Re: Capturing a secure login and sending it two s different cgi script

If your server is doing HTTP authentication for you (eg apache's .htaccess/.htpasswd) then the username of the authenticated user is available as $ENV{'REMOTE_USER'} or $cgi->remote_user().

note: in your code it'd be $query->remote_user().

Comment on Re: Capturing a secure login and sending it two s different cgi script Select or Download Code

Replies are listed 'Best First'.
Re: Re: Capturing a secure login and sending it two s different cgi script by mnlight (Scribe) on Dec 22, 2001 at 20:30 UTC
When you say "note: in your code it'd be $query->remote_user()." does that mean in the first script that captures the login or the one it is being passed to. I'm guessing the first, and the second recieves it as a parm.	[reply]
Re: Re: Re: Capturing a secure login and sending it two s different cgi script by japh (Friar) on Dec 23, 2001 at 00:38 UTC
I was pointing out a naming convention difference. An instance of the CGI module is often named `$cgi` while `$query` is often a SQL statement about to be fed to a DBI handle (eg `$sth`). If your web server is doing HTTP auth, neither of your scripts needs to ship username information to the other; your server ships it to both of them. If you have `use CGI; my $cgi = new CGI;` in both scripts, and your server is causing pop-up login/password boxes to allow or reject users from running the scripts, then both scripts can obtain the username of this user by referencing `$cgi->remote_user()` or `$ENV{'REMOTE_USER'}`. If your scripts need to track more information than username then cookies or server-side storage (SQL tables keyed on username) are where you'd stuff it. Please ignore another recent thread where additional data is obfuscated and passed to the browser then back to the server via hidden form fields :)	[reply] [d/l] [select]