Re: Getting username and password from the URL.
by Zoogie (Curate) on Jun 11, 2000 at 01:08 UTC
|
Dunno about password, but the username is simply $ENV{'REMOTE_USER'}. | [reply] [Watch: Dir/Any] |
Re: Getting username and password from the URL.
by lhoward (Vicar) on Jun 11, 2000 at 02:17 UTC
|
You can set up a simple CGI to show you all
the environmental variables. Then just call it and
see if there is one that contains the password:
#!/usr/bin/perl -w
print "Content-type: text/html\n\n<html><body>";
foreach (keys %ENV){
print "$_ -> $ENV{$_}<br>\n";
}
print "</body></html>";
| [reply] [Watch: Dir/Any] [d/l] |
Re: Getting username and password from the URL.
by chromatic (Archbishop) on Jun 11, 2000 at 02:27 UTC
|
$ENV{REMOTE_USER} will give you the username, after it's been authenticated by the web server.
If you've built your own server out of something like HTTP::Daemon, you can get a request object and grab the Authorization header to parse it yourself:
my $r = $daemon->get_request();
my ($username, $password) = split(/:/, $r->header('Authorization'), 2)
+;
Update:
Yeah, that did say 'REQUEST_USER' before. Sorry, I merged the right line with the description of 'REQUEST_METHOD' as I read it. | [reply] [Watch: Dir/Any] [d/l] |
|
Are you aware of an existing HTTP::Daemon-side implementation of Digest authentication?
| [reply] [Watch: Dir/Any] |
Re: Getting username and password from the URL.
by btrott (Parson) on Jun 11, 2000 at 02:48 UTC
|
And, for the sake of completeness... if you're using mod_perl,
you can get the username from the Apache request record
($r):
my $user = $r->connection->user;
| [reply] [Watch: Dir/Any] [d/l] |
Re: Getting username and password from the URL.
by httptech (Chaplain) on Jun 11, 2000 at 16:19 UTC
|
If you really need the password, there is a way you can get
it, but not from the CGI script itself. You can use mod_auth_external
to do your authentications, and use some sort of cache to store
the username and password, then have your CGI script read that
and compare to the REMOTE_USER environment variable. You're
going to take a performance hit for doing this though.
If you use Apache's built-in authentication modules,
you can be relatively certain the password was given correctly,
so there's probably no need to check it a second time in your script.
It also seems like you should be able to implement something
in mod_perl to obtain the password, but I haven't looked into
it enough to know.
| [reply] [Watch: Dir/Any] |
|
| [reply] [Watch: Dir/Any] |
RE: Getting username and password from the URL.
by Kozz (Friar) on Jun 11, 2000 at 06:05 UTC
|
If the referring URL also used the same type of user:password authentication, you could always extract both the user & password from the $ENV{'HTTP_REFERER'} using a REGEXP.
UPDATE: I should have tried it first. NO worky. It appears that Netscape (and I'm guessing other browsers) remove this info from the referring url string before sending the request.
| [reply] [Watch: Dir/Any] |
RE: Getting username and password from the URL.
by jjhorner (Hermit) on Jun 12, 2000 at 03:08 UTC
|
If you are using mod_perl, try this:
$username = $r->connection->user
my($ret, $password) = $r->get_basic_auth_pw;
The $username will be the username entered when challenged,
$ret will be either OK, DECLINED, SERVER_ERROR, or
AUTH_REQUIRED, and $password will be the plain text password
entered at the challenge. These must be used with Basic
authorization type.
J. J. Horner
Linux, Perl, Apache, Stronghold, Unix
jhorner@knoxlug.org http://www.knoxlug.org/
| [reply] [Watch: Dir/Any] [d/l] |
|
#!/usr/bin/perl
print "Content type: text/html\n\n";
$username = $r->connection->user;
my($ret, $password) = $r->get_basic_auth_pw;
print $password;
And I get an "Internal Server Error". Do I have to use some library or something on the script?
Thanks!
| [reply] [Watch: Dir/Any] [d/l] |
|
my $r = Apache->request;
To set the script up as Apache::Registry, add something like this to
httpd.conf:
<Location /perl>
SetHandler perl-script
PerlHandler Apache::Registry
Options +ExecCGI
</Location>
This sets up the perl subroutine under the document root
to run under Apache::Registry. So put your script there.
Or, if you set up a
mod_perl handler, your handler subroutine will be passed
$r.
For example, you might set up a handler thusly in your httpd.conf:
<Location /foo>
SetHandler perl-script
PerlHandler My::Foo
</Location>
And then in My::Foo:
package My::Foo;
use strict;
sub handler {
my $r = shift;
my $user = $r->connection->user;
my($ret, $password) = $r->get_basic_auth_pw;
$r->send_http_header;
$r->print($user);
$r->print($password);
}
1;
I'd recommend trying the first approach. | [reply] [Watch: Dir/Any] [d/l] [select] |
|
J. J. Horner
Linux, Perl, Apache, Stronghold, Unix
jhorner@knoxlug.org http://www.knoxlug.org/
| [reply] [Watch: Dir/Any] |
Re: Getting username and password from the URL.
by mt2k (Hermit) on Jun 11, 2000 at 03:39 UTC
|
To simply say: There is no way you can get the password of the user logged on.
I tried the same thing before and was put down with no way of getting up.
As everyone else has said, $ENV{'REMOTE_USER'} contains username.
From chromatic's post, I must say I've never heard of $ENV{'REQUEST_USER'}.
So, no, there is no way to receive the password of the user from headers.
I hope you didn't really need the password, adn if you do, I have no idea! | [reply] [Watch: Dir/Any] |