Hello,

I am still working on developing the project that so many of you have helped with. Now that I got the authentication working and the ASP authentication page is creating a cookie once validated and redirecting to a perl script, I want to do the following:

1) At the top of each page, create a check to ensure that the user has logged in (a cookie exists)...If it doesn't, redirect them to the login page
2) In the "authMySql.pl" file (the script that the login page redirects to), I also want to capture the user name entered on the ASP form and validate it against a mySQL table we have created. The query will use the username entered to capture the "role" of the user logging in. If the username exists in the table, the perl script will then modify the SAME cookie to store the role and display the "admin" rights...

Below is the ASP page and the "authMySql.pl" page, respectively. Thanks for all of the help.

Code:
<% 
            
strServerName = "SERVER" 
strName = Request("username")
strPassword = Request("password")
ActionIN = request("Action")

If ActionIn = "Logon" then

    If strName = "" OR strPassword = "" then
                msg = "You must include both a User Name and a Password."
    End If

    If strName <> "" AND strPassword <> "" then

    'Establish an object connection and set up the query to find the DN
       set oConn = CreateObject("ADODB.Connection") 
       
       set oCommand = CreateObject("ADODB.Command") 
       set oRS = CreateObject("ADODB.Recordset") 
       oConn.Provider = "ADsDSOObject" 
       oConn.Open "Ads Provider" 
       set oCommand.ActiveConnection = oConn    'set the active connection 
    
       strQuery = "<LDAP://" & strServername & ">;(&(cn=" & strName & "*));Adspath,cn;subtree" 
       'response.write "strQuery = " & strQuery & "<BR>"
            
      oCommand.CommandText = strQuery
      set oRS = oCommand.Execute 'Execute the query 
      
      'Dissect the object to find the DN (Adspath)
		BadAccount = ""
		If oRS.EOF then
		            BadAccount = "Y"
		            msg = "You have entered incorrect credentials. Please re-enter your login information."
		End If

      Do While Not oRS.EOF 
                  mydn = oRS.Fields(0)
                  ReturnValue2 = oRS.Fields(0)
      Exit Do
      
      'response.write "mydn = " & mydn & "<BR>"
      'response.write "ReturnValue2 = " & ReturnValue2 & "<BR>"
    
      oRS.MoveNext 
      Loop
      
      'response.write "mydn = " & mydn & "<BR>"
    
     'Dissect the variable to get the string we want
     querydn = InStrRev(mydn, "/")
     querydn = Mid(mydn, querydn + 1)
     
     'response.write "querydn = " & querydn & "<BR>"
     
     'Now that we have our DN we requery to check for authentication 
     
    On Error Resume Next
    
    strDSN = "LDAP://SERVER"
    Set dso = GetObject("LDAP:") 
    Set comp = dso.OpenDSObject(strDSN,querydn,strPassword,0)
    
    
    'response.write "Error Number = " & Err.Number & "<BR>"
			If Err.Number = 0 AND BadAccount = "" Then 
			    Response.redirect "honorBase.html"
			    Response.Cookies("honorCookie")("userID")= strName
				Response.Cookies("honorCookie")("role")=""
			End If

            If Err.Number <> 0 Then
                 msg = "You have entered incorrect credentials. Please re-enter your login information."
            End If
    End If
End If
%>
authMySql.pl

Code:
#!/usr/local/bin/perl

#source: http://forums.speedguide.net/showthread.php?t=190821

# PERL MODULES WE WILL BE USING
use DBI;
use DBD::mysql;
use CGI qw( :standard );
use CGI::Carp qw(fatalsToBrowser);

#print "Content-type: text/html \n\n";

$userPassed = param("userID");

# CONFIG VARIABLES
$platform = "mysql";
$database = "";
$host = "";
$port = "";
$tablename = "";
$user = "";
$pw = "";

# DATA SOURCE NAME
$dsn = "dbi:$platform:$database:$host:$port";

# PERL DBI CONNECT
$connect = DBI->connect($dsn, $user, $pw)
or die "Connection Error: $DBI::errstr\n";

# PREPARE THE QUERY
my $query = "SELECT * FROM $tablename WHERE User = '$userPassed'";
my $query_handle = $connect->prepare($query);

#print ($query);

# EXECUTE THE QUERY
$query_handle->execute();

while (@row = $query_handle->fetchrow_array) {
	$roleIn = "$row[2]";
	#print ("$roleIN");
	}
	
$query = new CGI; # create a new CGI object
$cookie = $query->cookie ( -name => 'Role',
                           -value => "$roleIn",
                           -path => '/',
                           -expires => '+60m');

$location = '';

print $query->header(-cookie=>$cookie);
print "var myjsvar = '","$cookie","';\n";

print qq{<meta http-equiv="REFRESH" content="0;URL=">\n};

# HTTP HEADER
#print( header() );
#print ( start_html() );

# Print XHTML footer
#print ( end_html() );