I would like the site to be almost entirely publicly accessible, however if you log in you get special options in addition to the normal ones. Also, there are certain things that you can only do while logged in, like post comments. I figure that this is pretty standard.
I currently have a PerlAuthenHandler that simply sets the $r->user if either the correct cookie was given or the correct user/pass parameters were passed (remarkably like the cookie authentication listed in the cookbook). It return Apache::OK on all cases except when the user/password parameters are invalid, in which case it redirects the user to the login page. I plan on using the $r->user as a test within my Apache::Registry scripts to see whether the user has successfully logged in and to display the options accordingly.
My question basically centers around the best way to protect the "only if you login" pages. I was thinking of putting them in their own directory and protecting them with a tiny PerlAuthzHandler, which would scatter scripts of the same nature in two separate places (i.e. for comments, view->create->post), or protect the entire site with a PerlAuthzHandler that has a table of all of the "only if you login" pages, which has the drawback of having to change the handler every time I add a new script. Are there any other/better ways to do this?
Thanks -Mike
