You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Issac Goldstand <ma...@beamartyr.net> on 2001/11/22 14:52:00 UTC
sections from within a module
Is there a way of doing configuration work (the equivalent of <Perl> sections) from within modules? I ask both for subroutines which are called at server startup (from mod_perl_start.pl) and from other handlers...
Thanks in advance,
Issac
Internet is a wonderful mechanism for making a fool of
yourself in front of a very large audience.
--Anonymous
Moving the mouse won't get you into trouble... Clicking it might.
--Anonymous
PGP Key 0xE0FA561B - Fingerprint:
7E18 C018 D623 A57B 7F37 D902 8C84 7675 E0FA 561B
Re: sections from within a module
Posted by Stas Bekman <st...@stason.org>.
Issac Goldstand wrote:
> Is there a way of doing configuration work (the equivalent of <Perl>
> sections) from within modules? I ask both for subroutines which are
> called at server startup (from mod_perl_start.pl) and from other handlers...
Yup, just modify things in Apache::ReadConfig package. The only magical
thing about <Perl></Perl> is that it declares:
package Apache::ReadConfig;
for you...
it's explained here:
http://perl.apache.org/guide/config.html#Apache_Configuration_in_Perl
(and I think the eagle book):
_____________________________________________________________________
Stas Bekman JAm_pH -- Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide http://perl.apache.org/guide
mailto:stas@stason.org http://ticketmaster.com http://apacheweek.com
http://singlesheaven.com http://perl.apache.org http://perlmonth.com/
Re: Apache::AuthCookie login faliure reason
Posted by clayton cottingham <dr...@smartt.com>.
Bill Moseley wrote:
>
> At 04:09 PM 11/23/2001 +1100, simran wrote:
> >>>>
> Hi All,
>
> I am having some trouble getting Apache::AuthCookie (version 3 which i
> believe is the latest version) to do what want:
>
> What i want is:
>
> * To be able to give the user a reson if login fails
> - eg reason: * "No such username"
> * "Your password was incorrect"
>
> Has anyone else come across the same requirement/issue, and how have you
> solved it?
>
> <<<<
> Apache::AuthCookieURL does that. IIRC, it sets a cookie with the failure
> reason that's returned from authen_cred call.
>
> >>>>
>
in the code line 154 is this:
$r->subprocess_env('AuthCookieReason', 'bad_cookie');
and on 157 this:
$r->subprocess_env('AuthCookieReason', 'no_cookie');
im not sure why your having problems on setting this
the examples in the cpan tarball on the login.pl page are like this
#!/usr/bin/perl
use strict;
my $r = Apache->request;
$r->status(200);
my $uri = $r->prev->uri;
my $reason = $r->prev->subprocess_env("AuthCookieReason");
then in his html code it says:
<P>Failure reason: '$reason'. Please enter your login and password to
authenticate.</P>
which shows up if its a 'bad cookie' or 'no cookie'
basically the authentication failed
one thing to mention in the prev not prev subprocess
is that you set it as subprocess_env and then call it with prev later
Re: Apache::AuthCookie login faliure reason
Posted by Bill Moseley <mo...@hank.org>.
At 04:09 PM 11/23/2001 +1100, simran wrote:
>>>>
Hi All,
I am having some trouble getting Apache::AuthCookie (version 3 which i
believe is the latest version) to do what want:
What i want is:
* To be able to give the user a reson if login fails
- eg reason: * "No such username"
* "Your password was incorrect"
Has anyone else come across the same requirement/issue, and how have you
solved it?
<<<<
Apache::AuthCookieURL does that. IIRC, it sets a cookie with the failure
reason that's returned from authen_cred call.
>>>>
<<<<
>>>>
Bill Moseley
mailto:moseley@hank.org
Re: Apache::AuthCookie login faliure reason
Posted by Vivek Khera <kh...@kcilink.com>.
