I am trying to create a website with predominantly dynamic
content (mod_perl + DBI + mySQL) for an online community.
I can manage Perl and mySQL fairly proficently, however
I've no idea how to successfully create what I want using
mod_perl and Apache (actually, I know next to nothing about
them).
--- Background information ---
The website shall be split into a public and private
section, and will share a common layout and appearance
(although I might add little visual clues to indicate which
section they are in). When members wish to login I want
them to do so via the public section (from that page), and
then be able to access the additional links/features of the
private section.
I wish to handle all the database actions in my own code,
unless something fits perfectly. When members try to
login, my aims are:
1. Check login name, and password.
2. Check member hasn't been suspended.
3. Return the membership ID number for the next stage.
The membership ID number will be used to decide what access
level the members have (what forums, tools etc they can see
and use). The SQL table is specified as:
CREATE TABLE access (
member_id int(10) unsigned NOT NULL,
account_name varchar(16) NOT NULL,
account_password varchar(16) NOT NULL,
state enum('A', 'S') DEFAULT 'A' NOT NULL,
PRIMARY KEY (account_name)
);
Imagine I now create an object to wrap around this, with
the following method:
my $permission = $access->check($account_name,
$account_password);
which returns the membership number if valid,
or the value -1 for a suspended account,
or undef for no account.
--- Questions ---
1. Can this be done (nicely) as a
authentication/authorization handlier?
2. Do most hosting companies allow
authentication/authorization handlers? (Using HostRocket
at the moment).
3. What is the most appropriate session management system?
I'm thinking of using cookies (client side) to store a
session key, rather than resubmitting the password data.
The server side stores this session key in the database.
4. How does the membership ID get passed to the next stage?
5. What is the time to do additional access checking (for
senior/admin users)? I was planning to do it a little
later on, but it is probably better to do it once (i.e.
with this).
6. What is a realistic time to expect all this to happen
in?
I'm sure I've missed a few questions...
Any help appriecated, especially links to relevent
documentation.
Jonathan Paton
NB - Whilst my preferred answer to these questions is a
coded solution, I have a restriction (self imposed) - I'd
prefer to have full copyright on the final code, thus I ask
any major ideas/code includes permission to use it freely -
or else be good enough to be worth adding your name provide
I use it :)
__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page from News and Sport to Email and Music
Charts
http://uk.my.yahoo.com
