On Sun, 26 Nov 2006 13:36:55 -0500 Patrick Galbraith <[EMAIL PROTECTED]> wrote:
> Hi All, > > I'm in the process of trying to get this PerlTransHandler which does > a redirect back to the handler in such a way that once they log in, > instead of "/handler/" being the URI, it becomes "/handler/username". > I'm able to get a simple version of this, just for proof of concept, > that takes input from a form value called "op", and redirects > "/handlername/" to "/handlername/edit" for instance, if "op" is equal > to "edit". That works. So, the next step is to get the username, but > _only_ if the user is logged in. > > Currently, I have the main application handler do authentication > simply by checking username and password to the database (md5 hex of > the password) and if it matches, set a session cookie, which for > every subsequent operation is checked, and if set, the user is seen > as logged in. > > My PerlTransHandler that I wrote runs much earlier than the primary > application handler, and I then though "should this handle the > authentication", then reading even further, should I move > authentication to a PerlAuthenHandler (?). I would still want to use > my login page (not the login dialogue you obtain using .htpassword). > Having not coded mod_perl apps in a while, but remember somewhere > that this is pretty easy to do, I'm wondering if this is indeed a > good idea. You'll definitely want to use PerlAuth*Handlers here. That's what they are there for. Also, if you want to make things simple you can just set $r->user() to the username and then it is available to all of your other phases, just like BasicAuth. Oh and yes, you can use your own login forms with these. > Also, another question. I am coding this so it will work on a number > of apache/mod_perl versions, which includes allowing it to run using > CGI, which I've found using PerlTransHandler requires me to set > > PerlOptions +GlobalRequest > > to my httpd-perl.conf. What are the repercussions for using this > setting? It basically turns SetHandler mod_perl into half of SetHandler perl-script. Giving you a access to a the Apache request object from wherever, but not bothering to setup %ENV which is a slow down if you don't use it. --------------------------------- Frank Wiles <[EMAIL PROTECTED]> http://www.wiles.org ---------------------------------