Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

An Unnofficial Patch to CGI::Session::Auth::DBI...

by monsieur_champs (Curate)
on Oct 06, 2004 at 22:14 UTC ( #397176=perlnews: print w/replies, xml ) Need Help??

Fellows
a few weeks ago I've patched CGI::Session::Auth::DBI so it fits better on my own needs. I've created a ticket about this to Mr. Jochen Lillich, the current maintainer of this module.

I guess that posting this here makes this an unofficial patch to CGI::Session::Auth::DBI, and I do this in hope that it helps somebody. I just though that this could be useful to others as it is for me.

Comments and patches to this patch are all welcome. :-)

--- CGI/Session/Auth/DBI.pm Wed Sep 29 10:43:38 2004 +++ /usr/local/share/perl/5.6.1/CGI/Session/Auth/DBI.pm Tue Sep 21 +17:03:36 2004 @@ -4,7 +4,7 @@ # Copyright (c) 2003 Jochen Lillich <jl@teamlinux.de> ########################################################### # -# $Id: DBI.pm,v 1.2 2004/09/29 13:43:38 champs Exp $ +# $Id: DBI.pm,v 1.6 2003/10/31 08:28:33 jlillich Exp $ # package CGI::Session::Auth::DBI; @@ -16,7 +16,7 @@ use Carp; use DBI; -our $VERSION = do { my @r = (q$Revision: 1.2 $ =~ /\d+/g); sprintf "% +d." . "%03d" x (scalar @r - 1), @r; }; +our $VERSION = do { my @r = (q$Revision: 1.6 $ =~ /\d+/g); sprintf "% +d." . "%03d" x (scalar @r - 1), @r; }; # column names in database my $COL_USERID = 'userid'; @@ -24,7 +24,7 @@ my $COL_PASSWORD = 'passwd'; my $COL_IPUSERID = 'userid'; my $COL_IPADDR = 'network'; -my $COL_IPMASK = 'netmask'; +my $COL_IPMASK = "netmask"; ########################################################### ### @@ -52,8 +52,6 @@ # class specific parameters # - # Check to see if we got a Database Handler. - unless( $params->{DBH} ){ # parameter 'DSN': DBI data source name my $dsn = $params->{DSN} || croak("No DSN parameter"); # parameter 'DBUser': database connection username @@ -62,28 +60,20 @@ my $dbpasswd = $params->{DBPasswd} || ""; # parameter 'DBAttr': optional database connection attributes my $dbattr = $params->{DBAttr} || {}; - # database handle - $self->{dbh} = - DBI->connect( $dsn, $dbuser, $dbpasswd, $dbattr) - or croak( "DB error: " . $DBI::errstr ); - }else{ - $self->{dbh} = $params->{DBH}; - } - # parameter 'UserTable': name of user data table $self->{usertable} = $params->{UserTable} || 'auth_user'; # parameter 'GroupTable': name of user data table $self->{grouptable} = $params->{GroupTable} || 'auth_group'; # parameter 'IPTable': name of ip network table $self->{iptable} = $params->{IPTable} || 'auth_ip'; - # parameter 'PwdPlaceHolder': string to be used - # as placeholder for retrieve / set encripted password field - $self->{pwdplaceholder} = $params->{PwdPlaceHolder} || '?'; # # class members # + # database handle + $self->{dbh} = DBI->connect($dsn, $dbuser, $dbpasswd, $dbattr) or + croak("DB error: " . $DBI::errstr); + # blessed are the greek bless($self, $class); @@ -111,21 +101,23 @@ my $result = 0; - my $query = qq{SELECT * - FROM "$self->{usertable}" - WHERE $COL_USERNAME = ? - AND $COL_PASSWORD = $self->{pwdplaceholder} - }; - + my $query = sprintf( + "SELECT * FROM %s WHERE %s ='%s' AND %s = '%s'", + $self->{usertable}, + $COL_USERNAME, + $username, + $COL_PASSWORD, + $password + ); $self->_debug("query: $query"); # search for username my $sth = $self->_dbh->prepare($query); - $sth->execute( $username, $password ) or croak _dbh->errstr; + $sth->execute or croak _dbh->errstr; if (my $rec = $sth->fetchrow_hashref) { $self->_debug("found user entry"); $self->_extractProfile($rec); $result = 1; - $self->_info("user '$username' logged in"); + $self->info("user '$username' logged in"); } $sth->finish; @@ -172,7 +164,8 @@ $self->_extractProfile($user); $result = 1; last; - } else { + } + else { $self->_debug("no member of this network"); } @@ -193,14 +186,14 @@ my $self = shift; my ($userid) = @_; - my $query = qq{SELECT * - FROM "$self->{usertable}" - WHERE userid = ? - }; - + my $query = sprintf( + "SELECT * FROM %s WHERE userid='%s'", + $self->{usertable}, + $userid + ); $self->_debug("query: $query"); my $sth = $self->_dbh->prepare($query); - $sth->execute( $userid ) or croak $self->_dbh()->errstr; + $sth->execute() or croak $self->_dbh()->errstr; if (my $rec = $sth->fetchrow_hashref) { $self->_debug("Found user entry"); $self->_extractProfile($rec); @@ -223,9 +216,7 @@ my $first = 1; foreach (keys %{$self->{profile}}) { if ($_ ne $COL_USERID) { - $query .