###################### # SESSION MANAGEMENT # create the session or if avaible load the session ####################### my $q = CGI->new(); my $session = CGI::Session->new("driver:File", $q, {Directory => "$tmp_dir"}); $session->expire('15m'); if ($session->is_new ) { my $cookie = $q->cookie(CGISESSID => $session->id); print $q->redirect( -url => 'admin.cgi', -cookie => $cookie); } ######################### # DISPATCH PART - GET THE ACTIONS # if action is login, do the login ######################### my $action = ''; $action = $q->url_param('action') if ($q->url_param('action')); if ($action eq 'login') { login($q, $session); } # Check the Login Status and if the user is logged in, start the chosen action my $login = $session->param("login"); ############### # secret pages (only visible if logged in) ############### if ($login) { [...] #hier sind die verschiedenen möglichen Aktionen, die nur nach Login zugänglich sein sollen. Wichtig ist wohl nur: elsif ($action eq 'logout') { logout($q, $session); } [...] # Die Login Funktion sub login { my ($q, $session) = @_; my $username = $q->param('user'); my $password = $q->param('password'); open my $fh, "<:encoding(utf-8)", $conffile or die "Could not open $conffile: $!"; my $yaml =''; while (my $line = <$fh>) {$yaml .= $line} close $fh; my $config = Load($yaml); $password = sha256_hex($password, $config->{'secret'}); if ($username eq $config->{'user'} and $password eq $config->{'password'}) { $session->param("login", "can_access"); print $q->redirect(-url => 'admin.cgi?action=show_pages'); } } [...] # Und schließlich die Logout Funktion sub logout { my ($q, $session) = @_; # Delete the current session $session->delete(); $session->flush(); # Delete all expired Sessions CGI::Session->find( undef, \&purge , {Directory=> "$tmp_dir"} ); sub purge { my ($session) = @_; if ( $session->is_expired ) { $session->delete(); $session->flush(); # Recommended practice says use flush() after delete(). } } print_template('logout.tmpl'); }