At the end where you have
return FORBIDDEN if ($encrypt_passwd ne $glas_password);
you should have
if ($encrypt_passwd ne $glas_password) {
$r->note_basic_auth_failure;
$r->log_reason("Invalid password", $r->filename);
return AUTH_REQUIRED;
}
Returning FORBIDDEN tells the client that their credentials are valid (ie. they entered a valid username/password combination) but that they aren't allowed to access this resource.
I suggest you take a quick look at the difference between PerlAuthenHandler and PerlAuthzHandler. As I mentioned earlier in this thread, you shouldn't use FORBIDDEN in a PerlAuthenHandler.
I know what you mean about the HTTP spec, I've been meaning to read it thoroughly for the past 6 years, but it's too scary :-) |