talexb has asked for the wisdom of the Perl Monks concerning the following question:

Recently I wanted to change the LOGIN method from GET to POST so that the login credntials are hidden. I'm using Apache::AuthCookie (2.39) and Apache::AuthCookieDBI (1.19) for authentication.

Unfortunately, this produced the undesired and unexpected result of a Perl syntax failure in AuthCookie.pm. Here's the top part of the file: 

package Apache::AuthCookie;

use strict;

use Carp;
use mod_perl qw(1.07 StackedHandlers MethodHandlers Authen Authz);
use Apache qw(unescape_url_info);   #  XXX New
use Apache::Const qw(:common M_GET FORBIDDEN REDIRECT);
use Apache::AuthCookie::Util;
use Apache::Util qw(escape_uri);
use vars qw($VERSION);

# $Id: AuthCookie.pm,v 2.39 2002/09/25 16:44:31 mschout Exp $
$VERSION = '3.04';

sub recognize_user ($$) {
  my ($self, $r) = @_;
  my $debug = $r->dir_config("AuthCookieDebug") || 0;
  my ($auth_type, $auth_name) = ($r->auth_type, $r->auth_name);
  return unless $auth_type && $auth_name;
  return unless $r->header_in('Cookie');

  my ($cookie) = 
    $r->header_in('Cookie') =~ /${auth_type}_${auth_name}=([^;]+)/;
  $r->log_error(
    "cookie ${auth_type}_${auth_name} is $cookie") if $debug >= 2;

  return unless $cookie;

  my ($user,@args) = $auth_type->authen_ses_key($r, $cookie);
  if ($user and scalar @args == 0) {
    $r->log_error("user is $user") if $debug >= 2;
    $r->user($user);
  } elsif (scalar @args > 0 and $auth_type->can('custom_errors')) {
    return $auth_type->custom_errors($r, $user, @args);
  }

  return OK;
}

# convert current request to GET
sub _convert_to_get {
    my ($self, $r, $args) = @_;

    return unless $r->method eq 'POST';

    my $debug = $r->dir_config("AuthCookieDebug") || 0;

    $r->log_error("Converting POST -> GET") if $debug >= 2;

    my @pairs =();
    while (my ($name, $value) = each %$args) {
      # we dont want to copy login data, only extra data
      next if $name eq 'destination'
           or $name =~ /^credential_\d+$/;

      $value = '' unless defined $value;
      push @pairs, escape_uri($name) . '=' . escape_uri($value);

[download]
It's on that last line that the error (Undefined subroutine &Apache::AuthCookie::escape_uri called at /usr/lib/perl5/site_perl/5.8.0/Apache/AuthCookie.pm line 55) is popping up (because I've tried using a POST method), but I don't understand how Perl could think that escape_uri might be a local routine when it's declared above as coming from Apache::Util. Can someone explain that to me?

I've also asked about the error on #apache and been roundly ignored -- that's OK, IRC (freenode.net, in this case) can be a hit-or-miss proposition anyway.

Alex / talexb / Toronto

"Groklaw is the open-source mentality applied to legal research" ~ Linus Torvalds

Update: Thanks to jeffa and others for good suggestions .. once I put Apache::Util in front of the escape_uri call I got a different error from another part of the code, which a little hacking has not solved. So for now I'll abandon the plan to use POST instead of GET.

Replies are listed 'Best First'.
Re: Wondering why Perl thinks escape_uri is undefined
by Velaki (Chaplain) on Aug 28, 2006 at 18:40 UTC

    Have you tried testing your code by explicitly calling the method? 

    push @pairs, Auth::Util::escape_uri($name)
     . '=' . Auth::Util::escape_uri($value);

    [download]

    Sounds like a namespace issue or a library issue.

    Hope this helped,
    -v.

    "Perl. There is no substitute."
[reply]
[d/l]
Re: Wondering why Perl thinks escape_uri is undefined
by zshzn (Hermit) on Aug 28, 2006 at 18:41 UTC
    Why not try this for a quick fix: 

    push @pairs, Apache::Util::escape_uri($name) . '=' . Apache::Util::esc
+ape_uri($value);

    [download]
[reply]
[d/l]

Back to Seekers of Perl Wisdom