Hi!
I've written a simple login-mechanism based on my modified Auth taglib,
as well as a taglib to fetch data from my database, but it seems that
$attr_encrypted is somehow loosing its value... Sometimes, the child
even segfaults when it exits...
These are the details:
I'm submitting a simple form,
<form method="POST" action="login.xsp">
<input type="text" name="username"/>
<input type="text" name="passwd"/>
<input type="submit"/>
</form>
and from login.xsp, I have this snippet:
<user:get-passwd>
<user:username><param:username/></user:username>
</user:get-passwd>
<auth:password-matches>
<auth:encrypted>
<user:get-passwd>
<user:username><param:username/></user:username>
</user:get-passwd>
</auth:encrypted>
<auth:clear><param:passwd/></auth:clear>
<auth:true>
<auth:login destination="/">
<auth:access type="user">
<param:username/>
</auth:access>
</auth:login>
<strong>Password is valid</strong>
</auth:true>
<auth:false><em>Password is invalid</em></auth:false>
</auth:password-matches>
Obviously, the user-stuff is my own taglib. I use it to fetch stuff like
the encrypted password and other user data from the database.
It is pretty straightforward, and it seems to work well. The only thing
that can go wrong with it is that I don't disconnect (BTW, any
experience here with using Apache::DBI with AxKit?).
The three first cites lines from login.xsp simply fetches the encrypted
password from the database, and I can see that it works because the
string appears. That's the sole purpose of it.
So, it should do the same thing to the auth:encrypted element, that's
the idea anyway... :-)
The relevant (?) modifications I've done now looks like this:
sub password_matches___true__open {
return << 'EOC';
AxKit::Debug(9, "Password: $attr_clear $attr_encrypted " .
crypt($attr_clear,$attr_encrypted));
if ($attr_clear && $attr_encrypted &&
(crypt($attr_clear,$attr_encrypted) eq $attr_encrypted)) {
EOC
}
However, looking in the log, the debugging statement looks like this:
[Mon Jan 27 15:49:55 2003] [warn] [client 195.1.208.96] [AxKit]
Password: ficken
and nothing more... Yep, I'm using the password from some example.
So, it seems $attr_encrypted has lost it's value, if it ever had it...
The XSP Perl code looks like this:
my ($attr_clear, $attr_encrypted);
do { $attr_encrypted = "".q%
%.. do {my ($attr_username);
do { $attr_username = "". do {$cgi->param(q|username|)}; ; };
my @_res = do { my $dbh = Skepsis::XSP::User::db_connect;
my $sth = $dbh->prepare("SELECT passwd FROM contributors WHERE
username=?");
$sth->execute($attr_username);
my @data = $sth->fetchrow_array;
$sth->finish;
@data;
}; eval{if (wantarray) { @_res; } else { join("",@_res); }} }.q%
%; ; };
.....and given that some very similar code resulted in the encrypted
password being shown just before, it is hard to understand why
$attr_encrypted hasn't got a (sensible) value...
Any clues to share?
When it is all over, i.e.
[Mon Jan 27 15:49:55 2003] [warn] [client 195.1.208.96] [AxKit] writing
xml string to browser
[Mon Jan 27 15:49:56 2003] [notice] child pid 5033 exit signal
Segmentation fault (11)
I'm using MaxRequestsPerChild 1 right now, so it is not strange that
exits, but that it exits with a segfault, that is a Bad Sign[tm],
isn't? I don't know if this is relevant at all to the above problem,
though.
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
