Hey all
I'm trying to get PerlAuthenHandler to work but when I go to a URL that
I've set it up on, it asks for a username and password and then lets me
in no matter what I type.
My entry in Apache's .conf file is:
------------------------------------------------------------------------
PerlModule TVSpecial::Admin;
<Location /admin>
SetHandler perl-script
PerlResponseHandler TVSpecial::Admin
PerlAuthenHandler TVSpecial::Auth
AuthType Basic
AuthName "Television Special Resources"
Require valid-user
</Location>
------------------------------------------------------------------------
Then the TVSpecial::Auth module contains:
------------------------------------------------------------------------
package TVSpecial::Auth;
use strict;
use Apache2::Access ();
use Apache2::RequestUtil ();
use Apache2::Const -compile => qw(OK DECLINED HTTP_UNAUTHORIZED);
use DBI;
sub handler {
my $r = shift;
Apache2::RequestUtil->request($r);
my ($status,$pw) = $r->get_basic_auth_pw;
return $status if $status != Apache2::Const::OK;
my $dbh = DBI->connect(undef,undef,undef,{RaiseError => 1, PrintError =>
1}) or die("Cannot connect to DB");
return Apache2::Const::OK if ($dbh->selectrow_array("SELECT userid FROM
users WHERE username=? AND password=?",undef,$r->user,$pw))[0];
$r->note_basic_auth_failure;
return Apache2::Const::HTTP_UNAUTHORIZED;
}
1;
------------------------------------------------------------------------
Can anyone see a reason why no matter what username/password I put in,
it authenticates them successfully? BTW I've set DBI_DSN, DBI_USER and
DBI_PASS in the .conf file as well, and my PerlResponseHandler works
fine with the same DBI->connect statement, so I can't see that being a
problem.
Thanks in advance
--
Brett Randall
Support & Development Manager
Technology Services
Hillsong Church
02 8846 4800
________________________________________________________________________
The material contained in this email may be confidential, and may also
be the subject of copyright and/or privileged information. If you are
not the intended recipient, any use, disclosure or copying of this
document is prohibited. If you have received this document in error,
please advise the sender and delete the document.
This email communication does not create or vary any contractual
relationship between Hillsong and you. Internet communications are not
secure and accordingly Hillsong does not accept any legal liability
for the contents of this message.
Please note that neither Hillsong nor the sender accepts any
responsibility for viruses and it is your responsibility to scan the
email and any attachments.
Hillsong
www.hillsong.com
________________________________________________________________________
