******NOTE********** For some reason the forum output to/from file code is deleting the logfile (meaning there's no stinking forum). It was working before, I really don't know why it isn't now. ******************** Operation Forum Whore: For my final project, I decided to combine as much as possible from this semester, and explore some connections not touched in class, namely the handling of cookies in Mason, and using them with mysql to achieve some basic security - namely a login. Note the database consists of a single table. The forum itself relies on part of my guestbook code from earlier in the semester, which means it's over- simplified. There is only one forum "thread" in this model, as to do a proper forum site would require nearly twice as much programming. In that case however, the ERD would look something like this: +-------------+ +------------+ +------------+ | Person | | Post | | Thread | +-------------+ +------------+ /+------------+ | id |\ | id |------| id | | name |------------| thread(FK) | \| topic | | password |/ | person(FK) | +------------+ | cookie | | time | +-------------+ +------------+ Anyways, enough about what I didn't do, here's what I DID do. The hardest part of my task was maintaining and parsing the cookies in Mason, and then using that info along with the database. Class::DBI really made my life a lot easier. Had I done this with perlDBI, it would have taken forever just writing the same basic functions. The add page is just an extension of the one from the registration demo. When looking at that, I decided there were several silly flaws that should be remedied for proper function, like checking to make the name wasn't already being used (in that situation it was fine since it's possible we'd end up with two people with the same name, but for a site you want to log into, that would be disastrous. The login page posed an interesting challenge because of the reliance on cookies and the inconvenient order in which data is passed around. Observe the order for a user logging in: 1. Client requests page. 2. Server checks for cookie, finds none and sends page. 3. Client sends login info. 4. Server checks for cookie, finds none again, and sends both page and cookie. 4. Client gets cookie and is "logged in", but gets the "not logged in" page. 5. Client is confused. Of course this isn't critical... it DOES still work, but pissing off your users is generally a bad thing. One last note about the cookies: as it stands, when you log in, the "cookie" column of the database for your user gets set to the pass- word, and that is the data in the cookie you get. Obviously this is dumb. In real application we'd want to generate a random number, so each time the user logged on they'd have a different cookie. This way sketchy hackers can't just steal the cookie and get the password. I hope you enjoy.