![[ Home ]](/icons/headerbar_home.gif){kind=icon}
![[ Support ]](/icons/headerbar_support.gif){kind=icon}
![[ Documentation ]](/icons/headerbar_doc.gif){kind=icon}
![[ Systems ]](/icons/headerbar_systems.gif){kind=icon}
|
|
|
|
|
|
use HTTPD::Authen ();
Currently, under HTTP/1.0 the only supported authentication mechanism is Basic Authentication. NCSA Mosaic and NCSA HTTPd understand the proposed Message Digest Authentication, which should make it into the HTTP spec someday. This module supports both.
new() object constructor is a reference to an
HTTPD::UserAdmin, the attributes are inherited.
The following attributes are recognized from HTTPD::UserAdmin:
DBType, DB, Server, Path, DBMF, Encrypt
And if you wish to query an SQL server: Host, User, Auth, Driver, UserTable, NameField, PasswordField
The same defaults are assumed for these attributes, as in HTTPD::UserAdmin. See HTTPD::UserAdmin for details.
$authen = new HTTPD::Authen (DB => "www-users");
=head2 basic()
Short-cut to return an HTTPD::Authen::Basic object.
$basic = $authen->basic;
$digest = $authen->digest;
By using this method, it is simple to authenticate a user without even knowing what scheme is being used:
$authtype = HTTPD::Authen->type($authinfo);
@info = $authtype->parse($authinfo)
if( $authtype->check(@info) ) {
#response 200 OK, etc.
}
$hashref should be an HTTPD::Authen object, it must be present
when looking up users. Optionally, you can pass the attribute USER with the value of an HTTPD::UserAdmin object.
Normally, this method is not called directly, but rather by HTTPD::Authen->basic method.
'Basic ZG91Z206anN0NG1l'
This string will be parsed and decoded, returning the username and password. Note that the MIME::Base64 module is required for decoding.
($username,$password) = HTTPD::Authen::Basic->parse($authinfo)
#or, assuming $authen is an HTTPD::Authen object
($username,$password) = $authen->basic->parse($authinfo)
#or check the info at the same time
$OK = $authen->check($authen->basic->parse($authinfo))
*clear text* password as
arguments. Returns true if the username was found, and passwords match,
otherwise returns false.
if($authen->check("JoeUser", "his_clear_text_password")) {
print "Well, the passwords match at least\n";
}
else {
print "Password mismatch! Intruder alert! Intruder alert!\n";
}
$hashref should be an HTTPD::Authen object. Normally, this
method is not called directly, but rather by HTTPD::Authen->digest
method.
Digest username="JoeUser", realm="SomePlace", nonce="826407380", uri="/test/blah.html", response="0306f29f88690fb9203451556c376ae9", opaque="5e09061a062a271c8fcc686c5be90c2a"
This method returns a hash ref containing all Name = Value pairs from the header.
$mda = HTTPD::Authen::Digest->parse($authinfo);
#or, assuming $authen is an HTTPD::Authen object
$mda = $authen->digest->parse($authinfo)
#or check the info at the same time
$OK = $authen->check($authen->digest->parse($authinfo))
If $request is present, it must be a hashref or an HTTP::Request method. From here, we fetch the request uri and request method. Otherwise,
we default to the value of 'uri' present in $hashref, and 'GET' for the
method.
If $seconds is present, the value of 'nonce' will be checked,
returning false if it is stale.
If $client_ip is present, the value of the 'opaque' string
will be checked, returning false if the string is not valid.
This implementation is based on the Digest Access Authentication internet-draft http://hopf.math.nwu.edu/digestauth/draft.rfc and NCSA's implementation http://hoohoo.ncsa.uiuc.edu/docs/howto/md5_auth.html
Copyright (c) 1996, Doug MacEachern, OSF Research Institute
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.