On Mon, Apr 20, 2009 at 9:13 PM, Mark Rajcok <[email protected]> wrote:
> On Wed, Apr 15, 2009 at 9:15 AM, Mark Stosberg <[email protected]>wrote: > >> On Tue, 14 Apr 2009 01:06:38 -0400 >> Mark Rajcok <[email protected]> wrote: >> >> > I'm using CAP:Authentication and I have a u_state field in my Users >> table. >> > The u_state field is a MySQL enum, and can be set to created, active, >> > restricted, or disabled. >> > >> > I'm trying to figure out how I can display a "Sorry, your account has >> been >> > disabled" error page if a user with u_state=disabled tries to log in. >> > >> > I looked at (and tried using) custom filters with CAP:Authentication, >> but >> > something like the following isn't supported syntax-wise: >> > CONSTRAINTS => { 'stateFilter:u_state' => >> "(created,active,restricted)" >> > } >> > >> > Any suggestions? >> >> I think you are right, Mark. I think you may need to write your own driver >> for >> this. >> >> You can copy the DBI driver and modify it, or write one from scratch, >> which has >> the possibility of being simpler and less abstracted because it is >> designed >> just for your case. >> >> You could also ask Cees if he's interested in patch for "enum()" support >> in >> CGI::Application::Plugin::Authentication. >> >> Mark >> > > Not exactly efficient (because I make another query of the database for > every successful login), but here's what I'm doing for now: > > Added a callback to $self->authen->config( > POST_LOGIN_CALLBACK => \&_post_login, > > sub _post_login { # we only get here if we authenticated > my $self = shift; > my $sql = 'select count(*) from user where u_username = ? and u_state = > "disabled"'; > if($self->dbh->selectrow_arrayref($sql, undef, > $self->authen->username)->[0]) { > $self->authen->logout; > my $page = $self->custom_error( > type=>'forbidden', msg=>'Your account has been disabled.'); > print $self->query->header, $page; > exit # prevent any other/normal CAP processing > } > # else the callback returns and the user is logged in > } > > custom_error() is essentially and error run mode that I wrote. > > In essence, I'm using CAP::Authentication for normal username+password > authentication, then I have this additional method to check the account > state. > The above works when the user logs in. It does not work if the user does not log in -- i.e., if the user comes back to the website using a session cookie. To handle both cases, I removed POST_LOGIN_CALLBACK and added a cgiapp_prerun() method. If the page requires authentication, then I check the account state. #------------------------------------------------------------------------------ sub cgiapp_prerun { # overrides my $self = shift; $self->_check_account_state if $self->authen->is_protected_runmode($self->get_current_runmode()) } #------------------------------------------------------------------------------ sub _check_account_state { my $self = shift; my $sql = 'select count(*) from user where u_username = ? and u_state = "disabled"'; if($self->dbh->selectrow_arrayref($sql,undef, $self->authen->username)->[0]) { $self->authen->logout; my $page = $self->custom_error(type=>'forbidden', msg=>'Your account has been disabled.'); print $self->query->header, $page; exit } } ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################
