Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories

PERL http authentication

sharpesharpe Member Posts: 21
Hi,

I need to make a perl script (not cgi) that checks via form based authentication, if a user name and/or password are valid. I have been messing about with it for some time but seem to run into problems. Can anyone give me a little help!?

Thanks in advance.

Comments

  • mdw1982mdw1982 Member Posts: 124
    : Hi,
    :
    : I need to make a perl script (not cgi) that checks via form based authentication, if a user name and/or password are valid. I have been messing about with it for some time but seem to run into problems. Can anyone give me a little help!?
    :
    : Thanks in advance.
    :

    Is this database driven? How are you storing the username/password information that you're checking the input against? Or, are you storing the information enrypted in a file on disk somewhere?

    Mark
  • JonathanJonathan Member Posts: 2,914
    : Hi,
    :
    : I need to make a perl script (not cgi) that checks via form based
    : authentication, if a user name and/or password are valid. I have
    : been messing about with it for some time but seem to run into
    : problems. Can anyone give me a little help!?
    If it's form based authentication then you are dealing with data passed to the script via the web server, so you kinda need to write a CGI script in Perl to do this! :-)

    What have you got so far? You could put a list of passwords and usernames in a file, like:-

    testuser|testpass
    test2|pass2

    The write code like this:-

    [code]
    #Do form parsing, and store username and password sent in
    #$username and $password here...

    my $auth = 0;
    open FILE, ") {
    chop;
    my ($chkuesr, $chkpass) = split(/|/);
    $auth = 1 if ($chkuser eq $username && $chkpass eq $password);
    }
    close FILE;

    if ($auth) {
    #Logged in.
    } else {
    #Not logged in.
    }
    [/code]

    But that needs some tidying up and stuff. Plus it stores the passwords in plain text, which isn't great. You'd maybe want to look into the crypt() function. But this gives you a start.

    Jonathan







    -------------------------------------------
    Count your downloads:
    http://www.downloadcounter.com/
    And host your site:
    http://www.incrahost.com/
    Don't say I never give you anything... ;-)

  • sharpesharpe Member Posts: 21
    Hi,

    This is is the request method that i wish to build basic HTTP authentication into:


    sub do_request($$)
    {
    my ($request, $host, $socket, $data);
    my %HEADERS;

    $request = shift();
    $host = shift();
    $socket = IO::Socket::INET->new(PeerAddr => $host,
    PeerPort => "http(80)",
    Proto => "tcp") || die($!);
    print($socket "GET $request HTTP/1.0
    Host: $host
    WWW-Authenticate: Basic realm="user:passwd"


    ");
    while ($data = <$socket>)
    {
    chomp($data);
    if ($data =~ /^HTTP/1.ds(d{3})/) {
    $HEADERS{_rc} = $1;
    } elsif ($data =~ /^([a-z0-9_-]+):s*(.*)/i) {
    $HEADERS{$1} = $2;
    } else {
    last();
    }
    }
    shutdown($socket, 2);
    return %HEADERS;
    }

    The line with 'WWW-Authenticate: Basic realm="WallyWorld"' is what i am refering to.

    Thanks!
  • JonathanJonathan Member Posts: 2,914
    Hey,

    : This is is the request method that i wish to build basic HTTP
    : authentication into:
    :
    : ....pretty well written Perl ;-)....
    :
    : The line with 'WWW-Authenticate: Basic realm="WallyWorld"' is what i
    : am refering to.
    The RFC that describes this can be found here:-
    http://www.ietf.org/rfc/rfc2617.txt

    From what I can see that line that you have is what the server sends to you when it wants authorization. You need to send the username and password. If only it were that simple.

    From the spec:-
    [blue]To receive authorization, the client sends the userid and password, separated by a single colon (":") character, within a base64 encoded string in the credentials.[/blue]

    So to construct what we need to send, we might do something like this:-

    [code]use MIME::Base64;

    #These hold the details we want to use...
    my $userid = "Aladdin";
    my $password "open sesame";

    #Assemble base64 encoded stuff as needed.
    my $authdata = $userid . ':' . $password;
    my $enc_authdata = encode_base64($authdata);

    #Print the header.
    print "Authorization: Basic $enc_authdata
    ";
    [/code]

    Note - that is totally untested but it's my best guess at what you want to be doing. More details on base64 can be found here:-
    http://search.cpan.org/author/JHI/perl-5.8.0/ext/MIME/Base64/Base64.pm

    Isn't it scary how the spec uses "Aladdin" and "open sesame" and the Base64 docs use exactly the same?

    Hope this helps,

    Jonathan

    ###
    # Example Of Perl 6 Syntax.
    push @will, my Power $button;
    my $hardware is Useless but Valuable;
    do ($nothing) while $i.work and print $stuff;
    push (@will, my Off $button) and die "with me";

Sign In or Register to comment.