On Tue, 18 Jul 2000, martin langhoff wrote:
> The marketing dept here wants something really weird: they
> want to publish a datasheet in a 'protected' page, but the want the
> usr/pw hashes to be 'one time only'. So the user must be deleted after
> the first time it is used.
That should be all but trivial to implement. Off the top of my head:
sub handler
{
my $r = shift;
# Only execute for the first internal request
return OK unless $r->is_initial_req;
# Replace this with your favorite data store.
tie %password, 'DB_File', $password_file
or die "can initialize $password_file: $!";
# Get the username and password sent from the client
my ($res, $sent_pw) = $r->get_basic_auth_pw;
return AUTH_REQUIRED if !$sent_pw;
my $username = $r->connection->user;
# crypt() the sent password and see if it matches the stored one
if (crypt($sent_pw, $password{$username}) eq $password{$username})
{
# If so, delete the key and return OK
delete $password{$username};
$r->connection->auth_type('Basic');
$r->connection->user($username);
return OK;
} else {
# Otherwise return AUTH_REQUIRED
return AUTH_REQUIRED;
}
}
- Matt
