Daft question - preventing the username password box from appearing.

[Martin Moss <Ma...@btinternet.com>]

All,

How do I change the behaviour of get_basic_auth_passwd()

I do not wish to have the prompt box appear, I want to have a dynamically
produced login form which when submitted carries out the users previous
command (I have an authentication system which 'times out' a user)

the problem I have is that this doesn't work:-

 my $response=&timedout($r); #returns a string of html to display
      $r->custom_response(AUTH_REQUIRED,$response);
      return AUTH_REQUIRED;


The problem is this still prompts the user for his username and password,
and only displays the html is the user presses cancel.
How do I ditch the login box completely?

Regards

Marty

Re: Daft question - preventing the username password box from appearing.

[Martin Moss <Ma...@btinternet.com>]

thanks to everyone,
Geoff's post made me re-examine AuthCookie and I realised I wasn't supposed
to use the get_basic_auth_pw method at all.

Thanks I understand whats going on now.

Cheers

Marty
----- Original Message -----
From: "Lupe Christoph" <lu...@lupe-christoph.de>
To: "Martin Moss" <ma...@btinternet.com>
Cc: "modperl" <mo...@perl.apache.org>
Sent: Tuesday, October 01, 2002 3:06 PM
Subject: Re: Daft question - preventing the username password box from
appearing.


> On Tuesday, 2002-10-01 at 14:16:47 +0100, Martin Moss wrote:
>
> > I do not wish to have the prompt box appear, I want to have a
dynamically
> > produced login form which when submitted carries out the users previous
> > command (I have an authentication system which 'times out' a user)
>
> You can't in mod_perl. When you use Basic Authentication, the *browser*
> pops up the "prompt box". To change this, you have to ditch Basic Auth
> and implement something else.
>
> You best start by looking at the various "auth" packages in Apache and
> those in in Perl (Apache::.*Auth). Then consider doing this in
> Javascript or in HTML.
>
> HTH,
> Lupe Christoph
> --
> | lupe@lupe-christoph.de       |           http://www.lupe-christoph.de/ |
> | Big Misunderstandings #6398: The Titanic was not supposed to be        |
> | unsinkable. The designer had a speech impediment. He said: "I have     |
> | thith great unthinkable conthept ..."                                  |
>

Re: Daft question - preventing the username password box from appearing.

[Lupe Christoph <lu...@lupe-christoph.de>]

On Tuesday, 2002-10-01 at 14:16:47 +0100, Martin Moss wrote:

> I do not wish to have the prompt box appear, I want to have a dynamically
> produced login form which when submitted carries out the users previous
> command (I have an authentication system which 'times out' a user)

You can't in mod_perl. When you use Basic Authentication, the *browser*
pops up the "prompt box". To change this, you have to ditch Basic Auth
and implement something else.

You best start by looking at the various "auth" packages in Apache and
those in in Perl (Apache::.*Auth). Then consider doing this in
Javascript or in HTML.

HTH,
Lupe Christoph
-- 
| lupe@lupe-christoph.de       |           http://www.lupe-christoph.de/ |
| Big Misunderstandings #6398: The Titanic was not supposed to be        |
| unsinkable. The designer had a speech impediment. He said: "I have     |
| thith great unthinkable conthept ..."                                  |

Re: Daft question - preventing the username password box from appearing.

[Geoffrey Young <ge...@modperlcookbook.org>]

Martin Moss wrote:
> All,
> 
> How do I change the behaviour of get_basic_auth_passwd()
> 
> I do not wish to have the prompt box appear, I want to have a dynamically
> produced login form which when submitted carries out the users previous
> command (I have an authentication system which 'times out' a user)
> 
> the problem I have is that this doesn't work:-
> 
>  my $response=&timedout($r); #returns a string of html to display
>       $r->custom_response(AUTH_REQUIRED,$response);
>       return AUTH_REQUIRED;
> 
> 
> The problem is this still prompts the user for his username and password,
> and only displays the html is the user presses cancel.
> How do I ditch the login box completely?


use FORBIDDEN instead of AUTH_REQUIRED.

see recipe 13.7 in the Cookbook, or Apache::AuthCookie for examples of 
how this is done (hint, it requires a bit of fancy footwork :)

HTH

--Geoff