Home > Archive > PERL CGI Beginners > March 2005 > Perl script and mod_rewrite
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Perl script and mod_rewrite
|
|
| Jan Eden 2005-03-03, 3:55 pm |
| Hi,
I use mod_rewrite to provide simpler URLs for my database-driven site. My d=
ocument root's .htaccess contains the following line (among others):
RewriteRule pages/([0-9]+) cgi-bin/show.pl?id=3D$1
It works fine.
But some of my pages are password-protected, such that show.pl calls the fo=
llowing subroutine before granting access:
sub check_user {
my ($user_id, $u_input, $p_input, $mode) =3D @_;
my $query =3D "SELECT user_name, user_password FROM users WHERE user_id=
=3D ?";
my $sth =3D $dbh->prepare($query);
$sth->execute($user_id);
my ($user_name, $user_password) =3D $sth->fetchrow_array;
$sth->finish();
return 1 if $u_input eq $user_name && $p_input eq $user_password;
print $q->header(-type=3D>'text/html', -charset=3D>'utf-8', -expires =
=3D> "-1d"), $page_head;
print $q->h1("Identification"),
$q->start_form(),
qq{<p>Benutzer<br />}, $q->textfield("user_name"), "</p>",
qq{<p>Passwort:<br />}, $q->password_field("user_password"), "</p>",
$q->hidden("id", "$id"),
$q->submit;
return 0;
}
As you can see, if the username/password are entered correctly, show.pl is =
called again with three parameters (id, username and password).
Unfortunately, the browser's address bar then changes to (e.g.)
http://mysite.com/pages/1234?id=3D1234
The page is displayed correctly.
But why is the query string added? The form's default method should be post=
, and the username/password are not displayed in the query string.
Thanks,
Jan
--=20
Imagine if every Thursday your shoes exploded if you tied them the usual wa=
y. This happens to us all the time with computers, and nobody thinks of com=
plaining. - Jeff Raskin
| |
| Vladimir D Belousov 2005-03-03, 3:55 pm |
| just try:
$q->start_form(-method=>"POST");
Jan Eden wrote:
>Hi,
>
>I use mod_rewrite to provide simpler URLs for my database-driven site. My document root's .htaccess contains the following line (among others):
>
>RewriteRule pages/([0-9]+) cgi-bin/show.pl?id=$1
>
>It works fine.
>
>But some of my pages are password-protected, such that show.pl calls the following subroutine before granting access:
>
>sub check_user {
> my ($user_id, $u_input, $p_input, $mode) = @_;
> my $query = "SELECT user_name, user_password FROM users WHERE user_id = ?";
> my $sth = $dbh->prepare($query);
> $sth->execute($user_id);
> my ($user_name, $user_password) = $sth->fetchrow_array;
> $sth->finish();
> return 1 if $u_input eq $user_name && $p_input eq $user_password;
> print $q->header(-type=>'text/html', -charset=>'utf-8', -expires => "-1d"), $page_head;
> print $q->h1("Identification"),
> $q->start_form(),
> qq{<p>Benutzer<br />}, $q->textfield("user_name"), "</p>",
> qq{<p>Passwort:<br />}, $q->password_field("user_password"), "</p>",
> $q->hidden("id", "$id"),
> $q->submit;
> return 0;
>}
>
>As you can see, if the username/password are entered correctly, show.pl is called again with three parameters (id, username and password).
>
>Unfortunately, the browser's address bar then changes to (e.g.)
>
>http://mysite.com/pages/1234?id=1234
>
>The page is displayed correctly.
>
>But why is the query string added? The form's default method should be post, and the username/password are not displayed in the query string.
>
>Thanks,
>
>Jan
>
>
--
Vladimir D Belousov
HiTech solutions for business
http://businessreklama.ru
| |
| Vladimir D Belousov 2005-03-03, 3:55 pm |
| Vladimir D Belousov wrote:
> just try:
>
> $q->start_form(-method=>"POST");
I'm wrong, sorry.
Can I see your .htaccess in part of ModRewrite directives?