= ( ($first) ? '' : ', ' ) . - $_ . ' = ' . ( $_ eq $COL_PASSWORD ? $self->{pwdplaceholder} : '? +' ); - + $query .= (($first) ? '' : ', ') . $_ . " = ?"; push @values, $self->{profile}{$_}; $first = 0; } @@ -235,6 +226,7 @@ my $sth = $self->_dbh()->prepare($query); $sth->execute(@values, $self->{userid}) or croak $self->_dbh()->err +str; + } ########################################################### @@ -281,8 +273,7 @@ foreach ( keys %$rec ) { $self->{profile}{$_} = $rec->{$_}; } -} -; +}; ########################################################### @@ -297,15 +288,16 @@ $self->_debug("get data for userid: ", $userid); - my $query = qq{SELECT * - FROM "$self->{usertable}" - WHERE $COL_USERID = ? - }; - + my $query = sprintf( + "SELECT * FROM %s WHERE %s='%s'", + $self->{usertable}, + $COL_USERID, + $userid + ); $self->_debug("query: $query"); # search for username my $sth = $self->_dbh->prepare($query); - $sth->execute( $userid ) or croak _dbh->errstr; + $sth->execute or croak _dbh->errstr; return $sth->fetchrow_hashref; } @@ -326,23 +318,24 @@ =head1 SYNOPSIS use CGI; -use CGI::Session; -use CGI::Session::Auth::DBI; + use CGI::Session; + use CGI::Session::Auth::DBI; -my $cgi = new CGI; -my $session = new CGI::Session(undef, $cgi, {Directory=>'/tmp'}); -my $auth = new CGI::Session::Auth({ + my $cgi = new CGI; + my $session = new CGI::Session(undef, $cgi, {Directory=>'/tmp'}); + my $auth = new CGI::Session::Auth({ CGI => $cgi, Session => $session, DSN => 'dbi:mysql:host=localhost,database=cgiauth' +, }); -$auth->authenticate(); + $auth->authenticate(); -if ($auth->loggedIn) { + if ($auth->loggedIn) { showSecretPage; -} else { + } + else { showLoginPage; -} + } @@ -395,16 +388,14 @@ =over 1 -=item B<DBH>: DBI Object ready to use (conflicts with B<DSN>, B<DBUse +r>, B<DBPasswd>, B<DBAttr> - those will be ignored) - -=item B<DSN>: Data source name for the database connection (mandatory +, unless B<DBH> is present). +=item B<DSN>: Data source name for the database connection (mandatory +). For an explanation, see the L<DBI> documentation. -=item B<DBUser>: Name of the user account used for the database conne +ction. (Default: none, no effect if B<DBH> present) +=item B<DBUser>: Name of the user account used for the database conne +ction. (Default: none) -=item B<DBPasswd>: Password of the user account used for the database + connection. (Default: none, no effect if B<DBH> present) +=item B<DBPasswd>: Password of the user account used for the database + connection. (Default: none) -=item B<DBAttr>: Optional attributes used for the database connection +. (Default: none, no effect if B<DBH> present) +=item B<DBAttr>: Optional attributes used for the database connection +. (Default: none) =item B<UserTable>: Name of the table containing the user authenticat +ion data and profile. (Default: 'auth_user')

Janitored by Arunbear - added readmore tags

Replies are listed 'Best First'.
Re: An Unnofficial Patch to CGI::Session::Auth::DBI...
by zejames (Hermit) on Oct 07, 2004 at 15:35 UTC
    It would be great if you explained what your patch does, rather than required us to read it to know...

    Anyway, I guess it fits your needs, and that is cool for that.

    --
    zejames

      Ops! That's my fault! Here it is:

      1. sprintf() is not used anymore in query building. String interpolation is faster and cleaner.
      2. Instead of just parameters for database connection, the constructor now accepts a single parameter holding a DBI Object. Usually I share a DBI connection throught all mya pplication source code.
      3. Introduced a new parameter into the constructor to tell CGI::Session::Auth::DBI how to update and compare password values (I protect my database-stored passwords with MD5 Digest armoring).
        Does anyone know how to determine the current logged in username after a user has been authenticated? Thanks, Andrew

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlnews [id://397176]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (2)
As of 2021-09-28 00:51 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?