in reply to htaccess through perl without apache
Another option is to not deal with the htpasswd file and store and test user credentials within your program. For example:
This will provide the user with the familiar username/password dialog box that is displayed when using htaccess. Instead of Apache handling the authentication though, the script tests the REMOTE_USER and REMOTE_PASSWD environment variables to authenticate the user.use CGI; my $request = CGI->new; if( $ENV{'REMOTE_USER'} eq "sutch" && $ENV{'REMOTE_PASSWD' } eq "myb4d +" ) { # user is authenticated print $request->header; # return restricted web page here } else { print $request->header( '-status' => '401 Authentication required', +'-auth-type' => 'Basic', '-WWW-Authenticate' => 'Basic realm="My Rest +ricted Area"' ); # return failed authentication message here }
A benefit of handling the authentication yourself is that you can also expire authenticated sessions and allow users to logout. This can be done by returning a 401 status with different realm text.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Re: htaccess through perl without apache
by true (Pilgrim) on Mar 27, 2003 at 06:31 UTC |
In Section
Seekers of Perl Wisdom