Hi,
I use mod_rewrite to provide simpler URLs for my database-driven site. My
document root's .htaccess contains the following line (among others):
RewriteRule pages/([0-9]+) cgi-bin/show.pl?id=$1
It works fine.
But some of my pages are password-protected, such that show.pl calls the
following subroutine before granting access:
sub check_user {
my ($user_id, $u_input, $p_input, $mode) = @_;
my $query = "SELECT user_name, user_password FROM users WHERE user_id = ?";
my $sth = $dbh->prepare($query);
$sth->execute($user_id);
my ($user_name, $user_password) = $sth->fetchrow_array;
$sth->finish();
return 1 if $u_input eq $user_name && $p_input eq $user_password;
print $q->header(-type=>'text/html', -charset=>'utf-8', -expires => "-1d"),
$page_head;
print $q->h1("Identification"),
$q->start_form(),
qq{<p>Benutzer<br />}, $q->textfield("user_name"), "</p>",
qq{<p>Passwort:<br />}, $q->password_field("user_password"), "</p>",
$q->hidden("id", "$id"),
$q->submit;
return 0;
}
As you can see, if the username/password are entered correctly, show.pl is
called again with three parameters (id, username and password).
Unfortunately, the browser's address bar then changes to (e.g.)
http://mysite.com/pages/1234?id=1234
The page is displayed correctly.
But why is the query string added? The form's default method should be post,
and the username/password are not displayed in the query string.
Thanks,
Jan
--
Imagine if every Thursday your shoes exploded if you tied them the usual way.
This happens to us all the time with computers, and nobody thinks of
complaining. - Jeff Raskin
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
