I want my scripts to maintain state when a user's session expires.
When that happens I send them to a login page and here's what I am working on
in the module that does the authentication:
my @names = $cgi->param();
my $hiddens;
foreach my $name(@names) {$hiddens .= $cgi->hidden($name)}
# Open the html template.
my $template = HTML::Template->new(filename =>
"$template_path/login.tt");
print $session->header();
$template->param(msg => "$msg");
$template->param(userfield => $cgi->textfield(-name=>'user',
-size=>15,
-maxlength=>30));
$template->param(password_field =>
$cgi->password_field(-name=>'password',
-size=>15,
-maxlength=>30));
$template->param(script_name => $ENV{'SCRIPT_NAME'});
$template->param(hiddens => $hiddens);
print $template->output;
In my login.tt page I have this:
<form id="login" action="<tmpl_var name="script_name">" method="post">
<tmpl_var name="userfield">
<tmpl_var name="password_field">
<input type="submit" value="Login">
<tmpl_var name="hiddens">
</form>
Now, this works pretty good, but I'm thinking I need to make sure the script
name is valid before sending the user on. So, what I'm thinking is to compare
it to a list of valid script names and if it doesn't pass the test I'll send
the user an error message.
Should that be good? Or do I need to ditch the $ENV{'SCRIPT_NAME'}) approach
all together?
Kindest Regards,
Bill Stephenson
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
http://learn.perl.org/
