Passing JSON string to Perl CGI

Question

I'm trying to create a login environment that has a user input their credentials, which is then checked against a MySQL DB (with appropriate errors returned if wrong credentials) with JS (using jquery , ajax , and Perl ) which, on successful login, would display a dynamic page for the user (user portal)

I can't pass the userID to the last cgi page.

below are my codes:

login.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8">
    <title>login</title>
    <link rel="stylesheet" type="text/css" media="screen, projection" href="http://www.blueprintcss.org/blueprint/screen.css" />
    <link rel="stylesheet"  type="text/css" media="screen, projection" href="http://www.blueprintcss.org/blueprint/plugins/buttons/screen.css" />
    <link rel="stylesheet" type="text/css" media="print" href="http://www.blueprintcss.org/blueprint/print.css" />
    <!--[if IE]><link rel="stylesheet" type="text/css" media="screen, projection" 
        href="http://www.blueprintcss.org/blueprint/ie.css"><![endif]-->
    <script type="text/javascript" src="js/jquery-3.1.1.min.js"></script>
    <script type="text/javascript" src="login.js"></script>
    <style type="text/css">
    #loginContent { width: 350px; margin: 100px auto; }
    button[type] { margin: 0.5em 0; }
    #loginForm{
        width:25%;
        padding: 5px 5px;
        margin:auto;
    }
    </style>
</head>
<body>
    <h2>Please have pop-ups enabled for this site</h2>
    <div id="loginResult" style="display:none;"></div>
    <form id="loginForm" name="loginForm" method="post" action="">
        <fieldset>
        <legend>Enter Information</legend>
            <p>
                <label for="username">Username</label>
                <br />
                <input type="text" id="username" name="username" class="text" size="20" />
            </p>
            <p>
                <label for="password">Password</label>
                <br />
                <input type="password" id="password" name="password" class="text" size="20" />
            </p>
            <p>
                <button type="submit" class="button positive">Login</button>
            </p>
        </fieldset>
    </form>
</body>
</html>

login.js

$(document).ready(function(){
$("form#loginForm").submit(function() { // loginForm is submitted
var username = document.getElementById("username").value; //$('#username').attr('value'); // get username
var password = document.getElementById("password").value; //$('#password').attr('value'); // get password

if (username && password) { // values are not empty
  $.ajax({
    type: "GET",
    url: "/cgi-bin/login.pl", // URL of the Perl script
    contentType: "application/json; charset=utf-8",
    dataType: "json",
    // send username and password as parameters to the Perl script
    data: "username=" + username + "&password=" + password,
    // script call was *not* successful
    error: function(XMLHttpRequest, textStatus, errorThrown) { 
      $('div#loginResult').text("responseText: " + XMLHttpRequest.responseText 
        + ", textStatus: " + textStatus 
        + ", errorThrown: " + errorThrown);
      $('div#loginResult').addClass("error");
    }, // error 
    // script call was successful 
    // data contains the JSON values returned by the Perl script
    success: function(data){
      if (data.error) { // script returned error
        $('div#loginResult').text("data.error: " + data.error);
        $('div#loginResult').addClass("error");
      } // if
      else { // login was successful
        $('form#loginForm').hide();
        $('div#loginResult').text("data.success: " + data.success 
          + ", data.userid: " + data.userid);
        $('div#loginResult').addClass("success");
        window.open("/cgi-bin/portal.pl");
      } //else
    } // success
  }); // ajax
} // if
else {
  $('div#loginResult').text("enter username and password");
  $('div#loginResult').addClass("error");
} // else
$('div#loginResult').fadeIn();
return false;
});
});

login.pl

#!C:\Strawberry\perl\bin\perl.exe
use CGI;
use DBI;
use strict;
use warnings;

# read the CGI params
my $cgi = CGI->new;
my $username = $cgi->param("username");
my $password = $cgi->param("password");

# connect to the database
my $db = 'bakery_users';
my $host = 'localhost';
my $user = 'root';
my $pass = 'P@ssw0rd';
my $dbh   = DBI->connect ("DBI:mysql:database=$db:host=$host", $user, $pass) or die "Can't connect to database: $DBI::errstr\n";
# check the username and password in the database
my $statement = qq{SELECT id FROM users WHERE username=? and password=?};
my $sth = $dbh->prepare($statement)
  or die $dbh->errstr;
$sth->execute($username, $password)
  or die $sth->errstr;
my ($userID) = $sth->fetchrow_array;

# create a JSON string according to the database result
my $json = ($userID) ? 
  qq{{"success" : "login is successful", "userid" : "$userID"}} : 
  qq{{"error" : "username or password is wrong"}};

# return JSON string
print $cgi->header(-type => "application/json", -charset => "utf-8");
print $json;

And this is the garbage portal cgi page that needs to know the user so I can serve some specific information

#!C:\Strawberry\perl\bin\perl.exe
use CGI;
use strict;
use warnings;

my $cgi = CGI->new; #new CGI routine

print $cgi->header('text/html'); #create HTTP header

print "<html> <head>\n";
print "<title>Hello, world!</title>";
print "</head>\n";
print "<body>\n";
print "<h1>Hello, world!</h1>\n";
print "</body> </html>\n";

Most of the login files are modified from the IBM developer page on simple CGI user login page with mySQL

Answer 1

I was able to pass over CGI parameters with another Perl module, CGI:Session.

by adding

my $session = new CGI::Session(undef, undef) or die CGI::Session->errstr;
$session->param("username", $username);
my $cookie = $cgi->cookie(CGISESSID => $session->id);
print $cgi->header( -cookie=>$cookie );

to my login.pl file and adding the following block to my portal.cgi

my $sid = $cgi->cookie('CGISESSID') || $cgi->param('CGISESSID') || undef; #loads previous cookie
my $session = load CGI::Session(undef, $sid);
my $user = $session->param("username");

This creates a local cookie in the temp dir and is read to find the "username" variable I passed into it on the login.pl page