Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Login and htaccess

by jacobb20 (Novice)
on Apr 25, 2006 at 20:43 UTC ( #545639=perlquestion: print w/ replies, xml ) Need Help??
jacobb20 has asked for the wisdom of the Perl Monks concerning the following question:

Does anybody know if you can use perl to pass the username and password to apache to satisfy htaccess without the browser prompting for it?

The reason I need to do this is because the site I'm working on was set up with no htaccess file for the root. Then there are large numbers of directories off the root (domain.com/directory1/) that uses htaccess to protect them. The clients need to remember the domain.com/direcory1/ address to access their information and supply the user/password for htacess. The company would like to create a universal login at the root, where the client would supply a username and password in a html form. They would be authenticated (not using htaccess) and redirected to their correct directory. However, once redirected they would be prompted again for their username and password by htacess. Is there a way around this besides deleting/modifying the htacess files?

Thanks, Jake

Comment on Login and htaccess
Re: Login and htaccess
by ikegami (Pope) on Apr 25, 2006 at 20:54 UTC

    Have you tried redirecting to

    http://userid:passwd@www.example.com/dir/file.html

    I'm not sure if that still works.

      Just tried it...didn't seem to work.

      Get a Page cannot be displayed

        Must you use Basic authentication? The standard alternative is to create a session in the first page and return the session id to the client (via cookies, url param or hidden form fields). Scripts in the protected directory must check if the session id is valid. If you're trying to protect static files, you'll need a custom mod_perl auth/autz handler or similar.

        I think CGI::Session is the module normally used for this.

      You should know that, in this article, Microsoft explain that they have deliberately withdrawn support for this URL syntax from their Internet Explorer browsers.

      Personally I am baffled as to why Microsoft made this decision as support for it does not make any site more or less secure.

        It's use for protection against spoofing. People would email URLs such as
        http://www.ebay.com@3478348818/verify.cgi?id=827439327432
        in phishing emails. It looks like some URL at www.ebay.com, but it really contacted 209.197.123.153*. These URLs could fool even the trained eye, if it wasn't too careful.

        It seems they also prevent http://3478348818/ and other uncommon forms from working now.

        * – Keep in mind that 3478348818 == ((209*255+197)*255+123)*255+153.

Re: Login and htaccess
by ioannis (Priest) on Apr 26, 2006 at 03:04 UTC
    The LWP::UserAgent module will follow up to 7 redirects (by default) and you could set it for Basic Authendication with $ua->credentials .

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://545639]
Approved by chargrill
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (8)
As of 2014-08-30 02:37 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (291 votes), past polls