Usually, if you run into problems that only affect POST requests, that means that somewhere earlier in the apache cycle there is something consuming the posted data. Looking at the code you've posted though, it's not immediately obvious that that is the problem, nor is it obvious that it's actually the even related to the problem that phpMyAdmin is displaying. That is something you can look into further though Perhaps part of DataJoy::Application is reading the post variables out of STDIN.

Adam



Miha Lampret wrote:
Hello all,

Today I tried to limit access to phpMyAdmin using my own Authen.pm
module. It works well but not always. Looks like phpMyAdmin has
problems with HTTP post method if I enable my PerlAuthenHandler
Authen.pm. Otherwise phpMyAdmin and Authen.pm work well.

The error I get in phpMyAdmin is:
Fatal error: PMA_sendHeaderLocation called when headers are already
sent! in /opt/datajoy/www/lib/phpMyAdmin/libraries/common.lib.php on
line 650

I am not sure what causes this problem. It may be phpMyAdmin issue or
there is something wrong in my Authen.pm. But since my Authen.pm works
well when limiting access to directories/files and since I have no
problem with phpMyAdmin if I use .htaccess with password file
(AuthUserFile) I thought it might be mod_perl issue. Anyone else
noticed strange behaviour when using PerlAuthenHandler? It is the same
if I use PerlAccessHandler.

I hope someone can direct me where to look for solution.

Best regards,
Miha

Server software:
Apache/2.2.9 (Debian) PHP/5.2.6-5 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
I also noticed this problem in older versions of Apache, perl, mod_perl and php.

Bellow are my Apache settings for phpMyAdmin dir and Authen.pm module:

        <Directory /opt/datajoy/www/lib/phpMyAdmin>
            PerlSendHeader Off
            AuthName DatajoyWebAuth
            AuthType Basic
            PerlAuthenHandler Datajoy::Authen
            require valid-user
        </Directory>


package Datajoy::Authen;

use strict;
use Apache2::Access ();
use Apache2::RequestUtil ();
use Apache2::Const -compile => qw(OK DECLINED HTTP_UNAUTHORIZED);

use Datajoy::Application;
use Datajoy::Config;

sub Authenticate {
    my ($domain,$user,$pass,$file)[EMAIL PROTECTED];
    my $result=0;

    my $app=Datajoy::Application->new();
    $app->Db_Connect;

    my $sth=$app->{dbh}->prepare("select users.org_id, users.id, pages.path
      from domains,users,pages
      where domains.page_id=pages.id and users.org_id=domains.org_id
      and domains.domain=? and users.username=?");
    $sth->execute($domain,$user);
    my ($org_id,$user_id,$domain_path)=$sth->fetchrow_array;

    if ($org_id && $user_id) {
        my $auth=undef;
        eval '$auth='.$app->{config}->{auth_module}.'->new($app)';
        if (! $@) {
            my ($logged_in,$uref)=$auth->Login($org_id,$user,$pass);
            if ($logged_in>0) {
                $result=1;
            }
        }
    }

    return $result;
}

sub handler {
    my $r=shift;

    my ($status,$pass)=$r->get_basic_auth_pw;

    return $status unless $status == Apache2::Const::OK;

    my $domain=$r->hostname();
    my $user=$r->user;
    my $file=$r->filename();

    if (Authenticate($domain,$user,$pass,$file)) {
        return Apache2::Const::OK;
    } else {
        $r->note_basic_auth_failure;
        return Apache2::Const::HTTP_UNAUTHORIZED;
    }

}

1;

Reply via email to