Re: ** MULTIPLE LOGIN AUTHENTICATION WITH PERL BASED ON ACCESS PERMISSION.

I think that you are thinking about this in a way that is more confusing and less natural than a basic authentication scheme needs to be. Using the method that you outline, you would need to:

check username against a file
send user to appropriate login page
authenticate user
send user to appropriate page if success
bail if not

You probably want to be storing username, a crypted password and permissions in the same file. This way you can:

authenticate user
send user to page based upon permissions if success
bail if not

This method is a much closer idiom to the tried and (fairly) true basic method of user authentication on *NIX. If you want to take it a bit further, set up a global sattelite network and implement Rabins' bounded storage model :)

The following code will hopefully give you enough pointers to up-jump your boogie and learn a bit about authentication schemes. Wrapping this into your CGI program is left as an exercise. Happy trails.

#!/usr/bin/perl -w
use strict;
$|++;

#---------------------------------------------------------------------
+---------
# Basic Auth and entitlement function set.  Read perldoc -f crypt for 
+a tad
# more information on crypt and salt (contains a nice function for ran
+dom
# salt).  Then go on and read many more tomes to get a tad more inform
+ation :)
#---------------------------------------------------------------------
+---------

my ( $username, $passwd ) = @ARGV;
if ( my $permissions = &check_passwd( $username, $passwd ) ) {
  print "$username is $permissions\n";
} else {
 print "authentication failed\n";
}

##
# check_passwd( $username, $password );
#
# returns group or permissions or whatever you have in the third colum
+n of your
# passwd file if username and password match
#
sub check_passwd ($$) {
  my ($input_username, $input_passwd) = @_;
  while (<DATA>) {
    my ($username, $crypted_passwd, $permissions)  = split ':';
    next unless $input_username eq $username;
    my $crypted_input_passwd = crypt($input_passwd, $crypted_passwd);
    if ( $crypted_input_passwd eq $crypted_passwd ) {
      chomp( $permissions );
      return $permissions;
    }
  }
  return;
}


##
# DATA file description and data (with unencrypted passwords, for test
+ing)
#
# username:passwd:permissions
# nob:bob:god
# rim:tim:angel
# hal:kal:devil
##

__DATA__
nob:a1ni5aPmumc2E:god
rim:jZR4taPdoUdwA:angel
hal:0ZYFuJV/xWRvc:devil
[download]

Comment on Re: ** MULTIPLE LOGIN AUTHENTICATION WITH PERL BASED ON ACCESS PERMISSION. Download Code