On Tue, 18 Jul 2000, martin langhoff wrote:
The marketing dept here wants something really weird: they
want to publish a datasheet in a 'protected' page, but the want the
usr/pw hashes to be 'one time only'. So the user must be deleted after
the first time it is used.
That should be all but trivial to implement. Off the top of my head:
sub handler
{
my $r = shift;
# Only execute for the first internal request
return OK unless $r-is_initial_req;
# Replace this with your favorite data store.
tie %password, 'DB_File', $password_file
or die "can initialize $password_file: $!";
# Get the username and password sent from the client
my ($res, $sent_pw) = $r-get_basic_auth_pw;
return AUTH_REQUIRED if !$sent_pw;
my $username = $r-connection-user;
# crypt() the sent password and see if it matches the stored one
if (crypt($sent_pw, $password{$username}) eq $password{$username})
{
# If so, delete the key and return OK
delete $password{$username};
$r-connection-auth_type('Basic');
$r-connection-user($username);
return OK;
} else {
# Otherwise return AUTH_REQUIRED
return AUTH_REQUIRED;
}
}
- Matt