Password Protection In CGI
Sir,
I am using Redhat 9, Perl 5.8.0 My problem is that I want to create password protected pages in CGI. I tried .htaccess but it is for directory level security. In my project I can assign each user access on per file basis. I think this could be solved using 'session variables' but I don't know how to do that in cgi (I know how to do it in ASP). I tried using Remote_user env variable. But how to make this value pretain to all pages. In short what I want to do is 1. User will encounter login page first. 2. I am storing user name password in mysql table. 3. If user name password r correct user will login. 4. Each user have unique user_id. 5. I just want to pass this id to every page.(using session variables) 6. Every program also has unique program id. So I will then check that perticular use has access to that program_id or not. So my problem is on step 5. Can u pls help. Regards Amit |
Hello,
You may want to look at http://cpan.uwinnipeg.ca/module/Apache::Session It is built for mod_perl but works with CGI as well. You can use the module to track users with cookies. Hope that helps. Shawn |
Thanks for replying shawn
I will check that url. But in the mean while can u pls tell Is it safe to use cookies ? Do all browsers support cookies ? What if someone disabled cookies ? Can't I use session variables in CGI ? Should I use hidden fields ? Regards Amit |
I looked at http://cpan.uwinnipeg.ca/module/Apache::Session
as told by shawn. I also tried http://cpan.uwinnipeg.ca/htdocs/Apac...ion/MySQL.html but when I tried the following code. #! /usr/bin/perl use Apache::Session::MySQL; my %session; #make a fresh session for a first-time visitor tie %session, 'Apache::Session::MySQL'; #stick some stuff in it $session{visa_number} = "1234 5678 9876 5432"; #get the session id for later use my $id = $session{_session_id}; #...time passes... #get the session data back out again during some other request my %session; tie %session, 'Apache::Session::MySQL', $id; &validate($session{visa_number}); #delete a session from the object store permanently tied(%session)->delete; --------------------------------------------------------------- It gave me following error Can't locate apache/session/mysql.pm in @INC (@INC contains: /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 .) at session.cgi line 2. BEGIN failed--compilation aborted at session.cgi line 2. [root@amitkhatri cgi-bin]# cd /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/Bundle/DBD ---------------------------------------------------------------------------------- Then I did locate mysql.pm /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/Bundle/DBD/mysql.pm /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/DBD/mysql.pm I copid the file mysql.pm from /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/Bundle/DBD/mysql.pm to /usr/lib/perl5/5.8.0 ----------------------------------------------------------------------------------- and compiled that code again. But it gave me the same error. my program name is session.cgi. I gave command perl session.cgi should i download some another mysql.pm ? or their is some mistake in my code ? Pls Help Amit |
It look as though you do not have Apache::Session::Mysql installed
In genreal whenever you see a perl error like: Can't locate apache/session/mysql.pm in @INC The module will be formed as Apache::Session::Mysql You should be able to see if it is installed using: #locate Apache/Session /usr/local/share/perl/5.8.4/Apache/Session/MySQL.pm you can install it using cpan. cpan -i Apache::Session::MySQL but I think just cpan -i Apache::Session will install it as well. Shawn |
Thanks Again shawn.
I will try installing it as u told. & then I will update u. Regards Amit |
Hey amit_28oct, why don't you just pass the user ID every time you start a CGI script? As follows:
http://www.myserver.com/cgi-bin/getf...i?UserID=12346 Then just retreive it when you need it... That is, just have your cgi script build the web page, or frame it, then all the links to CGI could have the right ID. |
Hello friends,
Sorry for not replying. Actually I was out of station for last 15 days. The problem with the solution told by The_nerd is that their will be no security if anyone get to know some other persons user_id. what u think about this regards amit |
Here is a small part of an old program that uses cookies to track users. The information is stored in mysql and I simply call the check_user sub every time the user navigates to a new page. I am sure that are better and faster ways, but this works. I have been using Apache::AuthCookie and Apache::AuthCookieDBI lately; I think they are only for mod_perl… but I am not 100% on that.
Code:
|
All times are GMT -5. The time now is 05:00 AM. |