>
> Jan Eden wrote:
>
>
>
--
Vladimir D Belousov
HiTech solutions for business
http://businessreklama.ru
| |
| Jan Eden 2005-03-03, 3:55 pm |
| Vladimir D Belousov wrote on 03.03.2005:
>Vladimir D Belousov wrote:
>
>
>
>I'm wrong, sorry. Can I see your .htaccess in part of ModRewrite
>directives?
Sure (abbreviated):
RewriteEngine on
RewriteBase /
RewriteRule ^news/?$ cgi-bin/show.pl?id=3D2310
RewriteRule ^public/?$ cgi-bin/show.pl?id=3D2
RewriteRule pages/([0-9]+) cgi-bin/show.pl?id=3D$1
Thanks again,
Jan
--=20
There's no place like ~/
| |
| Jan Eden 2005-03-03, 3:55 pm |
| Vladimir D Belousov wrote on 03.03.2005:
>just try:
>
>$q->start_form(-method=3D>"POST");
>
I had done that already. Besides, POST is the default method anyway.
Thanks,
Jan
--=20
The day Microsoft makes something that doesn't suck is the day they start s=
elling vacuum cleaners.
| |
| Vladimir D Belousov 2005-03-03, 3:55 pm |
| Jan Eden wrote:
>Vladimir D Belousov wrote on 03.03.2005:
>
>
>
>
>Sure (abbreviated):
>
>RewriteEngine on
>RewriteBase /
>
>RewriteRule ^news/?$ cgi-bin/show.pl?id=2310
>RewriteRule ^public/?$ cgi-bin/show.pl?id=2
>
>RewriteRule pages/([0-9]+) cgi-bin/show.pl?id=$1
>
>
>Thanks again,
>
>Jan
>
>
From perldoc CGI:
start_form() will return a <form> tag with the optional method, action
and form encoding that you specify. The defaults are:
method: POST
action: this script
enctype: application/x-www-form-urlencoded
See the SCRIPT_NAME variable from environment.
I think that value is established to /cgi-bin/show.pl?id=1234
--
Vladimir D Belousov
HiTech solutions for business
http://businessreklama.ru
| |
| Jan Eden 2005-03-03, 3:55 pm |
| Vladimir D Belousov wrote on 03.03.2005:
>Jan Eden wrote:
>
>From perldoc CGI:
>
>start_form() will return a <form> tag with the optional method,
>action and form encoding that you specify. The defaults are:
>
>method: POST action: this script enctype:
>application/x-www-form-urlencoded
>
>
>See the SCRIPT_NAME variable from environment. I think that value is
>established to /cgi-bin/show.pl?id=3D1234
>
I had read the perldoc for CGI. From your interpretation of the text, the a=
ddress bar should change to=20
http://mysite.com/cgi-bin/show.pl?id=3D1234
But it does change to
http://mysite.com/pages/1234?id=3D1234
So the script calls "itself" at http://mysite.com/pages/1234 and obviously =
passes the correct parameters for username/password in the request body (ot=
herwise, the page would not display).
But the id parameter appears in the address bar. I still don't get it.
Cheers,
Jan
--=20
There are 10 kinds of people: those who understand binary, and those who d=
on't
| |
| Jan Eden 2005-03-04, 8:55 am |
| Hi Vladimir,
Vladimir D Belousov wrote on 03.03.2005:
>Jan Eden wrote:
>
>From perldoc CGI:
>
>start_form() will return a <form> tag with the optional method,
>action and form encoding that you specify. The defaults are:
>
>method: POST action: this script enctype:
>application/x-www-form-urlencoded
>
>
>See the SCRIPT_NAME variable from environment. I think that value is
>established to /cgi-bin/show.pl?id=3D1234
Thanks again for your help. I was finally able to solve the problem by usin=
g the input for the RewriteRule (pages/1234) as the form's action parameter=
=2E
Your hint made me rethink Apache's workflow.
Best,
Jan
--=20
Remember: use logout to logout.
|
|
|
|
|