[Ankita]

#!/usr/bin/perl -wT
use CGI qw(:standard);
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
use lib '.';
use users;
use strict;

my $user = param('username');
my $pass = param('password');
my $username = "";

my $sth = $dbh->prepare("select * from users where username=?") or &dbdie;
$sth->execute($user);
if (my $rec = $sth->fetchrow_hashref) {
my $salt = substr($rec->{password}, 0, 2);
if ($rec->{password} ne crypt($pass, $salt) ) {
&dienice(qq(You entered the wrong password. If you've forgotten your password, <a href="forgotpass.html">Click here to reset it</a>.));
}
$username = $rec->{username};
} else {
&dienice("Username <b>$user</b> does not exist.");
}
my $cookie_id = &random_id;
my $cookie = cookie(-name=>'cid', -value=>$cookie_id, -expires=>'+7d');

$sth = $dbh->prepare("replace into user_cookies values(?, ?, current_timestamp(), ?)") or &dbdie;
$sth->execute($cookie_id, $username, $ENV{REMOTE_ADDR}) or &dbdie;

if (param('page')) {
my $url = param('page');
# CGI.pm's redirect function can accept all of the same parameters
# as the header function, so we can set a cookie and issue a redirect
# at the same time.
print redirect(-location=>"http://www.cgi101.com/$url", -cookie=>$cookie);
} else {
# no page was specified, so print a "you have logged in" message.
# On a production site, you may want to change this to print
# a redirect to your home page...
print header(-cookie=>$cookie);
print start_html("Logged In");
print qq(<h2>Welcome</h2>\nYou're logged in as <b>$username</b>!<br>\n);
print qq(<a href="securepage.cgi">go to secure page</a><br>\n);
print qq(<a href="logout.cgi">log out</a><br>\n);
print end_html;
}

sub random_id {
# This routine generates a 32-character random string
# out of letters and numbers.
my $rid = "";
my $alphas = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLM NOPQRSTUVWXYZ";
my @alphary = split(//, $alphas);
foreach my $i (1..32) {
my $letter = $alphary[int(rand(@alphary))];
$rid .= $letter;
}
return $rid;
}