I use an authentication system for my site based on .htaccess,
where user passwords are stored, encrypted, in a database, and then
written to a passwd file regularly.
My problem is this:
When we were using a cookie system, we had a link in index.cgi that
displayed on the home page that said "I am not So-n-so". Clicking on
this link used to take the user to the login screen. We no longer
have a login screen with a proper URL, but rather the standard
..htaccess pop-up, and users only have to authenticate once per session,
as entered in the httpd.conf.
I have to find a way to somehow create a link that will force a 401
error and cause the pop-up to spawn. What I have tried is this:
LINK:
span( { -class => 'welcome' }, "Hi, $name!" ) . br .
span( { -class => 'small' },
a(
{ -href => '/dir/index.cgi?auth=401' },
'I am not ' . $name
)
) . p
CODE:
sub StartHtml {
## Changing username ("I am not Username" link)
if (param( 'auth' ) == 401) {
print header (
-status => '401 Authorization Required',
-WWW_Authenticate => 'Basic;
realm="Builder Tools (Note: username must be all lowercase)"'
);
}
It isn't working at all, but instead gives me a slightly odd version of the same page,
as the user the person is trying not to be.
Perhaps the timing of the header isn't correct, and the server never gets involved?
Sorry I haven't explained this very well, but I am lacking in knowledge of proper
terminology...
If anyone out there has experience in forcing a 401, any help would be deeply
appreciated.
--
Namaste,
Kristin
"We must love them both, those with whom we agree,
and those with whom we disagree.
For both have labored in the search of truth,
and both have helped in the finding of it."
-- Saint Thomas Aquinas
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
