 'myheadCloserForLogin.pm'; # closes the head section. (remember, other scripts have JS portions to include in the 'head' section, hence two header files here(three or four in the other files).

print $cgi->h3("Login & Administration").$/,
$cgi->start_form(-name=>'login'),
'<p>Username: ', $cgi->textfield('username'), "<br>\n",
'Password: ', $cgi->password_field('password', ''), "</p>\n",
'<p>', $cgi->submit('Login', 'Login'), "</p>\n";
#$cgi->end_form;
print qq(</form>);
print $login{'failed'} if defined $login{'failed'};
print $cgi->end_html;

}


sub authenticate_user {
if ( defined $login{'username'} && defined $login{'password'} ) {
my ($Customer_ID, $StoredUserName, $encrypted_pass, $Client_Full_Details) = queryDB($login{'username'});

if ($encrypted_pass) {
my $salt = substr($encrypted_pass, 3,8);
my $password = unix_md5_crypt( $login{'password'}, $salt );

if ( $password eq $encrypted_pass ) {
$session->param('logged_in', 1);
$session->param('admin', $StoredUserName);

return (1, $StoredUserName, $Client_Full_Details);
}
}
}
$login{'failed'} = 'Invalid username, or password...Please try again';

return 0;
} # end of sub



sub admin_page {

my ($baseBusinessName, $baseBusinessType, $baseBusinessSubType, $baseBusinessCat, $baseBusinessLocalRegion, $baseBusinessCounty, $baseBusinessGrid, $baseBusinessPostCode, $groupName, $TIC, $baseBusinessSubscriptionStatus, $parentBusinessType, $parentgroupBusinessName) = split /\_/, $Client_Full_Details, 14;
my $baseBusinessNameDeHyphenated = $baseBusinessName;
$baseBusinessNameDeHyphenated =~ s/-/ /g;

#my $search = 'search.pl';
#my $add = 'add.pl';
#my $delete = 'delete.pl';
#my $modify = "modify.pl?admin=$login{'username'}"; # change this to use a session param
#my $chgIMAPpass = 'chgIMAPpass.pl';
#################
##print $session->header(),
#$cgi->start_html( -title=>"Email Administration",
#-style=>{-src=>'/emadmin.css'}
#);
require 'myHeader.pm'; # puts my header logo at the top of the iframe

$session->param('user', 'username');

print qq(
<div id="loginWelcome">
<p>Welcome:<strong>$StoredUserName</strong></p>
</div>);
print qq(
<div id="webmail"><a href="http://webmail.thechrissystem.com" target="main">Webmail</a></div>);
print $cgi->start_form(-name=>'logout'),
$cgi->submit('Logout'),$cgi->p,
$cgi->a({-href=>"chgpass.pl?user=$login{'username'}", -target=>"main"},
"Change My Password");
print qq(</form>\n);

print qq(<table border=0><tr><td></td>);
print $cgi->a({-href=>"$search", -target=>"main"}, "Search").'</td>';

print '</tr></table>';
print qq(<iframe id="iframe" name='main' src='index/$Client_Full_Details' width='100%' height='700'></iframe>);
print $cgi->end_html;
}


sub queryDB {
my $isodb = 'MainUserLogin';
my $isosrv = 'localhost';
my $isoser= 'myUserName';
my $isopass= 'myPasswd';
my $port = 'port';
my $user = shift;


my $dbh = DBI->connect("DBI:mysql:$isodb:$isosrv", $isouser, $isopass,
{'RaiseError' => 1, 'PrintError' => 0 })
or die "Connection Failed: $isodb DB on $isosrv\n\t$DBI::errstr\n";

my $sth = $dbh->prepare("SELECT Customer_ID, StoredUserName, StoredPassword, Client_Full_Details
FROM securityTable
WHERE StoredUserName = '$user' AND Status = 'active' ")
or die "prepare statement failed: $DBI::errstr\n";


$sth->execute;
my ($Customer_ID, $StoredUserName, $StoredPassword, $Client_Full_Details ) = $sth->fetchrow_array;
$sth->finish;
$dbh->disconnect;
return ($Customer_ID, $StoredUserName, $StoredPassword, $Client_Full_Details);
}




and here is the top part of the code in my index file (which loads into the iframe).


