> Oh, I don't know, I think the poster was asking about how to produce this > effect with mod_perl. He wants to know *whether* a login was provided, even > on a *non-protected* page. That would let you say (while serving any old > page): > > if( $ENV{REMOTE_USER} eq 'admin' ) { > $r->print('Yo, you can do <a href="/admin/">extra kewl stuff</a> here.'); > }
Yes, that is quite the case. > In one of the earlier stages of processing - maybe a FixupHandler or ? a > AuthenHandler might be appropriate - you can do something like this: > > my $a = $r->header_in('Authorization'); > $a =~ s/^Basic (.*)/$1/; > my( $user, $pass ) = split(':', decode_base64( $a ) ); > > if( <check the username/password as you wish> ) { > $ENV{REMOTE_USER} = $user; > } > > So, now you can tell later during the request with a username/password was > offered (and you know it was a valid login/pass combo). That's very interesting! I don't think I can use an auth handler because then I would have to password protect the whole site (which I don't want to). I want to have just ONE page which is password protected (i.e. /login.html). The page would just be a redirect, but once the user entered his credentials then the browser should send them on the whole site and then I could do the following: /foo/properties.html IF authenticated IF authorized => trigger /foo/properties.html ELSE => send custom error page ELSE redirect to /login.html?from=<uri> Anyway I'm going to try that fixup handler thingie and I'll tell you how it goes :-) Cheers, -- IT'S TIME FOR A DIFFERENT KIND OF WEB ================================================================ Jean-Michel Hiver - Software Director [EMAIL PROTECTED] +44 (0)114 255 8097 ================================================================ VISIT HTTP://WWW.MKDOC.COM