If the resource is not public and the user is not authenticated yet, you can add the 'WWW-Authenticate' http header and return the Apache2::Const::HTTP_UNAUTHORIZED status. This will trigger the browser to show the login dialog. You can also create a cookie and a session table in a database and check with this session. Example:
my $authheader = $r->headers_in->{Authorization}; $r->err_headers_out->set("WWW-Authenticate" => 'Basic realm="My Site"'); # user did not enter credentials yet unless ($authheader){ return Apache2::Const::HTTP_UNAUTHORIZED } # get the user and password my ($user, $passwd) = getBasicAuth(($authheader); # check your user and password unless (checkUserInDB($user, $passwd)){ return Apache2::Const::HTTP_UNAUTHORIZED } return Apache2::Const::OK ########################## sub getBasicAuth ########################## sub getBasicAuth { my $authheader = shift; return unless $authheader; my ($cram) = $authheader =~ /^Basic (.*)/; return unless $cram; $cram = MIME::Base64::decode_base64 ($cram); return split (/:/, $cram, 2); } --- Thomas den Braber