Steffers wrote:
>
> hello,
> first let me apologise for jst jumping straight into asking
> questions on the mailing list, but this is really puzzling me. First
> some background.
>
> I have been using perl for the past 3 years. I think (note
> +think+) that I understand perl quite well, so when the job came up
> at work here to tie the programs into Apache using mod_perl I
> figured it wouldnt be that hard. (Apache 1.3.12 and latest mod_perl)
>
> I am still trying to get out of my 'cgi' ways (exit and $| and
> such forth), so the code attached my look a tad strange. apologies
> again for that.
>
> The problem is, that I want to first have the access working
> so that if someone doesnt have a cookie with 'sessionID' set in it,
> then we know that they are a 'new user'. In this case, no other checks
> are needed (we require valid-user).
>
> IF the sessionid is valid, then we move onto authentication
> which in this case is simply firing off the username and password to
> PostgreSQL. The way that PostgreSQL is setup, it uses encrypted
> passwords for connection, so simply getting a valid connection is
> 'good enough' to prove the user (in my eyes for the moment).
>
> So once they have connected up succesfully, I cache the
> DBI connection (by using Apache::DBI) and then creating a sessionID
> cookie for the user.
>
> This then means that the user will only have to 're-authenticate'
> when the cookie times out. I dont know if i need to use the 'ping function'
> to keep PostgreSQL alive, but thats a 'todo' for sure.
>
> So what am I doing wrong ? There is probably a hundred things
> here, and I +have+ read the faqs and even the oreilly book, i dont see
> anything glaring, but then this is why its a learning process. (oh and
> for what its worth the database and apache are working fine. its my code
> that has the 'features' (okay okay, bugs ;))
>
> Feel free to critisce my code/offer guidance/nudge improvments
> or jst hit me with a large pointed stick ;)
> many thanks
> Stefs.
>
> .htaccess
> -------
> PerlAccessHandler Apache::ResAcc
> PerlAuthenHandler Apache::ResAuth
> require valid-user
>
> ResAcc.pm
> --------
> package Apache::ResAcc;
> use strict;
> use Apache::Constants qw(:common);
> use Safe();
>
> my $Safe=Safe->new;
>
> use vars qw(@EXPORT $USE_THREAD $USE_SFIO $PERL_DIR);
> use Exporter ();
> use Config;
> use FileHandle ();
> *import = \&Exporter::import;
>
> @EXPORT = qw(handler);
>
> use subs @EXPORT;
>
> # This module will check for the presence of a sessionid and if found will
> # allow access, otherwise it will print out the login screen with two inputs
> # one for username and the other for password
> sub handler
> { my $r = shift;
> my $login = "<HTML>\n<HEAD></HEAD>\n<BODY>\n<BODY>#Imagine a password
> form here</BODY>\n</HTML>\n";
>
> my $header_ID=$r->header_in('sessionID');
If you're trying to get at the cookie, this is not the way. Either use
Apache::Cookie or CGI.pm to get the cookie contents.
> my $query=CGI::new();
> my $my_cookie=$query->cookie(-name=>'sessionID',
> -value=>'1',
> -path=>'/',
> -expires=>'+30m');
> $r->header_out->add("Set-cookie"=>$my_cookie);
> return OK;
> }
This code is good. But it doesn't jive with what you have above. Try
making the first handler() actually get the cookie. Or am I missing
something?
--
Drew Taylor
Vialogix Communications, Inc.
501 N. College Street
Charlotte, NC 28202
704 370 0550
http://www.vialogix.com/