[OT] auth modules

[martin langhoff <ma...@scim.net>]

hi,

	this is a question closely related to Perl, and my lazyness as a Perl
programmer. The marketing dept here wants something really weird: they
want to publish a datasheet in a 'protected' page, but the want the
usr/pw hashes to be 'one time only'. So the user must be deleted after
the first time it is used.

	I was about to grab my Eagle's book authenz handler, and patch it
heavily, but maybe there's already a module withthat capability. Does
anyone know of one? At least one that'd be easily patched?

	


martin - [ trying to get CPAN to connect from here ]

Re: [OT] auth modules

[Matt Carothers <ma...@telepath.com>]

On Tue, 18 Jul 2000, martin langhoff wrote:

> The marketing dept here wants something really weird: they
> want to publish a datasheet in a 'protected' page, but the want the
> usr/pw hashes to be 'one time only'. So the user must be deleted after
> the first time it is used.

That should be all but trivial to implement.  Off the top of my head:

sub handler
{
	my $r = shift;

	# Only execute for the first internal request
	return OK unless $r->is_initial_req;

	# Replace this with your favorite data store.
	tie %password, 'DB_File', $password_file
		or die "can initialize $password_file: $!";

	# Get the username and password sent from the client
	my ($res, $sent_pw) = $r->get_basic_auth_pw;
	return AUTH_REQUIRED if !$sent_pw;
	my $username = $r->connection->user;

	# crypt() the sent password and see if it matches the stored one
	if (crypt($sent_pw, $password{$username}) eq $password{$username})
	{
		# If so, delete the key and return OK
		delete $password{$username};
		$r->connection->auth_type('Basic');
		$r->connection->user($username);

		return OK;
	} else {
		# Otherwise return AUTH_REQUIRED
		return AUTH_REQUIRED;
	}
}

- Matt