You've got it - both. :)
Re 1) Everything CGI is always in response to an http request, so in that sense it's user initiated (unless the page is being spidered by a bot or whatever, but you get the point). It doesn't make any difference to the script itself whether it gets its parameters from a form, or from a URL with extra stuff on the end (or maybe it doesn't take any parameters at all...)
Re 2) It's certainly normal practise to put code that you'll need in more than one script inside a module. That's pretty much what modules are for. You can use fork() and so on to go out to other scripts, but it's not a great idea - apart from anything it's pretty slow. If you need to start something running but you don't want to wait for it to finish before sending the page back to the user, then personally I'm a fan of Apache's callback system, which lets you run some more code after the page has been sent back to the user.
So anyway, yes, it seems to me that by far the better plan is to put the credentials-checking code in a separate module. Then you can call it from anywhere you like.
One approach to credentials-checking (and there are others) is to do an initial username/password login, then place a cookie in the user's browser that keeps them logged in for that session (the cookie should not contain the password - usually it's an MD5 hash or something like that).
The book 'Writing Apache modules with Perl and C' has lots of useful stuff on this kind of thing. Obviously it's more relevant to Apache than to other web servers. <grin>
One approach that can be used is to put the credentials-checking stuff in the Authentication/Authorization stages of the Apache request cycle. This is good because:
There's more info about how to do that, and some great examples, here (a chapter from the book named above). The basic example looks like this:
(by Lincoln Stein and Doug MacEachern)Listing 6.1: Simple access control package Apache::GateKeeper; # file: Apache/GateKeeper.pm use strict; use Apache::Constants qw(:common); sub handler { my $r = shift; my $gate = $r->dir_config("Gate"); return DECLINED unless defined $gate; return OK if lc $gate eq 'open'; if (lc $gate eq 'closed') { $r->log_reason("Access forbidden unless the gate is open", $r +->filename); return FORBIDDEN; } $r->log_error($r->uri, ": Invalid value for Gate ($gate)"); return SERVER_ERROR; } 1; __END__ The .htaccess file that goes with it PerlAccessHandler Apache::GateKeeper PerlSetVar Gate closed
So in the real world you might first check whether the URL is one to which you want to control access (if it isn't then return DECLINED), check whether the user has the right credentials, if they do then return OK else return FORBIDDEN.
HTH!
Best wishes, andye
In reply to Re^3: How to call perl CGI script from another perl CGI script
by andye
in thread How to call perl CGI script from another perl CGI script
by Calm
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |