mhearse has asked for the wisdom of the Perl Monks concerning the following question:

Hello,

I need some web development advise. I'd like to secure my family website with username and password authentication. I've used the standard Apache authentication via the .htaccess file. But I'm not thrilled with the popup window approach. I'd like to engrain the login process into a web page. I've set up a page with forms to post the username and password to a server site script. I just don't know where to go from here. I'd be satisfied to authenticate against the htpasswd database. Can someone offer direction?

Thanks.

Replies are listed 'Best First'.
Re: Website login/authentication
by astroboy (Chaplain) on Sep 19, 2004 at 20:13 UTC
    Well, I like CGI::Session. Have a look at the cookbook -- there's a "Members' Area" recipe that you could adapt to your needs.
[reply]
Re: Website login/authentication
by The Mad Hatter (Priest) on Sep 19, 2004 at 20:30 UTC

    You're probably best having a script accept the username and password and then redirecting to the proper URL with the correct Basic authentication headers (filled out with the info passed via CGI). Otherwise, you'll have to set and check cookies.

    If you want to stick with using Apache's htpasswd approach of managing users but don't mind setting/checking cookies throughout the site, then check out Apache::Htpasswd. It'll allow you to check a username/password pair from within a Perl script (such as one called from a form on a webpage).

    There are plenty of other ways to authenticate users as well.

[reply]
Re: Website login/authentication
by bradcathey (Prior) on Sep 19, 2004 at 19:45 UTC

    Super Search! There's tons of stuff re: passwords in the database. Start here with one of the many.

    Update: deleted empty code tags


    —Brad
    "Don't ever take a fence down until you know the reason it was put up." G. K. Chesterton
[reply]
Re: Website login/authentication
by punkish (Priest) on Sep 19, 2004 at 20:39 UTC
    Before venturing further, I personally would be helped more if you clarified...

    I'd like to engrain the login process into a web page

    I will assume you mean you want a web based form where the user can enter the credentials, and then you can do some server-side magic to authenticate. With that assumption...

    This is such a basic web requirement that I would hesitate to offer long advice here. CGI-Session, as mentioned above, is indeed a nice option.

    You can roll your own using Storable to save the password info in a file, use DB_File to save it in a dbm, or use DBI to put the info in a SQL database. You will need some kind of persitence (saving the state) so your user can be remembered by your website. Rolling your own is a good way to learn. However, reading the CGI-Session docs is also advised. The author has created very good documentation, and also has a cookbook style recipe for creating authentication.

    Hope all this starts you in the right direction.

[reply]
Re: Website login/authentication
by mhearse (Chaplain) on Sep 19, 2004 at 22:03 UTC
    Thanks for the help on this. I've got a simple version working using the Apache::htpasswd module. I guess I'll got with that, making it persist with CGI::Session. Work with encryption later.
[reply]
A reply falls below the community's threshold of quality. You may see it by logging in.

Back to Seekers of Perl Wisdom