Closed jeydurai closed 8 years ago
Can you reduce the problem to a minimal self-contained test case?
I have given below the reduced to the minimal self-contained case.
use Mojolicious::Lite;
use Mojo::Pg;
plugin 'Bcrypt';
post '/signin' => sub {
my $self = shift;
my $pg = Mojo::Pg->new('postgresql://postgres@/mysourcedata');
my $db = $pg->db;
my $param_username = $self->param('username');
my $param_pass = $self->param('password');
my $sql = "SELECT * FROM mojo_users WHERE username='$param_username'";
$self->delay(
sub {
my $delay = shift;
$db->query($sql, $delay->begin);
},
sub {
my ($delay, $err, $results) = @_;
my $result = $results->hash;
my $username_db = $result->{username};
my $pass_db = $result->{password};
if ($param_username eq $username_db and
$self->bcrypt_validate($param_pass, $pass_db)) {
$self->session(username => $param_username);
return $self->redirect_to('/home');
} else {
$self->flash(err => $err || 'Username/Password Incorrect!');
return $self->redirect_to('/');
}
});
$c->render_later;
};
Is Mojolicious::Plugin::Bcrypt
really necessary to replicate the problem?
my $sql = "SELECT * FROM mojo_users WHERE username='$param_username'";
Side note, you should never interpolate user generated data into SQL strings, that's an SQL injection vulnerability. Always use placeholders!
Mojolicious::Plugin::Bcrypt is not necessary to replicate the problem as you pointed out. Placeholders did not work at all. I tried for almost a half day. Hence as a resort to emergency, I used the interpolation. I will either correct it myself or comeback if I face the same problem again.
However, for me, now, the non blocking query is the major issue. Because, my application is going to be utilising this. Please help me.
Afraid i can't replicate the problem, could be Strawberry Perl specific.
Steps to reproduce the behavior
Expected behavior
It should help me to fetch user credentials from PostgreSQL, validate and render my page
Actual behavior
I get [error] Can't dup: Bad file descriptor at C:/Strawberry/perl/site/lib/Mojo/Pg/Database.pm line 130, line 2231.