Hi, im trying to convert the vBulletin authentication plugin to an authentication plugin of my own. Im running into trouble though in the "auth_user" function.

Original:

sub auth_valid_user {
# -------------------------------------------------------------------
# Looks up the user in the user table and compares password.
#
my $args = shift;
GT::Plugins->action ( STOP ); # Make sure we don't run the main code.

# Check that user is in valid group.
if ($AUTH_CFG->{vbulletin_groups}) {
valid_group($args->{Username}) or return;
}
my $sth = $AUTH_DBH->prepare ("SELECT password FROM user WHERE username = ?");
$sth->execute ($args->{Username});
my $pass = $sth->fetchrow; # or return;
$pass or return;
return $pass eq $args->{Password};
}

I modified it to look like:

sub auth_valid_user {

my $args=shift;
my @row;
my $row;
my $sth;

GT::Plugins->action ( STOP ); # Make sure we don't run the main.

my $uusername=$args->{Username};
my $password=$args->{Password};

$sth = $AUTH_DBH->prepare ("SELECT password FROM login WHERE '$uusername'=username");
$sth->execute;


$row=$sth->fetchrow_array;
my $pass = $row;
$pass or return;
return ($pass == $password);

#

}

If the login is successfull it gives the fatal error:
Can't use string ("1") as a HASH ref while "strict refs" in use at /usr/local/apache/htdocs/links/admin/Links/User/Login.pm line 81.

I dont understand because it is returning the same variable type as the original. Also, ive seen this problem on other posts, but its with attachments and dates and stuff, never just a plain old 1.

Any ideas would be awsome!

Thanks
David

>>
return ($pass == $password);
<<

I think this is the problem...that code is evaluating whether $pass equals $password....obviously it does as the login in successfull and so 1 is returned ( 1 = true, 0 = false).

Although I think == should be eq

It looks like it is expecting a hashref to be returned though.

I tried using eq instead, it did the same thing. About returning a hash ref...thats what i thought too, but why does it work for the vbulletin original function, and isnt whatever calls this function expecting a boolean value?

What is line 81?

$sth = $AUTH_DBH->prepare ("SELECT password FROM login WHERE '$uusername'=username");
$sth->execute;

Maybe the problem wasnt with the return after all. Line 81 is the $sth->execute;

Im very new to perl, and links sql is a hard introduction, it looks like i might be doing some stupid syntax error, i dont really understand how perl interacts with databases that well yet.

Wait--the error message below isnt even the file im working on, so I guess that means it is something with what its returning. Also I noticed that it gives the error not if the password is right but just if there is one supplied. I suspect thats an unreleated problem though.

Can't use string ("1") as a HASH ref while "strict refs" in use at /usr/local/apache/htdocs/links/admin/Links/User/Login.pm line 81

>> return ($pass == $password);

This line makes no sense, Paul's right.

You have a test here, and you will return either 1 or 0.

The "line 81" message is where the value is returned, most likely, and the evaluation fails.

You are attempting to use the return value of this routine, in a HASH context, but you are *NOT* returning a HASH, but an Integer value of 1 or 0

There were a load of these errors at one point when Alex changed some routines in 2.xx something or other. I forget what it was exactly, but that's what's going on. Your routine is not returning a value the compiler expects.

It looks like the original Auth routine is returning 1 or 0 *not* the password:

my $pass = $sth->fetchrow; # or return; ## assign the value that was found
$pass or return; ## make sure a password was returned, otherwise, return with '0' or 'null'
return $pass eq $args->{Password}; ## if a password was found, make sure it matches, and return 1, otherrwise, return '0'.


PUGDOG� Enterprises, Inc.

The best way to contact me is to NOT use Email.
Please leave a PM here.

Still no luck : (, changing == to eq still gives the error whenever the return statement evaluates to 1. Heres my my new function. Thanks for the replies, they help a lot


sub auth_valid_user {

my $args=shift;

GT::Plugins->action ( STOP ); # Make sure we don't run the main.


my $sth = $AUTH_DBH->prepare ("SELECT password FROM login WHERE '$args->{Username}' = username");
$sth->execute();
my $pass=$sth->fetchrow_array;
$pass or return;
return $pass eq $args->{Password};
}

If you can find out exactly where the error is it will probably be simple to fix.

The error is caused by something like:


$foo is actually just 1 but you are trying to print it as if it was a hashref so it will say you can't use string 1 as a hashref....that is what the error means. To stop the error you'd change something() to:

sub something { return {} }

or

sub something { return { key => 'val' } }

That returns a hashref as expected.

Ok, here is the actual links code that is screwing up, it is pretty obvious why:
(pardon the blah blah blah's and any typos there may be, my copy and paste does not work for some reason)


$user is going to be a 1 when it gets to the error line so $user->STATUS makes no sense. But I dont see how the old function works or how I can get mine to work without modifing the links source?

I'm not sure that is the right place. init_user either just returns or return a users record as a hashref....so the code you pasted would work....it would either go to the error page if $user wasn't defined or it would be a hashref in which case the error wouldn't occur.

I think I get it.....I havnt written the function that returns a user record...its still filled with old code. I bet It freaks out cause it got an authenticated user that has no database record.

Thanks for all the help everyone!

You just need to check what the return value is to stop the error...eg....

my $record = some_routine($username, $password);

Now, you want $record to be a hashref so you would do:


If you are returning a blank hashref if the record can't be found or they gave wrong login info....in other words:

return {};

....then you'd do:


....only use that method if you know a hashref is returned, blank or not, otherwise you'll start getting the error again.

Hi,

You are still missing the point :)


PUGDOG� Enterprises, Inc.

The best way to contact me is to NOT use Email.
Please leave a PM here.