>>>>> "CH" == Carolyn Hicks <ca...@bannoy.net> writes:
CH> this to something like 'InvalidLogin' in authen_cred, you can then check
CH> for this and set the reason via $r->subprocess_env in
AuthCookieHandler-> authen_ses_key, before AuthCookie->authenticate wipes
CH> the cookie out. Not extensively tested, but seems to work so far :)
This is what I do. Unfortunately the diagram in AuthCookie man page
is incorrect in that returning undef from authen_cred sends you back
to the login screen (last I checked), so one must pull these tricks.
my %errors =
(
'badpass' => 'Sorry, your login information is incorrect. Please try again.',
'suspended' => 'Sorry, your account is supended. Please contact us for assistance.',
'sessfail' => 'Sorry, there was a problem establishing your session. Please try again.',
'terminated' => 'Sorry, this account has been cancelled. Please create a new one.',
);
# Check credentials in database. If failure, return 'ERROR:code'
# where code is from %errors hash. On success, return the cookie
sub authen_cred ($$\@) {
my $self = shift;
my $r = shift;
my ($acct,$password,$isAdmin) = @_;
Apache->request($r); # need to set for openDB().
my $dbh = openDB() or return 'ERROR:sessfail';
# first, check id/password from database
my $orec = new orec()
or return 'ERROR:sessfail';
my $oid = $orec->acct_to_id($acct) or return 'ERROR:badpass';
eval { $orec->populate_id($oid); };
return 'ERROR:badpass' if ($@ and $@ =~ m/^notfound/);
return 'ERROR:terminated' if $orec->owner_status() eq 'terminated';
$orec->verify_password($password) or return 'ERROR:badpass';
# ok, so now create a session for them and use that session ID
# as their cookie value
my %session;
eval {
tie %session, 'Apache::Session::Postgres', undef,
{
Handle => $dbh,
Commit => 0,
};
};
if ($@) {
warn "authen_cred got $@ creating new session";
return 'ERROR:sessfail';
} else {
$session{user} = $orec->owner_email();
$session{owner_id} = $orec->owner_id();
if ($isAdmin) {
# instantiate the admin record in this session and log that
# this admin is impersonating this user.
my $arec = arec->new($orec->{_CONTEXT});
$arec->populate_id($arec->decode($isAdmin));
$session{arec} = $arec;
$arec->log_action('Logged in as account owner.',$orec);
}
return $session{_session_id};
}
}
# upon failure to authenticate the session, set MLMAuthReason environment and
# return undef.
sub authen_ses_key ($$$) {
my $self = shift;
my $r = shift;
my $key = shift;
Apache->request($r); # need to set for openDB().
if ($key =~ m/^ERROR:(\w+)(-\d+)?$/) {
# set $r->subprocess_env('MLMAuthReason') to failure reason
$r->subprocess_env('MLMAuthReason' => $errors{$1});
return undef;
}
# Check if key is in database.
my %session;
eval {
my $dbh = openDB();
tie %session, 'Apache::Session::Postgres', $key,
{
Handle => $dbh,
Commit => 0,
};
};
if ($@) {
warn "authen_ses_key got $@ retrieving session `$key'";
$r->subprocess_env('MLMAuthReason' => 'Unable to retrieve session. Possibly expired. Please login again.');
return undef;
} else {
# got the session... now stash it away for later use
$r->pnotes('sessionkey',$key);
$r->pnotes('sessionhashref',\%session);
$r->pnotes('owner_id',scalar($session{owner_id}));
return $session{user};
}
}
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D. Khera Communications, Inc.
Internet: khera@kciLink.com Rockville, MD +1-240-453-8497
AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/
Re: Apache::AuthCookie login faliure reason
Posted by Carolyn Hicks <ca...@bannoy.net>.
On Fri, Nov 23, 2001 at 04:09:45PM +1100, simran wrote:
> What i want is:
>
> * To be able to give the user a reson if login fails
> - eg reason: * "No such username"
> * "Your password was incorrect"
On Thu, Nov 22, 2001 at 09:26:17PM -0800, clayton wrote:
> here is the meat of the matter
> send something like this to the $r->subprocess_env
> $r->subprocess_env('AuthCookieReason2', 'username invalid!');
yeah, but it depends when and where you do that. I found that if I set
subprocess_env in the AuthCookieHandler->authen_cred method, which is
where the login credentials get checked, it wasn't visible to the login
script - this is because a redirect takes place in between, so a whole new
request is started. So I had actually been doing something really dodgy to
catch invalid logins, but your mention of setting another cookie gave me
the idea of using the session key of the authcookie itself. If you set
this to something like 'InvalidLogin' in authen_cred, you can then check
for this and set the reason via $r->subprocess_env in
AuthCookieHandler->authen_ses_key, before AuthCookie->authenticate wipes
the cookie out. Not extensively tested, but seems to work so far :)
-carolyn
RE: Apache::AuthCookie login faliure reason
Posted by simran <si...@sitesuite.org>.
