[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cgiapp
Subject:    Re: [cgiapp] Logistics question
From:       "William Rico" <wrlm () commonmind ! com>
Date:       2002-01-18 20:26:11
[Download RAW message or body]

Hi Kenny,

If I follow what you're asking, I think you want to use set the protected
directory to use an a PerlAccessHandler in your httpd.conf.  You would code
your cookie check as a handler and set the ErrorDocument as the login page
for that directory.

As for where you put the check for the session, it would go in the same
handler (in the true branch of your "if logged in" check).

As Evaldas suggested, Apache::AuthCookie is a module on CPAN that works in a
similar fashion.  In my experience, it can be just as easy to roll your own
depending on how closely Apache::AuthCookie's features match what you're
trying to do.  However, I don't have much experience with Apache::AuthCookie
so I can't speak too much on that module.

I hope this helps.

-Will

______________________________
William R. Rico
CommonMind LLC
545 Eighth Ave 23rd Fl
New York, NY 10018
http://www.commonmind.com/

Email: wrml@commonmind.com

----- Original Message -----
From: "Kenny Pyatt" <kenny@dshack.com>
To: <cgiapp@lists.vm.com>
Sent: Friday, January 18, 2002 2:12 PM
Subject: [cgiapp] Logistics question


> Hello,
>
> I am working on a general user auth system.  I have a small logistical
> question for everyone.
>
> Currently the system is planned to work like this:
>
> 1. The app checks for a cookie named username.
> 2. If username has a value then the app checks the database and see if
> the user is in the ActiveUsers table.
> 3. If the user is in the ActiveUsers Table then the action is allowed.
>     else send them to the login.cgi.
>
> This seems to be working fine with the an exception.  The cookie expires
> after 30 minutes and they get logged out.  I have a cron
> job that cleans the ActiveUsers table every few minutes so that the
> inactive users are "logged out".  I am currently checking
> the for the session in the index.cgi instead of the module.  I need to
> update the cookie but I am confused about how and where to do this.
>
> I would like to move all of this out of the index.cgi and into the
> App.pm or something.  How do I implement this in the module rather than
> in the actual cgi script?  Do I need to write a sub and call it in the
> setup?
>
> Here is a chopped up index.cgi:
>
> #!/usr/bin/perl -w
>
> # Includes
> use strict;
> use CGI::Carp 'fatalsToBrowser';
> use CGI;
> use App;
>
> # Make a new NewApp object
> my $app = App->new(TMPL_PATH => 'templates/');
>
> my $cgi = new CGI;
> my $username = $cgi->cookie('username');
>
> if ($username ne "")
> {
>     # Check for the user in the database
>     my $dbh = DBI->connect("DBI:mysql:$databaseName", $dbUser, $dbPass)
>                       or die "Could not connect to database: " .
> DBI->errstr;
>     my $sth = $dbh->prepare('SELECT username FROM Users WHERE username=?
> AND password=?');
>     $sth->execute($cgi->param('username'), $cgi->param('password')) or
> die "Died at execute: " . DBI->errstr;
>     my ($dbUser) = $sth->fetchrow_array;
>
>     if ($dbUser ne "")
>     {
>         # They are valid!
>         # You need to update the cookie to stop from being logged out
>
>         # Perform the action
>         $app->run();
>     }
> }
> else
> {
>     # They were not logged... send them to the login screen
>     print "Status: 302 Moved\nLocation:login.cgi\n\n";  # find a better
> way to do this
>
> }
>
> Thanks,
> Kenny Pyatt
> President
> Design Shack
> www.dshack.com
>
> PS. Thanks Jesse (for writing and distributing CGI::App... it rules) and
thanks Sam (for HTML::Template).
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: cgiapp-unsubscribe@lists.vm.com
> For additional commands, e-mail: cgiapp-help@lists.vm.com
>
>


[prev in list] [next in list] [prev in thread] [next in thread]