Jonathon,
I am doing exactly this also. What works is this:
Get a copy of "Writing Apache modules with perl and C" and read it.
The most relevant section for you is the Ticket system he describes. (I
believe the section header says something about Cookies, but you'll know
you have the right one when you see TicketAccess.pm, TicketTools.pm, and
TicketMaster.pm. One nice addition is the ability to add encryption to
the Ticket, and the fact that the author used an MD5 hash (of an MD5
hash!) in the cookie, so verification of the authenticity of the user is
pretty solid so long as you leave in things like ip address, etc. which
he uses in the cookie by default. (Although AOL and some proxy systems
might cause this to be trouble). AND, he also uses a mysql db for the
passwords, etc. All in all, a VERY usefull section of the book.
As for "pushing content" after authorization, take a very close look at
the $r->push_handler() function. I use it like this:
my $input = $r->args (or however you want to get input - Apache::Request
is a good way)
if (defined $input->{some_param}) {
$r->push_handler( PerlHandler => MyActionModule );
} else {
$r->push_handler(PerlHandler => MyErrorModule );
}
Because the request object (usually $r) exists in it's same state when
the new PerlHandler is called, grabbing $input again (via whatever
method) can be used to determine what action the module takes.
This isn't precise, so please read the manual before using this, but you
get the idea. One thing to keep in mind is that perl_handlers
(PerlHandler) is a stack that will draw from the top, so it is FILO, not
FIFO.
Hope this helps.
Jonathon Robison
Uniphied Thought, LLC.
"Jonathan E. Paton" wrote:
>
> I am trying to create a website with predominantly dynamic
> content (mod_perl + DBI + mySQL) for an online community.
> I can manage Perl and mySQL fairly proficently, however
> I've no idea how to successfully create what I want using
> mod_perl and Apache (actually, I know next to nothing about
> them).
>
> --- Background information ---
>
> The website shall be split into a public and private
> section, and will share a common layout and appearance
> (although I might add little visual clues to indicate which
> section they are in). When members wish to login I want
> them to do so via the public section (from that page), and
> then be able to access the additional links/features of the
> private section.
>
> I wish to handle all the database actions in my own code,
> unless something fits perfectly. When members try to
> login, my aims are:
>
> 1. Check login name, and password.
> 2. Check member hasn't been suspended.
> 3. Return the membership ID number for the next stage.
>
> The membership ID number will be used to decide what access
> level the members have (what forums, tools etc they can see
> and use). The SQL table is specified as:
>
> CREATE TABLE access (
> member_id int(10) unsigned NOT NULL,
> account_name varchar(16) NOT NULL,
> account_password varchar(16) NOT NULL,
> state enum('A', 'S') DEFAULT 'A' NOT NULL,
>
> PRIMARY KEY (account_name)
> );
>
> Imagine I now create an object to wrap around this, with
> the following method:
>
> my $permission = $access->check($account_name,
> $account_password);
>
> which returns the membership number if valid,
> or the value -1 for a suspended account,
> or undef for no account.
>
> --- Questions ---
>
> 1. Can this be done (nicely) as a
> authentication/authorization handlier?
>
> 2. Do most hosting companies allow
> authentication/authorization handlers? (Using HostRocket
> at the moment).
>
> 3. What is the most appropriate session management system?
> I'm thinking of using cookies (client side) to store a
> session key, rather than resubmitting the password data.
> The server side stores this session key in the database.
>
> 4. How does the membership ID get passed to the next stage?
>
> 5. What is the time to do additional access checking (for
> senior/admin users)? I was planning to do it a little
> later on, but it is probably better to do it once (i.e.
> with this).
>
> 6. What is a realistic time to expect all this to happen
> in?
>
> I'm sure I've missed a few questions...
>
> Any help appriecated, especially links to relevent
> documentation.
>
> Jonathan Paton
>
> NB - Whilst my preferred answer to these questions is a
> coded solution, I have a restriction (self imposed) - I'd
> prefer to have full copyright on the final code, thus I ask
> any major ideas/code includes permission to use it freely -
> or else be good enough to be worth adding your name provide
> I use it :)
>
> __________________________________________________
> Do You Yahoo!?
> Everything you'll ever need on one web page from News and Sport to Email and Music
>Charts
> http://uk.my.yahoo.com