#!/usr/bin/perl -w

use CGI;
use Cwd;
use IO::Dir;
use CGI::Session;
use strict;
use CGI::Carp qw(fatalsToBrowser);
use lib '/var/www/vhosts/mydomain/cgi-bin/';

my $query = new CGI;
my $self = $query->url;
my %login = $query->Vars;
use CGI::Session;

#tried this but it (obviously) creates new session
#my $session = new CGI::Session($query) or die CGI::Session->errstr;
#
#if ( $login{'logout'} || ! $session->param('logged_in') ) {
# $session->clear;
# $session->delete();
#}
# then tried this :confused: as to why :(
# if ($query->param('Login')) { # if logged in print no header div
# print qq();
# } else { # if not logged redirect to login script
# print "Location:http://mydomain/cgi-bin/EazyEdit/CustomerLogin.pl\n\n";
# }
#finally this.
#my $session = new CGI::Session($query) or die CGI::Session->errstr;
#if (!$session) {
# print "Location:http://mydomain/cgi-bin/EazyEdit/CustomerLogin.pl\n\n";
#}

my $files;
require 'MyConfig.pm';
my $filesLocation = cmsFilesLocation($files);

my $Root = $ENV{"DOCUMENT_ROOT"};
my $Path = $ENV{"PATH_INFO"};
my $Referer = $ENV{"HTTP_REFERER"};
require 'mrTourismHeader.pm';
require 'headCloserForLogin.pm';



I am trying to add some code which not only, prevents the individual files from loading directly in the browser, but by a method which is equaly secure as the login script. My plan is to put that code into its own file and require it at the top, by all individual CMS files.

bazz

Try this in the index script:
#!/usr/bin/perl -w

use CGI;
use Cwd;
use IO::Dir;
use CGI::Session;
use strict;
use CGI::Carp qw(fatalsToBrowser);
use lib '/var/www/vhosts/mydomain/cgi-bin/';

my $query = new CGI;
my $self = $query->url;
my %login = $query->Vars;
use CGI::Session;

my $session = CGI::Session->load;

if ($session->is_empty || $session->is_expired) {
print $query->redirect("http://mydomain/cgi-bin/EazyEdit/CustomerLogin.pl");
}


my $files;
require 'MyConfig.pm';
my $filesLocation = cmsFilesLocation($files);

my $Root = $ENV{"DOCUMENT_ROOT"};
my $Path = $ENV{"PATH_INFO"};
my $Referer = $ENV{"HTTP_REFERER"};
require 'mrTourismHeader.pm';
require 'headCloserForLogin.pm';

Thanks FishMonger but, that stops access directly to the index file but also, when logged into the login file, the redirect is also performed on the index file in the iframe.

It seems strange that I can't make session data persistent. if index checks for the session, it doesn't see it, even if I have logged in and index is loading to the iframe.

Tested that code again and, session is empty, even when loading index into the iframe. That suggests to me that 'login' isn;t creating the session but as far as I can tell, it should be. :confused:

And, if I have logged in and then go back a page, I have to login again. So isn't this tending to show me that the session data isn't being saved?

bazz

I have tried to replicate what the other users have been doing and looking to do the same.....


I would like to have the index.cgi ask for login once (auth.cgi) and display the page and only go to the Auth.cgi only when needed after that.

In the code below I see the I see the session param $session->param('admin', $StoredUserName); set once but not checked or queried later.

What I dould like to have is ... to log in once and have the ability to go to multiple pages like index2.cgi index3.cgi etc etc. What code would I have to put in the top of each of the pages?

Code of the two modules worked by fishmonger primarily and bazz are shown below.


I have what is called the index.cgi code that looks like

#!/usr/local/bin/perl


use CGI qw/:standard/ ;
use CGI::Carp qw/fatalsToBrowser warningsToBrowser/;

BEGIN {
my $homedir = ( getpwuid($>) )[7];
my @user_include;
foreach my $path (@INC) {
if ( -d $homedir . '/perl' . $path ) {
push @user_include, $homedir . '/perl' . $path;
}
}
unshift @INC, @user_include;
}

use CGI::Session ( '-ip_match' );

$session = CGI::Session->load();
$q = new CGI;

if ($session->is_empty || $session->is_expired) {
print $q->redirect("auth.cgi");
}else{
print $q->header(-cache_control=>"no-cache, no-store, must-revalidate");
print a({href=>'auth.cgi?action=logout'},"Logout");
}




And then I have the auth.cgi which looks like
------------------------------------------------------------------------


