You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by martin langhoff <ma...@scim.net> on 2000/07/18 17:07:19 UTC
[OT] auth modules
hi,
this is a question closely related to Perl, and my lazyness as a Perl
programmer. The marketing dept here wants something really weird: they
want to publish a datasheet in a 'protected' page, but the want the
usr/pw hashes to be 'one time only'. So the user must be deleted after
the first time it is used.
I was about to grab my Eagle's book authenz handler, and patch it
heavily, but maybe there's already a module withthat capability. Does
anyone know of one? At least one that'd be easily patched?
martin - [ trying to get CPAN to connect from here ]
Re: [OT] auth modules
Posted by Matt Carothers <ma...@telepath.com>.
On Tue, 18 Jul 2000, martin langhoff wrote:
> The marketing dept here wants something really weird: they
> want to publish a datasheet in a 'protected' page, but the want the
> usr/pw hashes to be 'one time only'. So the user must be deleted after
> the first time it is used.
That should be all but trivial to implement. Off the top of my head:
sub handler
{
my $r = shift;
# Only execute for the first internal request
return OK unless $r->is_initial_req;
# Replace this with your favorite data store.
tie %password, 'DB_File', $password_file
or die "can initialize $password_file: $!";
# Get the username and password sent from the client
my ($res, $sent_pw) = $r->get_basic_auth_pw;
return AUTH_REQUIRED if !$sent_pw;
my $username = $r->connection->user;
# crypt() the sent password and see if it matches the stored one
if (crypt($sent_pw, $password{$username}) eq $password{$username})
{
# If so, delete the key and return OK
delete $password{$username};
$r->connection->auth_type('Basic');
$r->connection->user($username);
return OK;
} else {
# Otherwise return AUTH_REQUIRED
return AUTH_REQUIRED;
}
}
- Matt