I'm making simple perl script for sign up/login with Argon2 for encryption. (The credentials are taken from HTML Forms). The creation of users works fine , username and hashed password are stored in the database. The problem comes with the extraction/authentication. I'm not sure I'm using the verification properly.
#!/usr/bin/perl
use strict;
use warnings;
use Crypt::Argon2 qw/argon2id_pass argon2id_verify/;
use CGI::Simple;
use DBI;
sub get_data{
my ( $user) = @_;
my $statement = "SELECT USER_HASH FROM LOGIN_DATA WHERE USER_NAME = ?";
my $driver = "mysql";
my $database = "USERS";
my $dsn = "DBI:$driver:database=$database";
my $dataUsr = "user";
my $dataPass = "user123";
my $dbcon = DBI->connect($dsn,$dataUsr,$dataPass) or die $!;
my $preState = $dbcon->prepare($statement);
$preState->execute($user);
my @row ;
my $hash_pass;
while(@row=$preState->fetchrow_array()){
$hash_pass = $row[0];
}
return $hash_pass;
}
sub check_pass{
my ($user , $pass) = @_;
my $encoded = get_data($user);
return argon2id_verify($encoded , $pass);
}
my $cgi = CGI::Simple->new;
my $username = $cgi->param("username");
my $password = $cgi->param ("password");
check_pass($username , $password)
This are the erors when i try to run in in the terminal Use of uninitialized value in subroutine entry at checkUser.cgi line 30. Could not verify argon2id tag: Decoding failed at checkUser.cgi line 30.
Removing all the CGI, all the database connectivity and replacing the input with dummy values shows the same error message, so my guess is that you are not getting a result from the database:
So the best step would be for you to isolate the problem by verifying that you actually get a result from the database.