Four Hewes wrote: > My criteria: > > I. Account structure I want: > unique user accounts > users are members of groups (a la Unix) > use of HTTP's ".passwd" is OK > > II. Platform I'd use: > OS: Win, Unix, or Linux > Server: Apache or IIS > Dev.: MacPerl5 > > III. Security of log-in: > secure transmission of username & password > > IV. Behaviour I want: > 1. (from public web page) All users see username/password log-in fields. > 2. Rejected log-in gets error message (page or pop-up) and is returned > to log-in page. > 3. successful log-ins sent to username-specific page. This page and all > others exclusively for this user account are visible only this user > (except those pages appropriate to this user's group). > 4. (from any of this user's pages) Log-out by clicking "log-out" link. > 5. Logged-out users sent to some public "thank you/farewell" page on site.
using a mod_perl AccessHandler or AuthenHandler can probably help solve some aspects of this problem for you. you can write a module that intercepts the authentication step of the apache request cycle. the way i usually handle a situation like this is to authenticate the user, then load the %ENV hash with any variables that will be needed later. however, using an Access or AuthenHandler in this way means your users will be seeing the not-very-elegant pop-up window to enter their username and password. it also means that there won't be a 'logout' link; the user will have to close their browser to 'log out'. there are several cpan modules that can be customized to use html login forms, complete with a logout method, but, unless i'm mistaken, they all use cookies. of course, if mod_perl is not an option you can explore, all of this is moot. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
