Ok this is how I did it. Note I'm very new to perl programming so this probably isn't the best way.
Assuming you have authenticated the user (from a database or text file or where-ever), and $user is the user's id
use MD5 ;
my $md5 = new MD5 ;
$md5->reset ;
my $yday = (localtime)[7];
# create certificate / session id
my $certif = $user . $yday . "do4k.g0" . $ENV{'HTTP_USER_AGENT'} .
+$ENV{'REMOTE_ADDR'} ;
# encrypt certificate
$md5->add($certif);
my $enc_cert = $md5->hexdigest() ;
# set cookie
print "Set-Cookie: SESSION=$enc_cert; path=/\n" ;
print "Set-Cookie: NAME=$user; path=/\n" ;
# and continue
print "Content-type: text/html\n\n" ;
print "Your logged In!" ;
Then everytime the script is called get the certificate out the cookie and recreate a certificate and compare the two.
# $session and $user came from cookie
use MD5 ;
my $md5 = new MD5 ;
$md5->reset ;
#create ceritficate
my $yday = (localtime)[7];
my $certif = $username . $yday . do4k.g0 . $ENV{'HTTP_USER_AGENT'} .
+ $ENV{'REMOTE_ADDR'} ;
# encrypt Certificate
$md5->add($certif);
my $enc_cert = $md5->hexdigest() ;
#compare
if($enc_cert eq $session) {
# we're logged in - run script ;
} else {
# we're not logged in - disp error msg
}
And a logout can simply be done with a
print<<"END" ;
Set-Cookie: SESSION=; path=\
Set-Cookie: NAME=; path=\
Content-type: text/html
Your logged out now
END
It would probably be wise to set expiration times for the cookies. Using the $yday means each certificate will expire at midnight which could be a problem.
Anyway I hope this helps
Nomis52 |