|
|
|
|
Joined: Jan 2001
Posts: 10
Junior Member
|
|
Junior Member
Joined: Jan 2001
Posts: 10 |
Ok guys I have a script that I use to search a flat-file database. The user inputs there search criteria on a form and the serch is submitted like below:
#Form:
############################################################
Here is the beginning of the script
############################################################
#alumni.cgi
$stringpassed=$ENV{'QUERY_STRING'};
###########PASSWORD#################
if ($FORM{'password'} ne "password") {
print "Invalid password";
die "";
}
$stringpassed=~s/+/ /g;
$data="/path/to/file/public_html/cgi-bin/alumni/products.dat";
$thisurl="http://www.mysite.org/cgi-bin/alumni/alumni.cgi";
$openinghtml="";
$maximumpage=25;
$maximum=5000;
$minimumcharacters=2;
if (-e "$openinghtml"){
$problem="Can't open template file.";
open(OPENING, "$openinghtml") || &security;
@wholefile=;
close(OPENING);
$fulltemplate=join("n",@wholefile);
($templatestart,$templateend)=split(/+++/,$fulltemplate);}
else{
$templatestart="$templatetitle";
$templateend="";}
$delimiter="\|";
($words,$sf1)=split(/&&/,$stringpassed);}
$words=~s/"//g;
$words=~s/ and / /g;
$words=~s/ AND / /g;
if (length($words)<$minimumcharacters && !$actiontotake){
$problem="Unable to execute your search. You need to search for at least 2 characters. Please press back on your browser to continue.";
&security;}
if (!$sf1){
$sf1=$query->param('sf1');}
$startitem=$query->param('startitem');
$enditem=$startitem+$maximumpage;
#end sample
If you see the problem please HELP. Yhe script works fine without the password addition??? I am not sure if I need to change the parser around?? When I search from the form I get an ISE.
Telnetmanta
|
|
|
|
|
Joined: Sep 2000
Posts: 755
P.I.T.A. / Programmer
|
|
P.I.T.A. / Programmer
Joined: Sep 2000
Posts: 755 |
Are you printing out a content header to the browser before printing the invalid password message?
Also change this:
if ($FORM{'password'} ne "password") {
print "Invalid password";
die "";
}
to
if ($FORM{'password'} ne "password") {
die "Invalid password";
}
Thats the quick thing I see. I haven't looked at the whoel thing
--mark
"Annnnnnnndd now, opening for Iron Maiden...... WYLD STALLYNS!!!" --Bill S. Preston, Esquire and Ted "Theodore " Logan
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
|
Posts: 87
Joined: December 2001
|
|
|
Forums63
Topics37,573
Posts293,925
Members13,849
| |
Most Online5,166
Sep 15th, 2019
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|
|
|
