> On Tue, 2003-11-11 at 17:06, Dan Muey wrote: > > Howdy group! > > > > Here's something I was wondering if anyone had experience with. > > > > If I create a login form with html that takes a username > and password. > > > > What do I need to do to make a script that will take that input > > and log the user in to an apache .htaccess protected directory? > > > > Is it a certain format header or ??? > > > > Or would I have to use mod_perl and create a whole separate > > authentication scheme? > > > > I'd like to do this: > > > > 1) Html form sends user an password to login.pl > > 2) login.pl makes sure the info is valid and if it is sends > > them to http://www.domain.com/admin/ along with the > authentication info. > > > > So the user's process would be this: type in info -> press > submit -> > > Either an Error or they're in. And if they went directly to > > http://www.domain.com/admin/ they'd get the standard login > popup form > > the browser. > > > > Any info would be most appreciated. > > Have a look at the following on CPAN: > > http://search.cpan.org/search?query=Apache%3AAuth&mode=module
> Most are implemented via mod_perl. > Hope this helps, Thanks Kevin it does, except I don't want to have to use mod_perl. What I found was that the javascript ones simply send a http://user:[EMAIL PROTECTED]/restricted/ and log you in. However that is quite insecure so what I'm doing is this( all Perl no javascript): 1) Submit form 2) create the user:pass@ type link except use https instead of http 3) make that link go to a simple script that simple does a Location header that sends them to the main page of the restricted site only with out the login info attached! Any ideas for improvements/pros/cons etc?? I realize it's not good to pass login info in plain view so that's why I use https and then do the Location to remove it. Doesn't the browser send it in hex format or something anyway? I also realize if it gets logged somewhere then it's available there. DMuey -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
