#!/usr/bin/perl -w

print "Content-type: text/html\n\n<html><body>";
foreach (keys %ENV){
  print "$_ -> $ENV{$_}<br>\n";
}
print "</body></html>";
[download]

If you've built your own server out of something like HTTP::Daemon, you can get a request object and grab the Authorization header to parse it yourself:

my $r = $daemon->get_request();
my ($username, $password) = split(/:/, $r->header('Authorization'), 2)
+;
[download]

Update:

Yeah, that did say 'REQUEST_USER' before. Sorry, I merged the right line with the description of 'REQUEST_METHOD' as I read it.

Are you aware of an existing HTTP::Daemon-side implementation of Digest authentication?

    my $user = $r->connection->user;
[download]

If you use Apache's built-in authentication modules, you can be relatively certain the password was given correctly, so there's probably no need to check it a second time in your script.

It also seems like you should be able to implement something in mod_perl to obtain the password, but I haven't looked into it enough to know.

If you really need the password, there is a way you can get it, but not from the CGI script itself. You can use mod_auth_external to do your authentications

Actually, I only need apache to ask for the username and password, and then do the authentication on the CGI script. I don't need apache to check for the password..

If you are using mod_perl, try this:

$username = $r->connection->user
my($ret, $password) = $r->get_basic_auth_pw;
[download]

The $username will be the username entered when challenged, $ret will be either OK, DECLINED, SERVER_ERROR, or AUTH_REQUIRED, and $password will be the plain text password entered at the challenge. These must be used with Basic authorization type.

J. J. Horner
Linux, Perl, Apache, Stronghold, Unix
jhorner@knoxlug.org http://www.knoxlug.org/

If you are using mod_perl, try this:

The server is running mod_perl (I can see "mod_perl" on the "server" part of the http responses), I tryed this:

#!/usr/bin/perl
print "Content type: text/html\n\n";
$username = $r->connection->user;
my($ret, $password) = $r->get_basic_auth_pw;
print $password;
[download]

And I get an "Internal Server Error". Do I have to use some library or something on the script?

Thanks!

Yes, you'll need to get the $r object, which you don't have in your script. $r is the Apache request record.

You should set up your script as an Apache::Registry script. Then you can get $r like this:

    my $r = Apache->request;
[download]

To set the script up as Apache::Registry, add something like this to httpd.conf:

    <Location /perl>
    SetHandler perl-script
    PerlHandler Apache::Registry
    Options +ExecCGI
    </Location>
[download]

This sets up the perl subroutine under the document root to run under Apache::Registry. So put your script there.

Or, if you set up a mod_perl handler, your handler subroutine will be passed $r.

For example, you might set up a handler thusly in your httpd.conf:

    <Location /foo>
    SetHandler perl-script
    PerlHandler My::Foo
    </Location>
[download]

And then in My::Foo:

    package My::Foo;
    use strict;

    sub handler {
        my $r = shift;
        my $user = $r->connection->user;
        my($ret, $password) = $r->get_basic_auth_pw;

        $r->send_http_header;
        $r->print($user);
        $r->print($password);
    }

    1;
[download]

I'd recommend trying the first approach.

While btrott's answer was right, I thought I would send you to a real world example here.

J. J. Horner
Linux, Perl, Apache, Stronghold, Unix
jhorner@knoxlug.org http://www.knoxlug.org/