> Oh, I don't know, I think the poster was asking about how to produce this
> effect with mod_perl. He wants to know *whether* a login was provided, even
> on a *non-protected* page. That would let you say (while serving any old
> page):
>
> if( $ENV{REMOTE_USER} eq 'admin' ) {
> $r->print('Yo, you can do <a href="/admin/">extra kewl stuff</a> here.');
> }
Yes, that is quite the case.
> In one of the earlier stages of processing - maybe a FixupHandler or ? a
> AuthenHandler might be appropriate - you can do something like this:
>
> my $a = $r->header_in('Authorization');
> $a =~ s/^Basic (.*)/$1/;
> my( $user, $pass ) = split(':', decode_base64( $a ) );
>
> if( <check the username/password as you wish> ) {
> $ENV{REMOTE_USER} = $user;
> }
>
> So, now you can tell later during the request with a username/password was
> offered (and you know it was a valid login/pass combo).
That's very interesting! I don't think I can use an auth handler because
then I would have to password protect the whole site (which I don't want
to).
I want to have just ONE page which is password protected (i.e.
/login.html). The page would just be a redirect, but once the user
entered his credentials then the browser should send them on the whole
site and then I could do the following:
/foo/properties.html
IF authenticated
IF authorized => trigger /foo/properties.html
ELSE => send custom error page
ELSE
redirect to /login.html?from=<uri>
Anyway I'm going to try that fixup handler thingie and I'll tell you how
it goes :-)
Cheers,
--
IT'S TIME FOR A DIFFERENT KIND OF WEB
================================================================
Jean-Michel Hiver - Software Director
[EMAIL PROTECTED]
+44 (0)114 255 8097
================================================================
VISIT HTTP://WWW.MKDOC.COM
