#!/usr/bin/perl | |
use CGI; | |
my $q = new CGI; | |
use CGI::Session; | |
my $s = CGI::Session->new(undef, $q->cookie('CGISESSID')||undef, {Directory=>'/tmp'}); | |
$s->expire('+1M'); require './.htcrypt.pl'; | |
my $user = $q->param('user'); | |
print $q->header(-charset=>'UTF-8', -cookie=> | |
[ | |
$q->cookie(-name=>'CGISESSID', -value=>$s->id), | |
($q->param('save') eq '1' ? $q->cookie(-name=>'remember', -value=>&encrypt($user), -expires=>'+1M') : undef) | |
]), | |
$q->start_html(-lang=>'ja', -encoding=>'UTF-8', -title=>'SECCON 2017', -bgcolor=>'black'); | |
$user = &decrypt($q->cookie('remember')) if($user eq '' && $q->cookie('remember') ne ''); | |
my $errmsg = ''; | |
if($q->param('login') ne '') { | |
use DBI; | |
my $dbh = DBI->connect('dbi:SQLite:dbname=./.htDB'); | |
my $sth = $dbh->prepare("SELECT password FROM users WHERE username='".$q->param('user')."';"); | |
$errmsg = '<h2 style="color:red">Login Error!</h2>'; | |
eval { | |
$sth->execute(); | |
if(my @row = $sth->fetchrow_array) { | |
if($row[0] ne '' && $q->param('pass') ne '' && $row[0] eq &encrypt($q->param('pass'))) { | |
$s->param('autheduser', $q->param('user')); | |
print "<scr"."ipt>document.location='./menu.cgi';</script>"; | |
$errmsg = ''; | |
} | |
} | |
}; | |
if($@) { | |
$errmsg = '<h2 style="color:red">Database Error!</h2>'; | |
} | |
$dbh->disconnect(); | |
} | |
$user = $q->escapeHTML($user); | |
print <<"EOM"; | |
<!-- The Kusomon by KeigoYAMAZAKI, 2017 --> | |
<div style="background:#000 url(./bg-header.jpg) 50% 50% no-repeat;position:fixed;width:100%;height:300px;top:0;"> | |
</div> | |
<div style="position:relative;top:300px;color:white;text-align:center;"> | |
<h1>Login</h1> | |
<form action="?" method="post">$errmsg | |
<table border="0" align="center" style="background:white;color:black;padding:50px;border:1px solid darkgray;"> | |
<tr><td>Username:</td><td><input type="text" name="user" value="$user"></td></tr> | |
<tr><td>Password:</td><td><input type="password" name="pass" value=""></td></tr> | |
<tr><td colspan="2"><input type="checkbox" name="save" value="1">Remember Me</td></tr> | |
<tr><td colspan="2" align="right"><input type="submit" name="login" value="Login"></td></tr> | |
</table> | |
</form> | |
</div> | |
</body> | |
</html> | |
EOM | |
1; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment