first cookie try

[ibjdt]

this is my first try at cookies for a psuedo shopping cart.
the user logins, is verified and cookies set for username and a crypted version of password.
all links on result pages would lead to item selection pages. each time an item is selected another cookie is updated with that info.

the script i have so far is below and i use test user info of

username j
password p
crypted 44gZEugjolgNY

when i run it the first time (login) -
script.cgi?login=1&username=j&password=p

the script verifies the user, grabs the crypted password and stores them in seperate cookies.
but when i try to print the username (var x) from the cookie it is whacky

stuff: - x:amsvsnapss u:j p:p c:44gZEugjolgNY-

the resulting link (click) is to represent selecting an item. i would like the value of that variable (newstuff) to be added onto the 'stuff' cookie as a new line that can be read, seperated, and reported out later:

newstuff1
newstuff2
etc

but instead the script is just storing and thus showing each version of the newstuff variable.

i know this is choppy, so any help would be greatly appreciated.

by the way, the redirect at the end of the script doesn't work with

print "Content-type: text/html\n\n";

in the script, but the rest of the script doesn't work without it.

thanks

#!/usr/bin/perl
use CGI;
use CGI::Carp qw/fatalsToBrowser/;
$cgi = new CGI;
print "Content-type: text/html\n\n";

#check login info and set cookies
if (&checkpass)
{
#get username from cookie to print to scrn as a test
$x=$cgi->cookie('ssaccuser');
    $info = "stuff: - $stuff x:$x u:$username p:$password c:$crypted-<BR>";

#create link that increments to test item selection cookie
$stuff++;
    $info .= "<a href=try.cgi?newstuff=$stuff>click</a>";
}

print "$info";
exit;

sub checkpass
{
# if access coming from login form
    if ($cgi->param('login'))
    {
#get username and password from login form
        $username = $cgi->param('username');
        $password = $cgi->param('password');

#lookup user and pass - create cookies for user and crypted password
        open(DATA, "user.data");
        @raw_data=<DATA>;
        close(DATA);
        foreach $wrestler (@raw_data)
        {
            chop($wrestler);
            ($name,$pass,$crypt)=split(/::/,$wrestler);
            if (($name eq $username) && ($pass eq $password))
            {
                $crypted = $crypt;
                push @cookies, $cgi->cookie(-name=>'ssaccuser', -value=>$username);
                push @cookies, $cgi->cookie(-name=>'ssaccpass', -value=>$crypted);
                last;
            }
        return 1;
        }
    }

#if user cookie already exists and they have selected an item - clicked the link
    elsif (($cgi->cookie('ssaccuser') ne '') && ($cgi->param('newstuff')))
    {
#get item info - add to item tracking cookie (stuff)
        $newstuff = $cgi->param('newstuff');
        $username = $cgi->cookie('ssaccuser');
        $crypted = $cgi->cookie('ssaccpass');
        $stuff = $cgi->cookie('stuff');

        $stuff="$stuff\n$newstuff" if ($stuff);
        $stuff="$newstuff" if (!$stuff);
        push @cookies, $cgi->cookie(-name=>'stuff', -value=>$stuff);
        return 1;
    }

#re-direct if not logging in and cookie not already set
else { print "Location: [URL unfurl="true"]http://www.google.com/\r\n";[/URL] }
}

 

[travs69]

I wouldn't store anything in a cookie that has any kind of sensitive data. You can create sessions and store the session id in the cookie and the sensitive data in the session which is stored locally on the server.

 

[ibjdt]

is the code below ok for session ID starters? my web host doesn't have the session module installed yet so i can't try it, but i want to be ready.

thanks.

#!/usr/bin/perl  
use CGI::Session;
print "Content-type: text/html\n\n";



$sid = $cgi->cookie('CGISESSID') || $cgi->param('CGISESSID') || undef;
$session = new CGI::Session(undef, $sid, {Directory=>'/tmp'});

print "$sid";

 

[travs69]

I'm not the greatest at it I just recently (last 2 weeks) started getting into it but was warned and explained to about the security issues with cookies!