You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Stephen Hardisty <sh...@messagelabs.com> on 2003/09/16 12:42:47 UTC
Basic authentication
Hi,
I'm having a bit of trouble authenticating users. The script I have works, but only a couple of times before it just sends out 401 without prompting the user for their details. We have mod_perl 1.99_05 installed, we don't want to upgrade as we would have more applications to upgrade than time.
Any help/questions would be appreciated. The problem script is below:
use strict;
use Apache::Const qw(OK AUTH_REQUIRED);
use lib qw(/var/www/html/opbms/libs);
use CheckLogin;
use CreateFrames;
my $r = shift;
print "Content-Type:text/html\n\n";
my ($status, $password) = $r->get_basic_auth_pw;
if ($status != OK)
{
$r->status($status);
exit($status);
}
my $ip = '127.0.0.1';
my $port = 31555;
if (CheckLogin::Check($r->user, $password, $port, $ip) eq '1')
{
CreateFrames::Create($r->user, $password, $port, $ip);
}
else
{
$r->note_basic_auth_failure;
$r->status(AUTH_REQUIRED);
exit(AUTH_REQUIRED);
}
Cheers!!
________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________
Re: Basic authentication
Posted by Geoffrey Young <ge...@modperlcookbook.org>.
Stephen Hardisty wrote:
> Hi,
> I'm having a bit of trouble authenticating users. The script I have works, but only a couple of times before it just sends out 401 without prompting the user for their details. We have mod_perl 1.99_05 installed, we don't want to upgrade as we would have more applications to upgrade than time.
>
> Any help/questions would be appreciated. The problem script is below:
>
> use strict;
> use Apache::Const qw(OK AUTH_REQUIRED);
> use lib qw(/var/www/html/opbms/libs);
> use CheckLogin;
> use CreateFrames;
>
> my $r = shift;
>
> print "Content-Type:text/html\n\n";
don't do that - AUTH_REQUIRED is an error status, so apache will send it's
own set of headers.
>
> my ($status, $password) = $r->get_basic_auth_pw;
>
> if ($status != OK)
> {
> $r->status($status);
> exit($status);
> }
>
yike!
you shouldn't ever play with $r->status. calling exit is also not the
standard way.
examples of auth handlers abound, so you should really just be following
them - even though you are using mod_perl 2.0, the API is really the same
wrt get_basic_auth_pw() etc.
some examples include the many, many modules on CPAN. you can also find
detailed auth examples in
http://www.modperlcookbook.org/chapters/ch13.pdf
and
http://www.modperlcookbook.org/code/ch13/
specifically
http://www.modperlcookbook.org/code/ch13/Cookbook/Authenticate.pm
HTH
--Geoff