>>>>> "CH" == Carolyn Hicks <[EMAIL PROTECTED]> writes:
CH> this to something like 'InvalidLogin' in authen_cred, you can then check
CH> for this and set the reason via $r->subprocess_env in
AuthCookieHandler-> authen_ses_key, before AuthCookie->authenticate wipes
CH> the cookie out. Not extensively tested, but seems to work so far :)
This is what I do. Unfortunately the diagram in AuthCookie man page
is incorrect in that returning undef from authen_cred sends you back
to the login screen (last I checked), so one must pull these tricks.
my %errors =
(
'badpass' => 'Sorry, your login information is incorrect. Please try again.',
'suspended' => 'Sorry, your account is supended. Please contact us for
assistance.',
'sessfail' => 'Sorry, there was a problem establishing your session. Please try
again.',
'terminated' => 'Sorry, this account has been cancelled. Please create a new one.',
);
# Check credentials in database. If failure, return 'ERROR:code'
# where code is from %errors hash. On success, return the cookie
sub authen_cred ($$\@) {
my $self = shift;
my $r = shift;
my ($acct,$password,$isAdmin) = @_;
Apache->request($r); # need to set for openDB().
my $dbh = openDB() or return 'ERROR:sessfail';
# first, check id/password from database
my $orec = new orec()
or return 'ERROR:sessfail';
my $oid = $orec->acct_to_id($acct) or return 'ERROR:badpass';
eval { $orec->populate_id($oid); };
return 'ERROR:badpass' if ($@ and $@ =~ m/^notfound/);
return 'ERROR:terminated' if $orec->owner_status() eq 'terminated';
$orec->verify_password($password) or return 'ERROR:badpass';
# ok, so now create a session for them and use that session ID
# as their cookie value
my %session;
eval {
tie %session, 'Apache::Session::Postgres', undef,
{
Handle => $dbh,
Commit => 0,
};
};
if ($@) {
warn "authen_cred got $@ creating new session";
return 'ERROR:sessfail';
} else {
$session{user} = $orec->owner_email();
$session{owner_id} = $orec->owner_id();
if ($isAdmin) {
# instantiate the admin record in this session and log that
# this admin is impersonating this user.
my $arec = arec->new($orec->{_CONTEXT});
$arec->populate_id($arec->decode($isAdmin));
$session{arec} = $arec;
$arec->log_action('Logged in as account owner.',$orec);
}
return $session{_session_id};
}
}
# upon failure to authenticate the session, set MLMAuthReason environment and
# return undef.
sub authen_ses_key ($$$) {
my $self = shift;
my $r = shift;
my $key = shift;
Apache->request($r); # need to set for openDB().
if ($key =~ m/^ERROR:(\w+)(-\d+)?$/) {
# set $r->subprocess_env('MLMAuthReason') to failure reason
$r->subprocess_env('MLMAuthReason' => $errors{$1});
return undef;
}
# Check if key is in database.
my %session;
eval {
my $dbh = openDB();
tie %session, 'Apache::Session::Postgres', $key,
{
Handle => $dbh,
Commit => 0,
};
};
if ($@) {
warn "authen_ses_key got $@ retrieving session `$key'";
$r->subprocess_env('MLMAuthReason' => 'Unable to retrieve session. Possibly
expired. Please login again.');
return undef;
} else {
# got the session... now stash it away for later use
$r->pnotes('sessionkey',$key);
$r->pnotes('sessionhashref',\%session);
$r->pnotes('owner_id',scalar($session{owner_id}));
return $session{user};
}
}
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D. Khera Communications, Inc.
Internet: [EMAIL PROTECTED] Rockville, MD +1-240-453-8497
AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/
