>>>>> "CH" == Carolyn Hicks <[EMAIL PROTECTED]> writes:
CH> this to something like 'InvalidLogin' in authen_cred, you can then check CH> for this and set the reason via $r->subprocess_env in AuthCookieHandler-> authen_ses_key, before AuthCookie->authenticate wipes CH> the cookie out. Not extensively tested, but seems to work so far :) This is what I do. Unfortunately the diagram in AuthCookie man page is incorrect in that returning undef from authen_cred sends you back to the login screen (last I checked), so one must pull these tricks. my %errors = ( 'badpass' => 'Sorry, your login information is incorrect. Please try again.', 'suspended' => 'Sorry, your account is supended. Please contact us for assistance.', 'sessfail' => 'Sorry, there was a problem establishing your session. Please try again.', 'terminated' => 'Sorry, this account has been cancelled. Please create a new one.', ); # Check credentials in database. If failure, return 'ERROR:code' # where code is from %errors hash. On success, return the cookie sub authen_cred ($$\@) { my $self = shift; my $r = shift; my ($acct,$password,$isAdmin) = @_; Apache->request($r); # need to set for openDB(). my $dbh = openDB() or return 'ERROR:sessfail'; # first, check id/password from database my $orec = new orec() or return 'ERROR:sessfail'; my $oid = $orec->acct_to_id($acct) or return 'ERROR:badpass'; eval { $orec->populate_id($oid); }; return 'ERROR:badpass' if ($@ and $@ =~ m/^notfound/); return 'ERROR:terminated' if $orec->owner_status() eq 'terminated'; $orec->verify_password($password) or return 'ERROR:badpass'; # ok, so now create a session for them and use that session ID # as their cookie value my %session; eval { tie %session, 'Apache::Session::Postgres', undef, { Handle => $dbh, Commit => 0, }; }; if ($@) { warn "authen_cred got $@ creating new session"; return 'ERROR:sessfail'; } else { $session{user} = $orec->owner_email(); $session{owner_id} = $orec->owner_id(); if ($isAdmin) { # instantiate the admin record in this session and log that # this admin is impersonating this user. my $arec = arec->new($orec->{_CONTEXT}); $arec->populate_id($arec->decode($isAdmin)); $session{arec} = $arec; $arec->log_action('Logged in as account owner.',$orec); } return $session{_session_id}; } } # upon failure to authenticate the session, set MLMAuthReason environment and # return undef. sub authen_ses_key ($$$) { my $self = shift; my $r = shift; my $key = shift; Apache->request($r); # need to set for openDB(). if ($key =~ m/^ERROR:(\w+)(-\d+)?$/) { # set $r->subprocess_env('MLMAuthReason') to failure reason $r->subprocess_env('MLMAuthReason' => $errors{$1}); return undef; } # Check if key is in database. my %session; eval { my $dbh = openDB(); tie %session, 'Apache::Session::Postgres', $key, { Handle => $dbh, Commit => 0, }; }; if ($@) { warn "authen_ses_key got $@ retrieving session `$key'"; $r->subprocess_env('MLMAuthReason' => 'Unable to retrieve session. Possibly expired. Please login again.'); return undef; } else { # got the session... now stash it away for later use $r->pnotes('sessionkey',$key); $r->pnotes('sessionhashref',\%session); $r->pnotes('owner_id',scalar($session{owner_id})); return $session{user}; } } -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Vivek Khera, Ph.D. Khera Communications, Inc. Internet: [EMAIL PROTECTED] Rockville, MD +1-240-453-8497 AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/