MySQL Forums
Forum List  »  Perl

Re: Perl authentication using mySQL table
Posted by: Randy Clamons
Date: April 09, 2009 11:06AM

It's pretty simple. You don't want to expose your 'real' user name and password by attaching it to a button. You'll want to do that all on the server side in your Perl script. This is the user name and password that allows access to mySQL.

The second user name and password is to allow access to the auction and to identify the user for user-specific functions. You'll probably want to store those passwords with some sort of encryption--a one-way encryption like md5 built-in to mySQL would work ok.

When you store the password it'll look like this:

my $username = $q->param('username');
my $password = $q->param('password');
my $userid = $q->param('userid')
my $sql =
"UPDATE `users` SET
username = '$username',
password = MD5('$password')
WHERE users.id = '$userid'";

When you authenticate the auction user it'll look like this:

my $username = $q->param('username');
my $password = $q->param('password');
my $sql =
"SELECT from `users` WHERE username='$username' AND password = MD5('$password')";

There's more that you'll need to do to prevent SQL injections, javascript and html from being entered into your db. You need to check for special characters that either need to be escaped or not allowed.

Note the update statement puts the userid in quotes (single quotes here). That'll keep your script from throwing an error if there is no userid value.

That's about all there is to it. Have fun.

Options: ReplyQuote


Subject
Written By
Posted
Re: Perl authentication using mySQL table
April 09, 2009 11:06AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.