| [reply] [Watch: Dir/Any] |
This is a topic that has interested me as well. Although I
havent had the time to fully explore it, I think you may want
to start by looking into apache::htpasswd.
It looks like it provides a good deal of the abilities that you're
looking for. Plus, I believe its written by one of our own.
You may also want to read through this which seems to
provide some external info on the topic you're interested in.
humbly -c | [reply] [Watch: Dir/Any] |
Thanks c, but...
I don't have apache::htpasswd module installed, and as I said above, can't install it. Its not really the crux of the problem anyway, as I can handle parsing the htpasswd file.
What really concerns me is how to capture the username and password entered in the authentication dialog box. I'll explain in a bit more depth:
I activate an authentication dialog box by sending the following HTTP headers, using CGI.pm:
print $query->header('WWW-Authenticate: Basic realm="Private"'),
$query->header('HTTP/1.0 401 Unauthorised');
Now, if I were using PHP (!), the user name and password would be stored in $PHP_AUTH_USER and $PHP_AUTH_PW, which I would then try to match against the htpasswd file.
Also, I use these aforementioned variables in PHP with the isset() function to determine whether the
user has logged in yet.
Anything php can do, Perl can do better?.
Of course a proper implementation of htaccess security would not use isset(), but would send some sort of success message back to the client browser, causing the $REMOTE_USER environment variable to be set. But now I am out of my depth.
Any suggestions, O wise ones?
*~-}hotyopa{-~* | [reply] [Watch: Dir/Any] [d/l] |
Something I've never been able to figure out, and is either because I'm missing something quite obvious, or because there really is no answer is: Why does PHP bother to have set $PHP_AUTH_USER anyway? As far as I can tell, it's always the same as $REMOTE_USER.
As for getting the password, I don't think that's necessary (although I'm sure there's some way you could do it). $REMOTE_USER is only ever going to be set it the user has logged in successfully, so all you need to do is check whether $REMOTE_USER has been set or not - the existence of $REMOTE_USER itself is the "success message".
| [reply] [Watch: Dir/Any] |