Re: CGI.pm Authentication

I don't know if you can do this w/ CGI.pm, actually. You'd need to set up the authentication in your webserver configs or in .htaccess. Then your script would only actually receive the request if the user is authenticated properly.

In which case you can get the username out of the REMOTE_USER environment variable, but you won't be able to get the password unless you're using mod_perl.

In any case, you should take a look at this older thread: Getting username and password from the URL.

Comment on Re: CGI.pm Authentication

Replies are listed 'Best First'.
RE: Re: CGI.pm Authentication by le (Friar) on Jun 17, 2000 at 01:18 UTC
Thanks for the link, this is a starting point. Yes, I'm using mod_perl. The reason I asked this is that I have a PHP application that authenticates via a MySQL database (a table with usernames and encrypted passwords). PHP does pretty good WWW Authentication, you can get at the supplied parameters via $PHP_AUTH_USER and $PHP_AUTH_PW (after sending a 401 header). I already tried to use Apache::AuthDBI, but the problem is that the passwords in the database are MySQL-encrypted, and Apache::AuthDBI prefers plain text or crypt(8) passwords. Bad luck. But with that Apache->request stuff I think it can be done. I'll give it a try.	[reply]
RE: RE: Re: CGI.pm Authentication by httptech (Chaplain) on Jun 17, 2000 at 03:29 UTC
Why not use mod_auth_mysql? You can then use MySQL-encrypted passwords with no problem. Note that there are some quirks in mod_auth_mysql, one of which is that the Auth_MySQL_Empty_Passwords directive does the opposite of what it's supposed to. Another quirk is that usernames are compared case-insensitively. I've hacked my copy of mod_auth_mysql so that it fixes these problems (and actually adds case-insensitivity as a feature). Let me know if you want it. These things may not affect you of course, so you may not need my version.	[reply]