On Thu, 21 Oct 1999, Darko Krizic wrote:
> I just hacked a little PerlHandler (content handler) module that uses Basic auth. I
>found out that things like
>
> $r->note_basic_auth_failure;
> my($res, $sent_pw) = $r->get_basic_auth_pw;
> return AUTH_REQUIRED
>
> do not work correctly for a content handler. Therefore I wrote this code:
>
>
> #!/usr/bin/perl -w
>
> package My;
>
> use strict;
> use Apache ();
> use Apache::Log;
> use Apache::Constants (qw/:common/);
> use MIME::Base64; # needed for decode of basic auth
>
> sub handler
> {
> my $r = shift;
> my $user;
> my $password;
> my $userpass = $r->header_in("Authorization") || undef;
> Apache->request($r);
> my $log = $r->log();
>
> # optionally decode authorization
> if( $userpass ) { # got any authorization
> if( $userpass =~ m/^Basic / ) {
> # only basic
> $userpass =~ s/^Basic //; # remove leading
> ($user,$password) # decode user + pass
> = split(":", decode_base64 $userpass);
> $log->warn("user=$user, password=$password");
> }
> }
>
> unless( defined $user
> and $user eq "DeKay" and
> defined $password
> and $password eq "got it"
> ) {
> # no auth or auth not valid
> $r->header_out("WWW-Authenticate" => "Basic realm=\"Test\"");
> $r->content_type("text/html");
> $r->status(AUTH_REQUIRED);
> $r->send_http_header;
> $r->print("Auth required");
> return OK;
> }
>
> # auth valid
> $r->content_type("text/html");
> $r->send_http_header;
> $r->print("user: $user<BR>");
> $r->print("Password: $password<BR>");
> return OK;
> }
>
> 1;
>
> Questions:
>
> - This does not look very mod_perlish, can this be done "better"?
> - How can I make Apache print its "Authentication required" message itself? In this
>module I have to do this by myself.
Get the Eagle book (see www.modperl.com) and you'll get what you want.
Jie
