http://qs321.pair.com?node_id=246148


in reply to htaccess through perl without apache

Another option is to not deal with the htpasswd file and store and test user credentials within your program. For example: 
use CGI;
my $request = CGI->new;
if( $ENV{'REMOTE_USER'} eq "sutch" && $ENV{'REMOTE_PASSWD' } eq "myb4d
+" ) {
  # user is authenticated
  print $request->header;
  # return restricted web page here
} else {
  print $request->header( '-status' => '401 Authentication required', 
+'-auth-type' => 'Basic', '-WWW-Authenticate' => 'Basic realm="My Rest
+ricted Area"' );
  # return failed authentication message here
}

[download]
This will provide the user with the familiar username/password dialog box that is displayed when using htaccess. Instead of Apache handling the authentication though, the script tests the REMOTE_USER and REMOTE_PASSWD environment variables to authenticate the user.

A benefit of handling the authentication yourself is that you can also expire authenticated sessions and allow users to logout. This can be done by returning a 401 status with different realm text.

Replies are listed 'Best First'.
Re: Re: htaccess through perl without apache
by true (Pilgrim) on Mar 27, 2003 at 06:31 UTC
    This sounds interesting.

    But i'm not getting the environment variables REMOTE_USER and REMOTE_PASSWD returning anything. I login successfully with htaccess but neither return anything. 

    #!/usr/bin/perl
use CGI;
my $request = CGI->new;
print $request->header;
print <<EOM;
CHECK/$ENV{'REMOTE_USER'}/$ENV{'REMOTE_PASSWD'}
EOM
exit;

    [download]
    This is running on Win2k Apache2 BTW.

    thanks update

    $ENV{'REMOTE_USER'} will return but $ENV{'REMOTE_PASSWD'} will not

[reply]
[d/l]

In Section Seekers of Perl Wisdom