Capturing a secure login and sending it two s different cgi script

mnlight has asked for the wisdom of the Perl Monks concerning the following question:

Ok I have to say this has been the most educational experience I have ever had when it come to learning programming. Thank you for the help!!

Anyway it was suggested to me that I use HTTP authentication to identify my users. so I got it figured out and set it up and it appears to be working very well. It is doing exactly what I need but my problem is I don't fully understand how to capture the login and then pass it to a second cgi script What I have done so far is this.

#!/usr/bin/perl -w
#Volunteer.pl - Sign up sheet for Volunteers

use strict;
use DBI;
use CGI qw('standard');
use CGI::Pretty;
use CGI::Cookie;

my $query = CGI::Pretty->new;

#my $query = CGI::new;
my ($dbh, $sth,$cookie,$sess_id);
my @val= ();
$cookie=$query->cookie(-name=>'user',
-value=>$sess_id,
-path=>'cgi-bin/Signup.pl',
-expires=>'+3h');

print header(-cookie=>$cookie), start_html ("Volunteer SignUp Form");
[download]

In the second script I am passing the login to I have coded this

#!/usr/bin/perl -w
#Volunteer.pl - Insert Volunteers into database.

use strict;
use DBI;
use CGI qw(:standard);
my $query = CGI::new();
my ($dbh, $sth, $count);
my $name  = $query->param("name");
my $date  = $query->param("date");
my $number= $query->param("number");
my $parent= $query->param("parent");
my $user= $query->param("user");
[download]

I am thinking that $user will then be the user logged in.

Edit ar0n -- added code tags

Comment on Capturing a secure login and sending it two s different cgi script Select or Download Code

Replies are listed 'Best First'.
Re: Capturing a secure login and sending it two s different cgi script by japh (Friar) on Dec 22, 2001 at 14:19 UTC
If your server is doing HTTP authentication for you (eg apache's .htaccess/.htpasswd) then the username of the authenticated user is available as `$ENV{'REMOTE_USER'}` or `$cgi->remote_user()`. note: in your code it'd be `$query->remote_user()`.	[reply] [d/l] [select]
Re: Re: Capturing a secure login and sending it two s different cgi script by mnlight (Scribe) on Dec 22, 2001 at 20:30 UTC
When you say "note: in your code it'd be $query->remote_user()." does that mean in the first script that captures the login or the one it is being passed to. I'm guessing the first, and the second recieves it as a parm.	[reply]
Re: Re: Re: Capturing a secure login and sending it two s different cgi script by japh (Friar) on Dec 23, 2001 at 00:38 UTC
I was pointing out a naming convention difference. An instance of the CGI module is often named `$cgi` while `$query` is often a SQL statement about to be fed to a DBI handle (eg `$sth`). If your web server is doing HTTP auth, neither of your scripts needs to ship username information to the other; your server ships it to both of them. If you have `use CGI; my $cgi = new CGI;` in both scripts, and your server is causing pop-up login/password boxes to allow or reject users from running the scripts, then both scripts can obtain the username of this user by referencing `$cgi->remote_user()` or `$ENV{'REMOTE_USER'}`. If your scripts need to track more information than username then cookies or server-side storage (SQL tables keyed on username) are where you'd stuff it. Please ignore another recent thread where additional data is obfuscated and passed to the browser then back to the server via hidden form fields :)	[reply] [d/l] [select]