#!/usr/bin/perl # Libraries use strict; use lib '../../../propslib'; use vars qw(%c); use Authen::Users; use CGI qw/:push/; use CGI::Cookie; use Digest::MD5; use PropsConfig ( ) ; *c = \%PropsConfig::c; # Global Constructors my $q = new CGI; my $auth = new Authen::Users(dbtype => 'SQLite', dbname => "$c{PROPS_REL_PATH}/$c{PROPS_USERS_DB}"); my $db_authdigest = new Digest::MD5; # Global Variables my $props_group = 'props'; $q->import_names('in'); my $id = CGI::cookie('id'); my $token = CGI::cookie('propsauth'); if ( $id && $token ) { # Cookie values must exist if ($auth->is_in_table($props_group, $id)) { # Cookie id must exist my $db_auth = $auth->user_info_hashref($props_group, $id); # Retrieve user data based on provided id from cookie (trust = none) $db_authdigest->Digest::MD5::add($db_auth->{email},$db_auth->{password},$c{SESSION_SECRET}); # Recreate the authdigest for the id from the cookie my $db_authtoken = $db_authdigest->b64digest; # Recreate the token for the id from the cookie if ($db_authtoken eq $token) {; # Check to see if the re-created token matches the token stored in the cookie # Use case for valid, authenticated user, safe zone starts here my $dbh = DBI->connect("dbi:SQLite:dbname=../$c{PROPS_REL_PATH}/$c{PROPS_DB}","",""); $db_auth->{fullname} =~ s/%20/ /g; $db_auth->{question} =~ s/%20/ /g; $db_auth->{question} =~ s/%20/ /g; $db_auth->{question} =~ s/%3F/?/g; $db_auth->{answer} =~ s/%20/ /g; print $q->header; print < Props



Give Mad Props