0

I am totally new to dancer perl. Have some experience in j2ee/dot net web development. Below is my login subroutine and main.tt master template to display name and role of logged in user.

subroutine:

post '/login' => sub {
    my $err;
    my $next_home;
    my $full_name;
    my $pwd;
    my $role;
    my $given_uid=params->{'username'};
    my $given_pwd=params->{'password'};

    my $db_con = DBI->connect('<db_connection_string>') 
        or die $DBI::errstr;
    my $sql = "<qwery to fetch user details>";
    my $rs = $db_con->prepare($sql) or die $db_con->errstr;
    $rs->execute or die $rs->errstr;
    my @row = $rs->fetchrow_array;

    if ( $#row lt 1 ) {
        $err="Invalid Username";
        $next_home="index.tt";
    }
    else {
        $full_name=$row[0];
        $pwd=$row[1];
        $role=$row[2];
        if ( $given_pwd ne $pwd ) {
            $err = "Invalid Password";
            $next_home="index.tt";
        } 
        else {
            session 'logged_in' => true;
            $err = 'Logged in Successfully';
            if ( $role eq 'DEVELOPER') {
                $next_home="developer_home.tt";
            }
            elsif ( $role eq 'ADMIN' ) {
                $next_home="admin_home.tt";
            }
            elsif ( $role eq 'DEPLOYER' ) {
                $next_home="deployer_home.tt";
            }
            elsif ( $role eq 'APPROVER' ) {
                $next_home="approver_home.tt";
            }
            else {
                $err = "Invalid Role";
                $next_home="index.tt";
            }       
        }
        session user_logged_in => $full_name;
        session role_of_user_logged_in => $role;
        template "$next_home" , {
            'NAME' => $full_name,
            'ROLE' => $role,
        }
    }
};

main.tt:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
      <meta http-equiv="Content-type" content="text/html; charset=<% settings.charset %>" />
      <title>MYFIRSTDANCE2</title>
   </head>
   <body>
      <div id="banner" style="min-width:100%; background-image:url(<% request.uri_base %>/images/header.jpg);">
         <h1 style="color:white"><center> -:DEPLOY EVERYTHING WITH EASE:- </center></h1>
         <% IF session.logged_in %> 
            <h3>Welcome <% session.user_logged_in %> ,</h3>
            <h3>Role: <% session.role_of_user_logged_in %></h3>
         <% END %>
         <h3>
         <hr>
         <br>
      </div>
      <div id="main">
         <% content %>
      </div>
      <div id="footer">
      </div>
   </body>
</html>

I have 2 questions:

  1. IF session.logged_in is not working in main.tt . When I am not logged in then also it displays Welcome Blank Space, Role: Blank Space.

  2. How can I redirect to index.tt page when username/password is wrong. In current code, browser window goes blank if any of them is wrong.

Any help is appreciated.

Håkon Hægland
  • 39,012
  • 21
  • 81
  • 174
Rony
  • 196
  • 2
  • 15
  • Please [edit] your question and indent the code properly. It's very hard to read. – simbabque Aug 10 '15 at 10:18
  • 1
    Off the top of my head: look at the D2 tutorials. You are not using the database plugin. Maybe DBIx::Class makes a lot more sense for you. At least opening a new DB connection with every request is **bad**. There are D2 plugins that handle authentication. I believe there is a tutorial or cookbook especially for this use case. – simbabque Aug 10 '15 at 10:22
  • 1
    https://metacpan.org/pod/Dancer2::Plugin::Auth::Extensible – simbabque Aug 10 '15 at 10:23
  • Is that really how you indent your code? If so, you are making life so much harder for yourself. – Dave Cross Aug 10 '15 at 10:38
  • 2
    Also, are you really storing passwords in your database in plain text? – Dave Cross Aug 10 '15 at 10:42
  • You've got a logic error: if a user enters a valid username but the wrong password, the `user_logged_in` and `role_of_user_logged_in` session variables still get set. I would recommend using D2::Plugin::Auth::Extensible as @simbabque suggested; see [this answer](http://stackoverflow.com/a/29638155/176646) I wrote for another question for an example of D1::Plugin::Auth::Extensible, which you should be able to use more or less the same as the D2 version. You don't have to write any of this type of authentication logic yourself, just configure you database connection. – ThisSuitIsBlackNot Aug 10 '15 at 12:36
  • Sorry for the indentation. To answer all your question: There are lots of dependency issues. To use Auth::Extensible i need to install Dancer-Plugin-Auth-Extensible-0.40.tar for which I need root access which i dont have for now. So for now i have to work with whatever i have. This project is just for preparing a prototype, so for now i'm storing passwords in database. I even tried <% IF FALSE %> in my template page. Still its generating subsequent

    tags. Somehow, IF is not working.

     – Rony Aug 10 '15 at 14:22
  • @Rony [You don't need root to install CPAN modules.](http://stackoverflow.com/questions/3735836/how-can-i-install-perl-modules-without-root-privileges) – ThisSuitIsBlackNot Aug 10 '15 at 15:13

1 Answers1

0

The problem was that I was using template : "simple". I changed the config.yml file to the following and it worked:

template: "template_toolkit"
engines:
  template:
    template_toolkit:
      start_tag: '<%'
      end_tag:   '%>'

I will try to use Auth::Extensible in the future as suggested.

ThisSuitIsBlackNot
  • 23,492
  • 9
  • 63
  • 110
Rony
  • 196
  • 2
  • 15