Re: [OT] auth modules

[Matt Carothers]

On Tue, 18 Jul 2000, martin langhoff wrote:

> The marketing dept here wants something really weird: they
> want to publish a datasheet in a 'protected' page, but the want the
> usr/pw hashes to be 'one time only'. So the user must be deleted after
> the first time it is used.

That should be all but trivial to implement.  Off the top of my head:

sub handler
{
my $r = shift;

# Only execute for the first internal request
return OK unless $r->is_initial_req;

# Replace this with your favorite data store.
tie %password, 'DB_File', $password_file
or die "can initialize $password_file: $!";

# Get the username and password sent from the client
my ($res, $sent_pw) = $r->get_basic_auth_pw;
return AUTH_REQUIRED if !$sent_pw;
my $username = $r->connection->user;

# crypt() the sent password and see if it matches the stored one
if (crypt($sent_pw, $password{$username}) eq $password{$username})
{
# If so, delete the key and return OK
delete $password{$username};
$r->connection->auth_type('Basic');
$r->connection->user($username);

return OK;
} else {
# Otherwise return AUTH_REQUIRED
return AUTH_REQUIRED;
}
}

- Matt

[OT] auth modules

[martin langhoff]

hi,

this is a question closely related to Perl, and my lazyness as a Perl
programmer. The marketing dept here wants something really weird: they
want to publish a datasheet in a 'protected' page, but the want the
usr/pw hashes to be 'one time only'. So the user must be deleted after
the first time it is used.

I was about to grab my Eagle's book authenz handler, and patch it
heavily, but maybe there's already a module withthat capability. Does
anyone know of one? At least one that'd be easily patched?




martin - [ trying to get CPAN to connect from here ]