Authentication-Driven Content

A simple authentication handler either accepts or rejects users. If you instead want to give them different output if authentication fails, you could use a pair of Perl handlers, one on the authentication hook and one on content generation. If the user tries to authenticate, the authentication handler checks that the username and password match (in this case, in the Unix password file), and creates a "note" that the content handler should enter authenticated mode. (We use the pnotes method here rather than notes since there is no need for the note to be sent back to the web server; if we needed to log the contents of the note, then the pnotes method would not be sufficient.) Otherwise, the authentication handler does not create a note and simply allows the user through in anonymous mode.

The content handler then checks whether the note is present, and prints one page or the other depending on the result of that check.

package AuthContent;
 
use strict;
use Zeus::ModPerl;
use Zeus::ModPerl::Constants qw( :common );
 
sub authen ($$)
{
    my( $pkg, $r ) = @_;
 
    my( $ret, $password ) = $r->get_basic_auth_pw();
 
    if( $ret != OK ) { return $ret }
 
    my $errmsg = '';
    my $user   = $r->connection()->user();
 
    if( defined($user) )
    {
        my @pw = getpwnam( $user );
 
        if( @pw && (crypt($password,$pw[1]) ne $pw[1]) )
        {
            $r->note_basic_auth_failure();
            $r->log_reason( $errmsg, $r->filename() );
            return AUTH_REQUIRED;
        }
 
        $r->pnotes( authenticated => 1 );
    }
 
    return OK;
}
 
sub content ($$)
{
    my( $pkg, $r ) = @_;
 
    if( $r->pnotes( 'authenticated' ) )
    {
        my $user = $r->connection()->user();
        print( <<EOF );
<html>
  <head><title>Authenticated page</title></head>
  <body>You are authenticated as user '$user'.</body>
</html>
EOF
    }
    else
    {
        print( <<EOF );
<html>
  <head><title>Anonymous page</title></head>
  <body>You are not authenticated.</body>
</html>
EOF
    }
    return OK;
};
 
1;

To install this example using the Administration Server user interface, put the above code in $ZEUSHOME/zperl/local/lib/site_perl/AuthContent.pm, enable Perl Extensions in the user interface, add the paths that should be controlled by this, and add AuthContent->authen as an authentication handler and AuthContent->content as a content generation handler for those paths.

You will also need to enable the htaccess support, and create an htaccess file with an 'authname' entry, and a global htaccess file with 'passenvauthorization on' in a suitable 'Directory' tag.

Content Manager [Administrator] 16 December 2005

Comments are closed for this post.

Recently...

Other Resources

The ZWS Online Support service is provided as is, without warranty or specific endorsement by Zeus Technology. For technical support queries, please contact Zeus Technical Support. Articles and comments may not reflect the views of Zeus Technology. • Disclaimer and Privacy statement.