On Tuesday 09 December 2008 8:47:06 am [EMAIL PROTECTED] wrote: > Hey All, > > I'm new to doing CGI with Perl and so am a little lost here. > > I'm working on a web-accessible database system for a (rather large) > group of area churches and went through the rigmarole of assessing > various programming and scripting languages to see which is the best > tool for the job and I landed on Perl::CGI. > > I started working on this project and have created scripts that > generate a registration page that emails the registration information > to me for processing. This is intentional, by the way, as I don't > want it to be a self-register site for certain security reasons. > These scripts work fine, so I started working on a logon form to allow > users who are already registered to logon. So, on my main page, I > have a right-hand pane that looks similar to this (in the HTML code): > > <div id='rightcontent'> > <p><a href='http://myserver.domain.org/cgi-bin/ > boms.cgi'>Register</a></p> > <br /> > <h3>Logon</h3> > <form method='POST' action='http://myserver.domain.org/cgi-bin/ > logon.cgi'> > Username:<br /> > <input type='textfield' name='uname' /><br /> > Password:<br /> > <input type='password' name='pwd' /><br /> > <input type='submit' name='logon' value='Logon' /> > </form> > </div> > ...etc... > > This form displays pretty well, though I need to work on the width of > the fields, but that's not my issue. My issue is when I fill in the > data in the fields and submit it to my "logon.cgi" script, the > password value gets an arbitrary string of numbers attached to the end > and I am not having any luck figuring out where those numbers come > from, nor how to get rid of them back to the clear text of the > password. For example: > > I enter the string 'hiyall2008' in the password field and get the > following values in my logon script... > Click 1: hiyall2008153639492 > Click 2: hiyall2008135813700 > Click 3: hiyall2008152312388 > et cetera... > > As you can see, there is a different arbitrary string of numbers at > the end of the clear text of the password entered. If it was the same > each time the password was entered, I would just make it a part of the > password and encrypt the whole thing into my database. However, each > time it is different. It appears to be only 9 numbers each time, so I > decided to try and strip those 9 numbers off the password with the > 'substr()' method. So, I created the following sub procedure to do > that: > > sub strip_string > { > my $ret = ""; > for (my $i = 0; $i < length($_[0]) - 9; $i++) { > $ret .= substr(length($_[0]) - $i, 1); > #print $ret; > } > > return $ret; > } > > Now, when I use this method to "strip" the arbitrary numbers from the > end of the entered password, I get the following: > > I enter the same password as before, "hiyall2008", and get the > following: > Click 1: 0134588996 > Click 2: 0157203012 > Click 3: 0138639940 > > Now, not only do I have arbitrary strings of numbers, I have 10 > numbers instead of 9! I know that it is something that I'm not doing > correctly, but I cannot figure out what I'm doing wrong. > > I've read through my Perl books, searched Google with numerous > different queries and read through a bunch of different references > online. However, none of them mention this issue with the password > field in a web form when accessed from Perl::CGI. I am at a complete > loss as to where to go from here. According to my "Perl Core > Language, Little Black Book", if I pass a negative number to the substr > () function's LEN parameter, substr() will remove that many characters > from the end of the string. Every other reference to the substr() > function, of course, says the same thing. However, when I've > attempted that, I only got back the characters that I was wanting > omitted. Frustration just keeps building! > > Anyway, any help that y'all can give is greatly appreciated. > Especially, please, links to better examples of tweaking a string with > the substr() function. The ones in my "Little Black Book" are pretty > lame, and I was unable to find much better online. Again, any help is > greatly appreciated. I look forward to your responses. > > Cheers, > > Sean C. > PekinSOFT Systems
you need to post the whole script so we can see the context of the problem. like how your retrieving the passed params and so forth. you could also try using regexp "s" operator to clean up the passed string. you could also try and isolate the problem by using plan text insted of an input field of password and see if the string is appended with the same sort of junk numbers. good luck Greg -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/