Thanks for your response Clayton.
Although unfortunately its not working for me as from what i understand:
* When a person has to login (asusming they have no cookie set yet), if they
enter the wrong
credentials "authen_cred" does a _external redirect_ (aka redirects the
browser to go to that
url again) - hence subprocess_env is not available from a previous
request.
If the problem was an incorrect cookie however, the subprocess_env would
indeed by handy, as
authen_ses_key does an internal redirect, hence you can get the "previous
requests" subprocess env...
simran.
-----Original Message-----
From: clayton [mailto:drfrog@smartt.com]
Sent: Friday, 23 November 2001 4:26 PM
To: simran
Cc: modperl@apache.org
Subject: Re: Apache::AuthCookie login faliure reason
yes its pretty easy one to do,
btw:
i first found out how by investigating the Apache::AuthCookie code
here is the meat of the matter
send something like this to the $r->subprocess_env
{the name im using is the same as authcookie's with the 2 added}
$r->subprocess_env('AuthCookieReason2', 'username invalid!');
then in your login.cgi {or handler or w.h.y.}
you can do this:
my $error=$r->prev->subprocess_env('AuthCookieReason2')
||$r->prev->subprocess_env('AuthCookieReason') ;
or use 'defined' or w.h.y.
then you can place $error wherever you please
hope that helps
simran wrote:
> Hi All,
>
>
>
> I am having some trouble getting Apache::AuthCookie (version 3 which i
> believe is the latest version) to do what want:
>
>
>
> What i want is:
>
>
>
> * To be able to give the user a reson if login fails
>
> - eg reason: * "No such username"
>
> * "Your password was incorrect"
>
>
>
> Has anyone else come across the same requirement/issue, and how have
> you solved it?
>
>
>
> It seems like a difficult one to solve (in a clean way) as the only
> way i can think of doing it is either setting
>
> another cookie (with the auth failure reason) or adding to the URL
> query parameters and then reading them
>
> when displaying the login page...
>
>
>
> simran.
>
Re: Apache::AuthCookie login faliure reason
Posted by clayton <dr...@smartt.com>.
yes its pretty easy one to do,
btw:
i first found out how by investigating the Apache::AuthCookie code
here is the meat of the matter
send something like this to the $r->subprocess_env
{the name im using is the same as authcookie's with the 2 added}
$r->subprocess_env('AuthCookieReason2', 'username invalid!');
then in your login.cgi {or handler or w.h.y.}
you can do this:
my $error=$r->prev->subprocess_env('AuthCookieReason2')
||$r->prev->subprocess_env('AuthCookieReason') ;
or use 'defined' or w.h.y.
then you can place $error wherever you please
hope that helps
simran wrote:
> Hi All,
>
>
>
> I am having some trouble getting Apache::AuthCookie (version 3 which i
> believe is the latest version) to do what want:
>
>
>
> What i want is:
>
>
>
> * To be able to give the user a reson if login fails
>
> - eg reason: * "No such username"
>
> * "Your password was incorrect"
>
>
>
> Has anyone else come across the same requirement/issue, and how have
> you solved it?
>
>
>
> It seems like a difficult one to solve (in a clean way) as the only
> way i can think of doing it is either setting
>
> another cookie (with the auth failure reason) or adding to the URL
> query parameters and then reading them
>
> when displaying the login page...
>
>
>
> simran.
>
Apache::AuthCookie login faliure reason
Posted by simran <si...@sitesuite.org>.
Hi All,
I am having some trouble getting Apache::AuthCookie (version 3 which i
believe is the latest version) to do what want:
What i want is:
* To be able to give the user a reson if login fails
- eg reason: * "No such username"
* "Your password was incorrect"
Has anyone else come across the same requirement/issue, and how have you
solved it?
It seems like a difficult one to solve (in a clean way) as the only way i
can think of doing it is either setting
another cookie (with the auth failure reason) or adding to the URL query
parameters and then reading them
when displaying the login page...
simran.