You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Stephen Hardisty <sh...@messagelabs.com> on 2003/09/16 12:42:47 UTC

Basic authentication

Hi,
I'm having a bit of trouble authenticating users. The script I have works, but only a couple of times before it just sends out 401 without prompting the user for their details. We have mod_perl 1.99_05 installed, we don't want to upgrade as we would have more applications to upgrade than time.

Any help/questions would be appreciated. The problem script is below:

use strict;
use Apache::Const qw(OK AUTH_REQUIRED);
use lib qw(/var/www/html/opbms/libs);
use CheckLogin;
use CreateFrames;

my $r = shift;

print "Content-Type:text/html\n\n";

my ($status, $password) = $r->get_basic_auth_pw;

if ($status != OK)
{
    $r->status($status);
    exit($status);
}

my $ip = '127.0.0.1';
my $port = 31555;

if (CheckLogin::Check($r->user, $password, $port, $ip) eq '1')
{
    CreateFrames::Create($r->user, $password, $port, $ip);
}
else
{
    $r->note_basic_auth_failure;
    $r->status(AUTH_REQUIRED);
    exit(AUTH_REQUIRED);
}


Cheers!!

________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________

Re: Basic authentication

Posted by Geoffrey Young <ge...@modperlcookbook.org>.

Stephen Hardisty wrote:
> Hi,
> I'm having a bit of trouble authenticating users. The script I have works, but only a couple of times before it just sends out 401 without prompting the user for their details. We have mod_perl 1.99_05 installed, we don't want to upgrade as we would have more applications to upgrade than time.
> 
> Any help/questions would be appreciated. The problem script is below:
> 
> use strict;
> use Apache::Const qw(OK AUTH_REQUIRED);
> use lib qw(/var/www/html/opbms/libs);
> use CheckLogin;
> use CreateFrames;
> 
> my $r = shift;
> 
> print "Content-Type:text/html\n\n";

don't do that - AUTH_REQUIRED is an error status, so apache will send it's 
own set of headers.

> 
> my ($status, $password) = $r->get_basic_auth_pw;
> 
> if ($status != OK)
> {
>     $r->status($status);
>     exit($status);
> }
> 

yike!

you shouldn't ever play with $r->status.  calling exit is also not the 
standard way.

examples of auth handlers abound, so you should really just be following 
them - even though you are using mod_perl 2.0, the API is really the same 
wrt get_basic_auth_pw() etc.

some examples include the many, many modules on CPAN.  you can also find 
detailed auth examples in

http://www.modperlcookbook.org/chapters/ch13.pdf

and

http://www.modperlcookbook.org/code/ch13/

specifically

http://www.modperlcookbook.org/code/ch13/Cookbook/Authenticate.pm

HTH

--Geoff