Procedure Model

Type:    (  )Web Page              ( X )CGI Script           (  )Shared Library      (  )System API

Name: user/login.cgi

Assigned to:



This script creates a form to which the user enters their username and password, validates the information against the system records and if the user is authenticated, sets up a set of credentials for the user’s current session.

Implementation Skills


Parameter List

QueryString contains the URL (without the host portion) to which the user is redirected upon a successful authentication


Called By:


Can Call:


Function Description

  1. The login.cgi script queries the user for a username and password combination. For users, the default access_level is “0”.[1]
  2. The username is then sent to the auth_user command. If the user is successfully validated according to the auth_user command, the’s constructor method is called and a Login object is returned. This Login object is used to create a new cookie called Login with the value “<username>:<access_level>:<session_token> and a 1 hour expiry period. This cookie is returned to the user’s browser.
  3. If successful, the user is redirected to the URL constructed from the relative path and filename contained within the QueryString variable. Otherwise, the user is returned to the login.cgi page again with the appropriate error message displayed. The user is also given a link to go to the user/index.html page.

Possible Exit Conditions and Return Values

  1. A successful return from the auth_user command will redirect the user to the URL constructed from the relative path and filename passed through the QueryString variable (this value is relative in that it is missing the host and domain portion of a fully formed URL).
  2. An unsuccessful return from the auth_user command should return the user to another invocation of the login.cgi script and display the relevant error message.
  3. The user is always given the option of going to the user/index.html page or to the GPFN main page.

Sign Off by:

Project Manager


[1] The Access_Level value is included so that access texture can be incorporated in the future when different users and different volunteers can be given different levels of access to the system.