[Webdev] Authenticated redirecting
Dave O Connor
doc at redbrick.dcu.ie
Fri Jun 30 14:40:03 IST 2000
Someone called adam beecher said on Fri, Jun 30, 2000 at 02:12:47PM +0100:
> > This might sound a little confusing...
> > What I'd like to try is some authenticated redirecting.. where people are
> > prompted for a username and password, then taken to a directory based on
> > their input. Let's say for example I've got http://www.mysite.com/users/,
> > which uses htaccess/htpasswd, then based on their response, theyre taken to
> > http://www.mysite.com/users/<username>/.
> >
> > Right now, I'm trying it in perl, but I was just wondering if there was an
> > easier way, maybe php? (I'm looking for an excuse to try something new with
> > php). I'm not looking for any answers or anything, just suggestions :)
> >
>
> It depends on whether you want to protect other users directories from this
> user. For example, say 'user1' logs in, and is redirected to
> http://sld.tld/users/user1/. With standard HTTP_AUTH, a logged in 'user2' will
> be able to access that users directory aswell, simple by changing the URL. With
> a more complex system, possibly even extended to use mod_rewrite, you could
> protect different directories (or even "virtual directories") from each other.
> With PHP of course, because it has Apache AUTH hooks. I don't know about Perl.
>
Not really. Say the /users directory has just index.pl in it.
-----------------------------------------------------------------------
#!/usr/bin/perl
use strict;
use CGI;
my $query = new CGI;
print $query->redirect("http://www.mysite.com/users/" . $ENV{'REMOTE_USER'});
-----------------------------------------------------------------------
That'll redirect them to /users/<username>
as for if you don't want them mucking about, a .htaccess file in their
/users/<user> dir, looking something like:
----------------------------------------------------------------------
AuthType Basic
AuthUserFile /path/to/.passwdfile
<Limit GET>
require user fred
</Limit>
-----------------------------------------------------------------------
once the password file is the same one used to authenticate them for /users,
they shouldn't have to enter their password again.
- DoC
More information about the Webdev
mailing list