Re: [OT] auth modules

[Matt Carothers]

On Tue, 18 Jul 2000, martin langhoff wrote:

 The marketing dept here wants something really weird: they
 want to publish a datasheet in a 'protected' page, but the want the
 usr/pw hashes to be 'one time only'. So the user must be deleted after
 the first time it is used.

That should be all but trivial to implement.  Off the top of my head:

sub handler
{
my $r = shift;

# Only execute for the first internal request
return OK unless $r-is_initial_req;

# Replace this with your favorite data store.
tie %password, 'DB_File', $password_file
or die "can initialize $password_file: $!";

# Get the username and password sent from the client
my ($res, $sent_pw) = $r-get_basic_auth_pw;
return AUTH_REQUIRED if !$sent_pw;
my $username = $r-connection-user;

# crypt() the sent password and see if it matches the stored one
if (crypt($sent_pw, $password{$username}) eq $password{$username})
{
# If so, delete the key and return OK
delete $password{$username};
$r-connection-auth_type('Basic');
$r-connection-user($username);

return OK;
} else {
# Otherwise return AUTH_REQUIRED
return AUTH_REQUIRED;
}
}

- Matt

[OT] auth modules

[martin langhoff]

hi,

this is a question closely related to Perl, and my lazyness as a Perl
programmer. The marketing dept here wants something really weird: they
want to publish a datasheet in a 'protected' page, but the want the
usr/pw hashes to be 'one time only'. So the user must be deleted after
the first time it is used.

I was about to grab my Eagle's book authenz handler, and patch it
heavily, but maybe there's already a module withthat capability. Does
anyone know of one? At least one that'd be easily patched?




martin - [ trying to get CPAN to connect from here ]