How to obtain and verifiy if a cookie exists, Perl

Hello,
Can someone please show me how to check if a cookie exists, using perl scripting?

 

I use something like this:

use CGI;
$in = new CGI;
$myCookie = $in->param('cookiename');
 
if ($myCookie) {
#do something cuz the cookie exists
}
else {
#do something else cuz the cookie doesn't exist
}

Code (markup):

 

thanks allot mate!
---------edited-------------
I added this:

use CGI;
$in = new CGI;
$myCookie = $in->param('logged');

if (!$myCookie) {
print "Please Log In";
exit;
}

But instead of getting the Please Log In, I get a blank page, even if the cookie exists.

 

Then there's likely something else going on. If you'll post the script (entire portion), I'll take a look at it. I usually get blank pages for undeclared routines, but I might be able to help if I see what things are doing.

 

The full script attached, I hope you'll be able to fix it.

 

Well, I've never personally used strict, but when I ran the script on my local machine, I had some errors. I think the reason that you were getting a blank page was cuz the html headers hadn't been set.

I changed this:

$in = new CGI;
$myCookie = $in->param('logged');

if (!$myCookie) {
print "Please Log In";
exit;
}

Code (markup):

To this:

my $in = new CGI;
my $myCookie = $in->param('logged');

if (!$myCookie) {
print "content-type: text/html\n\n";
print "Please Log In";
exit;
}

Code (markup):

and I got the "Please Log In" message locally.

However, I don't know if I used the "my" portion right cuz as I stated, I've never used strict for any of my scripts.

Hopefully this will work on your end as well.

 

doesn't work, doesn't detect the cookie

 

Because you're using the script in non-parsed header mode (nph), try enabling nph mode for the CGI module:

# replace "use CGI" with this:

[b]use CGI qw(:standard -nph);[/b]

my $in = new CGI;
my $myCookie = $in->param('logged');

if (!$myCookie) {
print "Please Log In";
exit;
}

Code (markup):

Worked for me on localhost, in that I got the "please log in" message.

Note that the cookie won't be detected if you haven't already set the "logged" cookie value somewhere. Have you done this? There's nothing in the script which does this implicitly. You'd need to add code yourself to handle it.

 

This is how it works, http://hidden-webs.com/login.php, username: test, password: test, when you loggin, it sets a cookie, cookie name is logged.
In php I'm able to detect the cookie, but using that, script, doesn't . I also replaced that with use CGI qwstandard -nph); but the same thing , doesn't work.

 

I was tired when I looked at this last night, but here's another change, and I just tested it.

Proxy page comes up fine when 'logged' has been set, and then when I delete the cookie I get the "Please log in" message.

use CGI qw(:standard -nph);

my $in = new CGI;
[b]my $myCookie = $in->cookie('logged');[/b]
if (!$myCookie) 
{
	print "Please Log In";
	exit;
}

Code (markup):

I then created a page in PHP which sets the cookie as such:

setcookie('logged','loggedin',time()+(60*60*24*30) );

PHP:

This combination works on localhost. Not sure how you're setting the cookie in php, but if it's done correctly (at least similar to this) it should all work.

 

Works, I cleared my cache. I know how to set cookies, but using php. The ideea is that, users should be logged to be able to browse using proxy.
Thanks allot, both of you!

Soon hidden-webs.com will be opened to public, if you want an account you can pm me.
----------------------------------------------------------------------------------------------------------------------

Now there is other problem, lol, the proxy script doesn't browse the pages :|. I get a green text when I try to browse a page, "Enter the URL you wish to visit in the box below"
First go and login to http://hidden-webs.com/login.php , then go to http://mirror3.hidden-webs.com/nph-proxy.pl and enter any url, and you'll obtain that error.

 

Erm...login with what credentials?

PM them if you'd rather not post in public.

 

I can't believe I switched "param" for "cookie". . . sorry about that. That's what I get for jotting things down without thinking about it.

Yes, I didn't see any login details either. However, can't you just forge a cookie on your machine & hit the proxy page? I've never forged a cookie, but I would assume it shouldn't be that hard (which is why you validate inputs even after the initial check).

 

Well, I suppose I could. But I'm feeling lazy tonite; I'll wait for the OP

 

the perl script now detects the cookie, but doesn't work to browse other pages :|. That's the actuall problem

 

ok...same thing happens to me on localhost (green text message, etc.) At least it's reproducible, which makes it easier to track down.

I'll take a look as soon as I get a chance.

 

Got it. Here we go.

CGI.pm was eating all the header input before the proxy code could get to it.

So I'm using some quick-and-dirty non-destructive code to look at the cookie instead. I also added a small block of code to verify that the cookie name/value are correct.

The demo code below assumes a cookie named 'logged' with a value of 'loggedin'. If either of these values is different, the code will abort with an error message. If the cookie is missing altogether, the code will also abort.

Tested with: no cookie, invalid cookie name, invalid cookie value, invalid cookie name and value together, valid cookie.

Worked correctly in all cases.

use strict;
use Socket;

if (!$ENV{'HTTP_COOKIE'})
{
	# no cookie at all, so leave
	print "Please Log In";
	exit;
}
else
{
	# get the cookie
	(my $key, my $value) = split(/=/, $ENV{'HTTP_COOKIE'});
	
	# do we have the right name/password combo
	if (!($key eq'logged' && $value eq 'loggedin'))
	{
		print "Invalid login credentials";
		exit;
	}
}

# if we got here, the user is logged in with valid credentials

Code (markup):

 

I made only a small modification

use strict;
use Socket;

if (!$ENV{'HTTP_COOKIE'})
{
	# no cookie at all, so leave
	print "Please Log In";
	exit;
}
else
{
	# get the cookie
	(my $key, my $value) = split(/=/, $ENV{'HTTP_COOKIE'});
	
	# do we have the right name/password combo
	if (!($key eq'logged'))
	{
		print "Invalid login credentials";
		exit;
	}
}

Code (markup):

The cookie value is different each time, for each member, so it's not going to be possible obtaining it as loggin.

Worked once :|, then I got invalid login error. I logged from hidden-webs.com/login.php , went to mirro3.hidden-webs.com browsed 1 website, and when I tried to browse another website, I got invalid login.

 

When you set the cookie in php, are you also setting the third parameter (path) to '/' ?

setcookie('logged','loggedin',time()+(60*60*24*30) ,'/');

PHP:

Clear the cookie first before testing this.

 

yes, this is how I set the cookie
setcookie("logged", $user, time()+3600*2,"/","hidden-webs.com");