The best form based login uses Auth::Cookie. Since you're running MySQL,
you'll want to grab AuthCookieDBI.pm too. It depends how much account
information the user has. I have a page that a user can access that
displays his access levels and explains the different access levels. The
page grabs an ENV variable call TICKET, which I put into space when the user
is authenticated. If the user has lots of information, you'll want to make
the page a cgi script, have the directory secured, grab the
ENV{REMOTE_USER}, then run another query to get and display his info.
AuthCookie works similar to this instead of the popup window:
https://trading.etrade.com/cgi-bin/gx.cgi/AppLogic+Loginpage
But you don't need all of this to do what you're trying to do. Just write a
cgi script, have the user put in who he is from a form, query the database,
returning the results to the webpage. Or, secure the directory, and grab
the ENV{REMOTE_USER} automatically, query the database, and display the
results to the webpage.
Hope this helps.
Charles Day
IT
Symix Systems, Inc.
-----Original Message-----
From: Kralidis, Tom [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 19, 2000 12:46 PM
To: Charles Day
Cc: '[EMAIL PROTECTED]'
Subject: RE: maintaining state securely for authentication
Thanks for the tip, true $ENV{REMOTE_USER} is not set unless authenticated
:>
As for the Apache authentication, is there an alternative method of making
this happen other than the pop-up window? ie can I authenticate w/ Apache
through a form?
I thought of the form login so the script would login the individual, then
output a page with the user's account info. Can I make the Apache
authentication point to a CGI script which takes these args (index.html with
a redirect to CGI?). A form-based login would enable picking up user
information for custom post-login pages.
Thanks
..Tom
> -----Original Message-----
> From: Charles Day [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, October 19, 2000 12:16 PM
> To: 'Kralidis, Tom'
> Cc: '[EMAIL PROTECTED]'
> Subject: RE: maintaining state securely for authentication
>
>
> 1. Apache Authentication, using MySQL to authenticate, and
> use form based
> webpage with perl backend to query MySQL.
>
> 2. Once the directory is secured, you know who they are at
> all times by
> calling $ENV{REMOTE_USER}
>
> Charles Day
> IT
> Symix Systems, Inc.
>
>
>
> -----Original Message-----
> From: Kralidis, Tom [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, October 19, 2000 11:52 AM
> To: '[EMAIL PROTECTED]'
> Subject: maintaining state securely for authentication
>
>
> Hi,
>
> I'm new to the group, and wonder if anyone would have a
> mod_perl (or even
> CGI) suggestion:
>
> I am writing an online application enabling users to create
> accounts, store
> information, and having the ability to edit/update
> information, provided it
> is under their username.
>
> All information (users, groups, data) will be stored via MySQL. The
> database is interfaced through a web application, using
> mod_perl and CGI
> (Perl).
>
> All users would initially have to login to the system to authenticate
> themselves. All updates, etc. done by the users would follow
> the login, so
> the username/password info would need to be maintain state
> throughout their
> session, while not giving away the information for potential abusers.
>
> Question 1: Apache authentication vs. form-based
> username/password query to
> MySQL? Pros/cons?
>
> Question 2: How can I enable users to updata/edit records in
> the system,
> through the web, while still knowing who they are (as per
> username/password
> login), over multiple pages throughout a session?
>
> I have found scenarios such as hotmail or monster.com good
> examples of what
> I want to accomplish.
>
> If anyone has some info, online explanations or suggestions
> to this, it
> would appreciated.
>
> Thanks alot
>
> ..Tom
>
