If the resource is not public and the user is not authenticated yet,
you can add the 'WWW-Authenticate' http header and return the
Apache2::Const::HTTP_UNAUTHORIZED status.
This will trigger the browser to show the login dialog.
You can also create a cookie and a session table in a database and check
with this session.
Example:
my $authheader = $r->headers_in->{Authorization};
$r->err_headers_out->set("WWW-Authenticate" => 'Basic realm="My Site"');
# user did not enter credentials yet
unless ($authheader){
return Apache2::Const::HTTP_UNAUTHORIZED
}
# get the user and password
my ($user, $passwd) = getBasicAuth(($authheader);
# check your user and password
unless (checkUserInDB($user, $passwd)){
return Apache2::Const::HTTP_UNAUTHORIZED
}
return Apache2::Const::OK
########################## sub getBasicAuth ##########################
sub getBasicAuth {
my $authheader = shift;
return unless $authheader;
my ($cram) = $authheader =~ /^Basic (.*)/;
return unless $cram;
$cram = MIME::Base64::decode_base64 ($cram);
return split (/:/, $cram, 2);
}
---
Thomas den Braber
