Nik has asked for the wisdom of the Perl Monks concerning the following question:

Hello, Iam trying to password protect a script show.pl to be exact but not all of it just specific function in it.

if( param('Αποστολή') )
{
   if ( ($name eq 'delete') or ($name eq 'deletelog') or ($name eq 'dr
+op')) {
      if ($ENV{REMOTE_USER} eq 'Nik') {
         if ($name eq 'delete') {
            $dbh->do( "DELETE FROM guestbook WHERE name=$pray" );
            push @print_later, span( {class=>'lime'},    "Μόλις διαγρά
+ψατε τον χρήστη => " );
            exit 0;
         }
         elsif ($name eq 'deletelog') {
            $dbh->do( 'DELETE FROM guestlog' );
            push @print_later, span( {class=>'tip'},  "Η βάση δεδομένω
+ν με τα logs μόλις διαγράφηκε!" );
            push @print_later, span( {class=>'yellow'},  $pray );
            exit 0;
         }
         elsif ($name eq 'drop') {
            $dbh->do( 'DELETE FROM guestbook' );
            push @print_later, span( {class=>'tip'},  "Όλες οι εγγραφέ
+ς διαγράφηκαν από τη βάση δεδομένων!" );
            exit 0;
         }
      }
      else {
         print header(-status=>'401 Unauthorized', 'WWW-Authenticate'=
+>'Basic realm="Only Nik can do perform that!"');
      }
   }

[download]
They told me to create a location configuration directive on httpd.conf which i did but remove the Require user Nik which i did and in fact when at the form a user gives soemthing as delete a drop the http auth box pops in but i cannot be vbalidatind as user. Any ideas?

Also i had a problem with a header which should have been print befoe any other print statement and so i had to to push every print in an array and print at the end of the script after the header. But i dont like the idea of pushing things to an array very much isnt any other way to pop a http auth box when a requested feature/function of my cgi-script needs to be run fopr example if the user enters a "delete" or "drop" value at my @name variable?

I hope i agve you to understand what iam about to do.

Replies are listed 'Best First'.
Re: Password Protecting specific functions of a Perl Cgi Script
by xorl (Deacon) on Jun 16, 2005 at 13:09 UTC

    I'd avoid using htauth as your username and password are generally transmitted in clear text. Therefore it really isn't secure.

    Better is to have them connect to an encrypted form (using SSL) and submit their login info. Have the script verify the user and set a session cookie.

    They told me to create a location configuration directive on httpd.conf which i did but remove the Require user Nik which i did
    If you really want it limited to the user Nik (which I assume you do judging from the code you provided) and you want to use the htauth method, then their advice was wrong. You need to require user Nik or require valid user.
[reply]
Re: Password Protecting specific functions of a Perl Cgi Script
by kutsu (Priest) on Jun 16, 2005 at 14:09 UTC

    Check out the docs on Apache's Documentation and pay attention to AuthType, AuthName, AuthUserFile, and require (which you should have changed to require valid-user or somesuch, not just remove it entirely). Also if your going to start working with Apache you should check out the Apache Cookbook, Apache The Definitive Guide (both by O'Reilly), or some other book on Apache.

    "Cogito cogito ergo cogito sum - I think that I think, therefore I think that I am." Ambrose Bierce

[reply]
Re: Password Protecting specific functions of a Perl Cgi Script
by techcode (Hermit) on Jun 16, 2005 at 22:43 UTC
[reply]
      If i solved as you said i would be askign here as well, would i? I only solves part of the problem!

      Anyway i cant just put the password protected if in another cgi-cscript because in the when the form is submitted it goes to show.pl and only!
      <bvr> Nice idea though!
[reply]
      A reply falls below the community's threshold of quality. You may see it by logging in.

Back to Seekers of Perl Wisdom