Usually, if you run into problems that only affect POST requests, that
means that somewhere earlier in the apache cycle there is something
consuming the posted data. Looking at the code you've posted though,
it's not immediately obvious that that is the problem, nor is it obvious
that it's actually the even related to the problem that phpMyAdmin is
displaying. That is something you can look into further though Perhaps
part of DataJoy::Application is reading the post variables out of STDIN.
Adam
Miha Lampret wrote:
Hello all,
Today I tried to limit access to phpMyAdmin using my own Authen.pm
module. It works well but not always. Looks like phpMyAdmin has
problems with HTTP post method if I enable my PerlAuthenHandler
Authen.pm. Otherwise phpMyAdmin and Authen.pm work well.
The error I get in phpMyAdmin is:
Fatal error: PMA_sendHeaderLocation called when headers are already
sent! in /opt/datajoy/www/lib/phpMyAdmin/libraries/common.lib.php on
line 650
I am not sure what causes this problem. It may be phpMyAdmin issue or
there is something wrong in my Authen.pm. But since my Authen.pm works
well when limiting access to directories/files and since I have no
problem with phpMyAdmin if I use .htaccess with password file
(AuthUserFile) I thought it might be mod_perl issue. Anyone else
noticed strange behaviour when using PerlAuthenHandler? It is the same
if I use PerlAccessHandler.
I hope someone can direct me where to look for solution.
Best regards,
Miha
Server software:
Apache/2.2.9 (Debian) PHP/5.2.6-5 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
I also noticed this problem in older versions of Apache, perl, mod_perl and php.
Bellow are my Apache settings for phpMyAdmin dir and Authen.pm module:
<Directory /opt/datajoy/www/lib/phpMyAdmin>
PerlSendHeader Off
AuthName DatajoyWebAuth
AuthType Basic
PerlAuthenHandler Datajoy::Authen
require valid-user
</Directory>
package Datajoy::Authen;
use strict;
use Apache2::Access ();
use Apache2::RequestUtil ();
use Apache2::Const -compile => qw(OK DECLINED HTTP_UNAUTHORIZED);
use Datajoy::Application;
use Datajoy::Config;
sub Authenticate {
my ($domain,$user,$pass,$file)[EMAIL PROTECTED];
my $result=0;
my $app=Datajoy::Application->new();
$app->Db_Connect;
my $sth=$app->{dbh}->prepare("select users.org_id, users.id, pages.path
from domains,users,pages
where domains.page_id=pages.id and users.org_id=domains.org_id
and domains.domain=? and users.username=?");
$sth->execute($domain,$user);
my ($org_id,$user_id,$domain_path)=$sth->fetchrow_array;
if ($org_id && $user_id) {
my $auth=undef;
eval '$auth='.$app->{config}->{auth_module}.'->new($app)';
if (! $@) {
my ($logged_in,$uref)=$auth->Login($org_id,$user,$pass);
if ($logged_in>0) {
$result=1;
}
}
}
return $result;
}
sub handler {
my $r=shift;
my ($status,$pass)=$r->get_basic_auth_pw;
return $status unless $status == Apache2::Const::OK;
my $domain=$r->hostname();
my $user=$r->user;
my $file=$r->filename();
if (Authenticate($domain,$user,$pass,$file)) {
return Apache2::Const::OK;
} else {
$r->note_basic_auth_failure;
return Apache2::Const::HTTP_UNAUTHORIZED;
}
}
1;