Steffers wrote:
> 
> hello,
>         first let me apologise for jst jumping straight into asking
> questions on the mailing list, but this is really puzzling me. First
> some background.
> 
>         I have been using perl for the past 3 years. I think (note
> +think+) that I understand perl quite well, so when the job came up
> at work here to tie the programs into Apache using mod_perl I
> figured it wouldnt be that hard. (Apache 1.3.12 and latest mod_perl)
> 
>         I am still trying to get out of my 'cgi' ways (exit and $| and
> such forth), so the code attached my look a tad strange. apologies
> again for that.
> 
>         The problem is, that I want to first have the access working
> so that if someone doesnt have a cookie with 'sessionID' set in it,
> then we know that they are a 'new user'.  In this case, no other checks
> are needed (we require valid-user).
> 
>         IF the sessionid is valid, then we move onto authentication
> which in this case is simply firing off the username and password to
> PostgreSQL. The way that PostgreSQL is setup, it uses encrypted
> passwords for connection, so simply getting a valid connection is
> 'good enough' to prove the user (in my eyes for the moment).
> 
>         So once they have connected up succesfully, I cache the
> DBI connection (by using Apache::DBI) and then creating a sessionID
> cookie for the user.
> 
>         This then means that the user will only have to 're-authenticate'
> when the cookie times out. I dont know if i need to use the 'ping function'
> to keep PostgreSQL alive, but thats a 'todo' for sure.
> 
>         So what am I doing wrong ? There is probably a hundred things
> here, and I +have+ read the faqs and even the oreilly book, i dont see
> anything glaring, but then this is why its a learning process. (oh and
> for what its worth the database and apache are working fine. its my code
> that has the 'features' (okay okay, bugs ;))
> 
>         Feel free to critisce my code/offer guidance/nudge improvments
>         or jst hit me with a large pointed stick ;)
>         many thanks
>         Stefs.
> 
> .htaccess
> -------
> PerlAccessHandler Apache::ResAcc
> PerlAuthenHandler Apache::ResAuth
> require valid-user
> 
> ResAcc.pm
> --------
> package Apache::ResAcc;
> use strict;
> use Apache::Constants qw(:common);
> use Safe();
> 
> my $Safe=Safe->new;
> 
> use vars qw(@EXPORT $USE_THREAD $USE_SFIO $PERL_DIR);
> use Exporter ();
> use Config;
> use FileHandle ();
> *import = \&Exporter::import;
> 
> @EXPORT = qw(handler);
> 
> use subs @EXPORT;
> 
> # This module will check for the presence of a sessionid and if found will
> # allow access, otherwise it will print out the login screen with two inputs
> # one for username and the other for password
> sub handler
> {       my $r = shift;
>     my $login = "<HTML>\n<HEAD></HEAD>\n<BODY>\n<BODY>#Imagine a password
> form here</BODY>\n</HTML>\n";
> 
>         my $header_ID=$r->header_in('sessionID');
If you're trying to get at the cookie, this is not the way. Either use
Apache::Cookie or CGI.pm to get the cookie contents.


>          my $query=CGI::new();
>          my $my_cookie=$query->cookie(-name=>'sessionID',
>                                   -value=>'1',
>                                   -path=>'/',
>                                   -expires=>'+30m');
>          $r->header_out->add("Set-cookie"=>$my_cookie);
>     return OK;
> }
This code is good. But it doesn't jive with what you have above. Try
making the first handler() actually get the cookie. Or am I missing
something?

-- 
Drew Taylor
Vialogix Communications, Inc.
501 N. College Street
Charlotte, NC 28202
704 370 0550
http://www.vialogix.com/

Reply via email to