scisuk has asked for the wisdom of the Perl Monks concerning the following question:

Hi,

I have a .htaccess file which directs to a password file to let users login.

I have a perl script to write to this password file which allows users to be added/deleted.

I would like to log how many times users login etc - whichever way - i.e text file etc.

Please could anyone offer assistance.

Replies are listed 'Best First'.
Re: Logging logins!
by Beatnik (Parson) on May 20, 2002 at 11:53 UTC
    One way would be to write a mod_perl auth handler...
    Warning: Untestest code, but looks ok :)
    package Apache::LogAuth;
use strict;
use Apache::Constants qw(:common);

sub handler {
  my $r = shift;
  my ($res, $sent_pw) = $r->get_basic_auth_pw;
  return $res if $res != OK;
  my $user = $r->connection->user;
  unless ($user && $sent_pw)
  { return AUTH_REQUIRED; }
  open(SOMELOG,">>somelogfile") || return DECLINED;
  print SOMELOG $user,"\n";
  close(SOMELOG);
  return OK;
}
1;

    [download]
    Ofcourse you can use $r->log->debug. The Apache config file should then contain something like 
    <LOCATION />
  AuthName Restricted
  AuthType Basic
  PerlAuthenHandler  Apache::LogAuth
  require valid-user
</LOCATION>

    [download]
    Another option is to just log $ENV{REMOTE_USER} with a script... but that doesn't specifically cover logins :)
    Update: This is a mod_perl solution! If you don't have a clue about this, just forget it

    Greetz
    Beatnik
    ... Quidquid perl dictum sit, altum viditur.
[reply]
[d/l]
[select]
      Thanks,

      I see what you are saying - as I have not used mod_perl before can I bee dense and ask how I would implement that on the server?

      the .htaccess file is located as follows:

      http://www.domain.ext/secure/.htaccess

      and the admint script/password file are as follows:

      http://www.domain.ext/cgi-bin/admin.pl
      and
      http://www.domain.ext/cgi-bin/.htpasswd

      Would the mod_perl sit in the secure directory?
[reply]
        mod_perl is an Apache/Perl integration module. You usually consult the webserver admin about using it. I wouldn't recommend installing it (even if you had rights) if you don't know what you're doing :) Go for a less complex method of doing what you want. If you feel comfortable with perl, look into mod_perl and give this a try.
        Anyway, if the admin asks, the settings defined above go in the apache config file (like httpd.conf) and the module goes in the Apache subdir in your Perl directory (I don't mean cgi-bin !). I do assume your admin has a clue and you have a VERY good reason to do this :)

        Greetz
        Beatnik
        ... Quidquid perl dictum sit, altum viditur.
[reply]
(wil) Re: Logging logins!
by wil (Priest) on May 20, 2002 at 12:33 UTC
    The default format for an Apache access_log contains the userid of the person loggin into an area where authentication is required.

    You could setup your own customized access_log using the CustomLog, AccessLog and LogFormat directives which would only list userid and access code so you can log successful and failed logins. Check out the Apache website for more information about this.

    If you decide to do this, then you might find the module File::Tail useful for reading from your continously updated access_log files.

    A note to remember about this is that it will list every page the user has requested in your access_log. You will need to keep this in mind when extracting usernames from your logs. You will only need the first instance of each login which can become quite tricky if the same person logs in twice in a row.

    - wil
[reply]

Back to Seekers of Perl Wisdom