Easy - you don't. You are dealing with two different levels of protection here: the first is your .htaccess stuff, which you have already set up. The second looks like hard coded values in your CGI script. Basically, any user that has an entry via .htaccess can add to the CSV file, but only one 'uber' user can delete it. That user will most likely have two identies - the first is some entry in the .htaccess file, and the second is 'fishbreath', which is queried from the CGI script, not the .htaccess mechanism. Here is some example code for you to ponder:
The .htaccess will take care of letting users even access the CSV file - the CGI script will take care of letting the 'uber' user delete the CSV file. Good luck! :)use strict; use CGI qw(:standard); my $action = trim(param('ACTION')); my $user = trim(param('name')); my $pass = trim(param('password')); if ($action eq 'DELETE') { if ($user eq 'fishbreath' and $pass eq 'foobazz') { unlink 'path/to/csv.file'; } else { # permission denied! } } else { # do other stuff } sub trim { my $raw = shift; $raw =~ s/^\s*//g; # remove leading space $raw =~ s/\s*$//g; # remove trailing space return $raw; }
jeffa
L-LL-L--L-LL-L--L-LL-L-- -R--R-RR-R--R-RR-R--R-RR B--B--B--B--B--B--B--B-- H---H---H---H---H---H--- (the triplet paradiddle with high-hat)
In reply to (jeffa) Re: CGI Advice
by jeffa
in thread CGI Advice
by chuleto1
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |