in reply to Re: A way to get the User in a variable from htpasswd?
in thread A way to get the User in a variable from htpasswd?

Then you have a problem elsewhere. If you are using the standard BASIC AUTHENTICATION schema of (most) webservers, the two examples given do work.

Perhaps posting your .htaccess, associated script and platform information (OS, server software) might yield some constructive responses.

  • Comment on Re: A way to get the User in a variable from htpasswd?

Replies are listed 'Best First'.
Re: Re: A way to get the User in a variable from htpasswd?
by dchau (Novice) on May 10, 2001 at 22:23 UTC
    .htaccess below......running on redhat 6.2 . apache. 
    AuthUserFile .htpasswd 
AuthGroupFile /dev/null
AuthName "Site"
AuthType Basic

#<Limit GET POST>
<Limit GET>

using in script

    [download]
    #!/usr/bin/perl -Tw

$| = 1;

use CGI qw(param);
use strict;

my $file = param("file");
my @file_name = split(/\\/,$file);
my $file_name = pop(@file_name);
my $max_file_size = 2000000;
my $base_dir = "/home/ducc/";
my $out_file = $base_dir . $file_name;
my $log_file = $base_dir . "upload.log";
my ($total_bytes_read, $ip_log, $time_log);
my $username = $ENV{REMOTE_USER};

print "Content-type: text/html\n\n";
open (OUT, ">$out_file") || die "Can't open: $!";
open (LOG, ">>$log_file");
  while (my $bytes_read = read($file, my $buffer, 1024)){
    $total_bytes_read += $bytes_read;
    $ip_log = $ENV{'REMOTE_ADDR'};
    $time_log = scalar localtime;
      if ($bytes_read > $max_file_size){
        print "ERROR: The file you tried to upload is will not be uplo
+aded<br>";
        print "Your file is: $bytes_read bytes<br>";
        print "The max file size you can upload is $max_file_size byte
+s<br>";
        close (OUT);
        unlink ($out_file);
        print LOG "ERROR: At $time_log $username tried to upload $out_
+file that was $bytes_read bytes from $ip_log\n";
        die "$time_log: $ip_log tried to upload a file > $max_file_siz
+e";
      }else{
        print OUT "$buffer";
        print LOG "At $time_log $username uploaded $out_file that was 
+$bytes_read bytes from $ip_log\n";
      }
  }
close (OUT) || die "Can't close: $!";
close (LOG);

print "$username has completed uploading $file_name: $total_bytes_read
+ bytes<br>";
print "Done...";

    [download]
    code above still needs a lot of security checking </code>
[reply]
[d/l]
[select]
      1. Don't use <limit GET POST>. Stop limiting the limits!
      2. I don't see all of your .htaccess. Do you have anything that actually requires authentication, like require valid-user?
      3. Are you sure your .htaccess is being read (make a syntax error and you should get error 500: that's the quickest test)?
      4. Are you sure the .htaccess file applies to the CGI area and not just the text files?

      -- Randal L. Schwartz, Perl hacker

[reply]
[d/l]
        I was having a similar problem, and traced it to merlyn's #4 above.

        Turns out my apache was only set up to allow .htacces on certian directories, not including /cgi-bin/ once that was changed everything worked.

        Thanks Randal! :)
[reply]
      I think you want to add a line to your .htaccess, specifically require valid-user (or a list of which users you want to allow, require user fred marcy judy).

      I don't think the REMOTE_USER actually gets set if you don't have this.

[reply]
[d/l]
[select]
[reply]
[d/l]
    A reply falls below the community's threshold of quality. You may see it by logging in.

In Section Seekers of Perl Wisdom