> Hi all.
>
> This is what i've done:
> - I've created a table which allows to manage "sessions" (see code below).
> - The script which validates users creates a "session_id". I pass this token as a
>hidden field to scripts in order to validate user's data every time.
> This works like this: Users enter their ID and password, and the page calls the
>script which checks user data and creates a session ID. Once the user has been
>checked against
> the database, the work page is displayed. Each action the user takes calls a cgi
>script with the session ID field as a hidden value. Scripts use the session_ID field
>to retrieve
> user's data from the database and perform whichever action the user asked for.
>
> Here is part of the code:
>
> *----Read parameters*
> #lectura de parametros del form ----------------------------
> foreach ($cgi->param()) {
> $cgi->param($_,uc($cgi->param($_)));
> }
>
>
> $legajo = $cgi->param('legajo');
> $password = $cgi->param('password');
> *
> ----- Check user data*
> ## conectar a la base de datos ------------------------------
>
> my $dbh = DBI ->connect("dbi:$driver:dbname=$base_datos",$usuario,$clave)
> ||die "no se puede abrir la base: $base_datos $DBI::errstr\n";
>
> ####CONSULTAR Datos Usuario-----------------------------------------
> my $sth=$dbh->prepare("SELECT * FROM usuarios WHERE legajo='$legajo';");
>
> $sth->execute();
>
> my $existe=$sth->rows();
>
> #extraccion de datos
> if ($existe)
> {
> @usuariosis = $sth->fetchrow_array();
> } else
> {
> print $cgi->header('text/html');
> print $cgi->start_html();
> print $cgi->h1("Error en usuario");
> print "<A HREF='/acceso.html'><P>Volver</P></A>";
> exit;
> }
> $sth->finish();
>
> $grupo = $usuariosis[3];
> $codigo = ($resguardos{$legajo}?$_:"770");
> $tiporesg = $tipores{$codigo};
>
> $_ = $usuariosis[6];
> s/ //g;
> $usuariosis[6]=$_;
>
>
> if (crypt($password, $usuariosis[6]) ne $usuariosis[6]){
> print $cgi->header('text/html');
> print $cgi->start_html();
> print $cgi->h1("Error en clave");
> print "<A HREF='/acceso.html'><P>Volver</P></A>";
> exit;
> }
> else {
> $session = generar_id();
>
> $dbh->do ("insert into conexion values ('$legajo',
> '',
> '$fecha',
> '$horaacceso',
> '$grupo',
> '$codigo',
> '$tiporesg',
> '$session');");*#This inserts a record into the
>"conexion" table for session tracking*
>
> #Genera página de trabajo --------------------------------
>
> print $cgi->header (-type=>"text/html",
> -target=>"abajo");
> print $cgi->frameset({-border=>'1', -frameSpacing=>'1',
> -cols=>'200,*', -frameBorder=>'1'},
>
>$cgi->frame({-name=>'iab',-src=>'trabajo.plx?sesion='.$session}),*#This calls the
>main work page*
>
> $cgi->frame({-name=>'derecha',-src=>'/blank.html'})
> );
>
> }
>
> $cgi->end_html;
> $dbh->disconnect();
>
>
> *This sub generates the session ID*
> sub generar_id{
> return sprintf("%08.8x",rand()*0xffffffff);
> }
>
>
> I hope this helps.
> I am new to perl so check the code for security issues.
>
> Pablo A. Castrillo
>
>
>
Reposting in plain text format.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
