Quoting Steve Comrie <[EMAIL PROTECTED]>:
> Yesterday, almost by accident I ended up writing a fairly neat and tidy
> Login module using CGI::Application.
>
> It handles creating and placing a cookie and creates a session file
> (name =
> value pair style) in a directory of your choice.
>
> It also let's you (encourages you to) sub-class it and overload the
> validate
> function so you can decide how / and
> whether or not a user gets validated. The overloaded validate function
> should return a true or false and the Login module will either return an
> error please try again, or set the cookie, create the session file and
> move
> the user to the success page (or script) of your choice.
>
> Login page / error messages / cookie name / session file directory are
> all
> defined by you in the login.cgi instance script. And a module like
> MyProject::Login would use base 'CGI::Application::Login' and contain
> the
> overloaded 'validate' function to decide how a user gets logged in.
>
> I was just wondering if anyone out there would find this useful. Maybe
> not
> so much on systems running mod_perl, but on systems not running it.
> Anyways,
> let me know and if there's any interest in it i'll pack it up a little
> better, document it, and release it for everyone's enjoyment.
>
> Anyways, I hope I didn't ramble on too much and got my point across best
> as
> I could. If you have any other questions please feel free to ask.
Hello Steve,
This sounds very similar to a module I wrote for a project last summer. My
module, however, was not as abstract as yours seems to be. I wrote a login
module that ties into the session management of the Horde suite of PHP
applications. My employer used the IMP web mail application and wanted to
integrate custom cgi scripts with IMP without having multiple logins.
The design I used was to put all authentication into a login module that
returned a hash reference on success, or undef on failure. The hash ref would
contain the user's session data. I put a simple condition statement in my
instance script to check for a valid login, and then passed appropriate values
to the cgi-app through the PARAM => {} interface. This made my cgi-apps free
of authentication code, and made things a lot easier.
I like the interface you have described for your module. I would just suggest
instead of having the validate routine simply return true on success, have it
return the user's session data, or even a session object of some sort.
-spencer christensen
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
