Basic authentication

2003-09-16 Thread Stephen Hardisty 
Hi,
I'm having a bit of trouble authenticating users. The script I have works, but only a 
couple of times before it just sends out 401 without prompting the user for their 
details. We have mod_perl 1.99_05 installed, we don't want to upgrade as we would have 
more applications to upgrade than time.

Any help/questions would be appreciated. The problem script is below:

use strict;
use Apache::Const qw(OK AUTH_REQUIRED);
use lib qw(/var/www/html/opbms/libs);
use CheckLogin;
use CreateFrames;

my $r = shift;

print Content-Type:text/html\n\n;

my ($status, $password) = $r-get_basic_auth_pw;

if ($status != OK)
{
$r-status($status);
exit($status);
}

my $ip = '127.0.0.1';
my $port = 31555;

if (CheckLogin::Check($r-user, $password, $port, $ip) eq '1')
{
CreateFrames::Create($r-user, $password, $port, $ip);
}
else
{
$r-note_basic_auth_failure;
$r-status(AUTH_REQUIRED);
exit(AUTH_REQUIRED);
}


Cheers!!


This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com

Re: Basic authentication

2003-09-16 Thread Geoffrey Young 


Stephen Hardisty wrote:
Hi,
I'm having a bit of trouble authenticating users. The script I have works, but only a 
couple of times before it just sends out 401 without prompting the user for their 
details. We have mod_perl 1.99_05 installed, we don't want to upgrade as we would have 
more applications to upgrade than time.
Any help/questions would be appreciated. The problem script is below:

use strict;
use Apache::Const qw(OK AUTH_REQUIRED);
use lib qw(/var/www/html/opbms/libs);
use CheckLogin;
use CreateFrames;
my $r = shift;

print Content-Type:text/html\n\n;
don't do that - AUTH_REQUIRED is an error status, so apache will send it's 
own set of headers.

my ($status, $password) = $r-get_basic_auth_pw;

if ($status != OK)
{
$r-status($status);
exit($status);
}
yike!

you shouldn't ever play with $r-status.  calling exit is also not the 
standard way.

examples of auth handlers abound, so you should really just be following 
them - even though you are using mod_perl 2.0, the API is really the same 
wrt get_basic_auth_pw() etc.

some examples include the many, many modules on CPAN.  you can also find 
detailed auth examples in

http://www.modperlcookbook.org/chapters/ch13.pdf

and

http://www.modperlcookbook.org/code/ch13/

specifically

http://www.modperlcookbook.org/code/ch13/Cookbook/Authenticate.pm

HTH

--Geoff

Re: mod_perl Basic Authentication problem using PerlAuthenHandler

2002-04-18 Thread Jason 

Thank you... cant believe I missed that...  was to excited about the ability to do my 
own auth program
I added
allow from x.x.x.x

and it worked great

Thank you.

- Original Message - 
From: Geoffrey Young [EMAIL PROTECTED]
To: Jason [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Wednesday, April 17, 2002 6:21 PM
Subject: Re: mod_perl Basic Authentication problem using PerlAuthenHandler


 
 
 Jason wrote:
 
  In httpd.conf i have
  Location /~jter
 
 
 [snip]
 
 
  Deny from all
  /Location
 
 
 [snip]
 
 
  
  It warns to the log file and returns But the problem is, why does my browser 
come up forbidden
 
 I suspect Deny from all is the issue...
 
 the PerlAccessHandler will run before the apache default mod_access gets the 
 chance to implement the Deny rule.  on a successful login, your 
 PerlAccessHandler will return OK, which is then denied by mod_access, resulting 
 in a FORBIDDEN message.
 
 unlike with the PerlAuthenHandler, which immediately terminates on the first OK, 
 the PerlAccessHandler will keep going in search of failure.
 
   Has anybody gotten this to sucessfully work?
 
 yes :)
 
 you may be interested in chapter 13 of the cookbook, which should help clarify 
 things somewhat.
 
 --Geoff

mod_perl Basic Authentication problem using PerlAuthenHandler

2002-04-17 Thread Jason 

In httpd.conf i have
Location /~jter
PerlAccessHandler ApacheAuthentication
PerlSetVar Intranet 65.103.229.188 = joe, 10.10.10.2 = userB
PerlAuthenHandler ApacheAuthentication
AuthName realm
AuthType Basic
Require valid-user
Order deny,allow
Deny from all
/Location







And my module is
package ApacheAuthentication;
#use strict;
use Apache::Constants qw(:common);
use Apache::URI;
use Apache::File;

sub handler {
my $r = shift;
# get user's authentication credentials
my ($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
my $user = $r-connection-user;
# authenticate through DBI
my $reason = authen_dbi($r, $user, $sent_pw);
if ($reason) {
$r-note_basic_auth_failure;
$r-log_reason($reason, $r-uri);
return AUTH_REQUIRED;
}
warn FINISHED $user $sent_pw;
return OK;
}






It warns to the log file and returns But the problem is, why does my browser come 
up forbidden

Has anybody gotten this to sucessfully work?
Server Version: Apache/1.3.22 (Unix) PHP/4.0.6 mod_perl/1.26 mod_ssl/2.8.5 
OpenSSL/0.9.6b 

Thanks in advance