#!/usr/local/bin/perl

#use strict;
use CGI qw(:all);
use CGI::Carp qw/fatalsToBrowser warningsToBrowser/;

BEGIN {
my $homedir = ( getpwuid($>) )[7];
my @user_include;
foreach my $path (@INC) {
if ( -d $homedir . '/perl' . $path ) {
push @user_include, $homedir . '/perl' . $path;
}
}
unshift @INC, @user_include;
}

use CGI::Session ( '-ip_match' );
use Crypt::PasswdMD5;
use DBI;

my $cgi = new CGI;
my $self = $cgi->url;
my %login = $cgi->Vars;
my $session = new CGI::Session($cgi) or die CGI::Session->errstr;

if ( $login{'logout'} || ! $session->param('logged_in') ) {
$session->clear;
$session->delete();
}
print $cgi->header(-cache_control=>"ano-cache, no-store, must-revalidate");
print $cgi->p("Hello!");

my ($authenticated, $StoredUserName, $Client_Full_Details) = authenticate_user() if $cgi->param('Login');
#
($authenticated || $session->param('logged_in') ) ? admin_page() : login();
#
#exit 0 ;
######################################################################
#
sub login {

#
print $cgi->h3("Login & Administration").$/,
$cgi->start_form(-name=>'login'),
'<p>Username: ', $cgi->textfield('username'), "<br>\n",
'Password: ', $cgi->password_field('password', ''), "</p>\n",
'<p>', $cgi->submit('Login', 'Login'), "</p>\n";
$cgi->end_form;
print qq(</form>);
print $login{'failed'} if defined $login{'failed'};
print $cgi->end_html;

}
#
#
sub authenticate_user {
if ( defined $login{'username'} && defined $login{'password'} ) {

# print "The login name is $login{'username'} ---- and the password entered is $login{'password'} ",br() ;

my ($Customer_ID, $StoredUserName, $encrypted_pass, $Client_Full_Details) = queryDB($login{'username'});

if ($encrypted_pass) {
my $salt = substr($encrypted_pass, 3,8);
my $password = unix_md5_crypt( $login{'password'}, $salt );

# print "Encrypted password is $password", br() ;

if ( $password eq $encrypted_pass ) {
$session->param('logged_in', 1);
$session->param('admin', $StoredUserName);

return (1, $StoredUserName, $Client_Full_Details);
}
}
}
$login{'failed'} = 'Invalid username, or password...Please try again';

return 0;
} # end of sub
#
#
#
sub admin_page {
#

$session->param('user', 'username');

print qq( <div id="loginWelcome"> <p>Welcome:<strong>$StoredUserName</strong></p> </div>);
print qq( <div id="webmail"> <a href="test.cgi" target="main">Dump data</a></div>);
print $cgi->start_form(-name=>'logout'),
$cgi->submit('Logout'), $cgi->p,
$cgi->a({-href=>"chgpass.cgi?user=$login{'username'}", -target=>"main"}, "Change My Password");
print qq(</form>\n);

print qq(<table border=0><tr><td></td>);
print $cgi->a({-href=>"$search", -target=>"main"}, "Search").'</td>';

print '</tr></table>';
print qq(<iframe id="iframe" name='main' src='index/$Client_Full_Details' width='100%' height='700'></iframe>);
print $cgi->end_html;
}
#
sub queryDB {
my $Hostname = "localhost" ;
my $DBName = "arteecol_test" ;
my $DBUser = "********" ;
my $DBPassword = "*******" ;
my $port = '3306';
my $user = shift;

# print "Username in queryDB is $user" , br() ;

my $dbh = DBI->connect("DBI:mysql:$DBName:$Hostname", $DBUser, $DBPassword,
{'RaiseError' => 1, 'PrintError' => 0 })
or die "Connection Failed: $DBName DB on $Hostname \n\t$DBI::errstr\n";

my $sth = $dbh->prepare("SELECT Customer_ID, StoredUserName, StoredPassword, Client_Full_Details
FROM securityTable
WHERE StoredUserName = '$user' AND Status = 'active' ")
or die "prepare statement failed: $DBI::errstr\n";


$sth->execute;
my ($Customer_ID, $StoredUserName, $StoredPassword, $Client_Full_Details ) = $sth->fetchrow_array;
$sth->finish;
$dbh->disconnect;
return ($Customer_ID, $StoredUserName, $StoredPassword, $Client_Full_Details);
}