Hi Kenny, If I follow what you're asking, I think you want to use set the protected directory to use an a PerlAccessHandler in your httpd.conf. You would code your cookie check as a handler and set the ErrorDocument as the login page for that directory.
As for where you put the check for the session, it would go in the same handler (in the true branch of your "if logged in" check). As Evaldas suggested, Apache::AuthCookie is a module on CPAN that works in a similar fashion. In my experience, it can be just as easy to roll your own depending on how closely Apache::AuthCookie's features match what you're trying to do. However, I don't have much experience with Apache::AuthCookie so I can't speak too much on that module. I hope this helps. -Will ______________________________ William R. Rico CommonMind LLC 545 Eighth Ave 23rd Fl New York, NY 10018 http://www.commonmind.com/ Email: [EMAIL PROTECTED] ----- Original Message ----- From: "Kenny Pyatt" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, January 18, 2002 2:12 PM Subject: [cgiapp] Logistics question > Hello, > > I am working on a general user auth system. I have a small logistical > question for everyone. > > Currently the system is planned to work like this: > > 1. The app checks for a cookie named username. > 2. If username has a value then the app checks the database and see if > the user is in the ActiveUsers table. > 3. If the user is in the ActiveUsers Table then the action is allowed. > else send them to the login.cgi. > > This seems to be working fine with the an exception. The cookie expires > after 30 minutes and they get logged out. I have a cron > job that cleans the ActiveUsers table every few minutes so that the > inactive users are "logged out". I am currently checking > the for the session in the index.cgi instead of the module. I need to > update the cookie but I am confused about how and where to do this. > > I would like to move all of this out of the index.cgi and into the > App.pm or something. How do I implement this in the module rather than > in the actual cgi script? Do I need to write a sub and call it in the > setup? > > Here is a chopped up index.cgi: > > #!/usr/bin/perl -w > > # Includes > use strict; > use CGI::Carp 'fatalsToBrowser'; > use CGI; > use App; > > # Make a new NewApp object > my $app = App->new(TMPL_PATH => 'templates/'); > > my $cgi = new CGI; > my $username = $cgi->cookie('username'); > > if ($username ne "") > { > # Check for the user in the database > my $dbh = DBI->connect("DBI:mysql:$databaseName", $dbUser, $dbPass) > or die "Could not connect to database: " . > DBI->errstr; > my $sth = $dbh->prepare('SELECT username FROM Users WHERE username=? > AND password=?'); > $sth->execute($cgi->param('username'), $cgi->param('password')) or > die "Died at execute: " . DBI->errstr; > my ($dbUser) = $sth->fetchrow_array; > > if ($dbUser ne "") > { > # They are valid! > # You need to update the cookie to stop from being logged out > > # Perform the action > $app->run(); > } > } > else > { > # They were not logged... send them to the login screen > print "Status: 302 Moved\nLocation:login.cgi\n\n"; # find a better > way to do this > > } > > Thanks, > Kenny Pyatt > President > Design Shack > www.dshack.com > > PS. Thanks Jesse (for writing and distributing CGI::App... it rules) and thanks Sam (for HTML::Template). > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
