Apache2-AuthCookieDBImg
view release on metacpan or search on metacpan
lib/Apache2/AuthCookieDBImg.pm view on Meta::CPAN
To make the work of the randomizer easier I create my images table
like this:
create table images ( imagekey serial, imageurl char(128), imageword char(20));
And load it up like this:
inssert into images (imageurl,imageword) values ('/images/dbimg/junk.png','saywhat?');
Then create an image named junk.png and put it in my web server /images/dbimg folder.
The text on the image has a background picture plus the word "saywhat?" across the front.
The randomizer just looks up the imageurl and imagekey in the database and spits out
the appropriate HTML code. ApacheCookieDBImg then does a reverse operation, looking
up the imageword based on the key.
=head1 CAVEATS
This is not a truly random image, so it is not overly secure. The initial idea is just
to thwart stupid bots. Someone could easily visit the site and build a map of image
sources and the matching words. i.e. when credential_3 == 1 the word is always "saywhat?".
Not fool-proof, just and extra level of bot protection.
lib/Apache2/AuthCookieDBImg.pm view on Meta::CPAN
unless ( defined $secretkey ) {
$r->log_error( "Apache2::AuthCookieDBImg: didn't have the secret key from for auth realm $auth_name", $r->uri );
return undef;
}
# Decrypt the session key.
my $session_key;
if ( $c{ DBI_encryptiontype } eq 'none' ) {
$session_key = $encrypted_session_key;
} else {
# Check that this looks like an encrypted hex-encoded string.
unless ( $encrypted_session_key =~ /^[0-9a-fA-F]+$/ ) {
$r->log_error( "Apache2::AuthCookieDBImg: encrypted session key $encrypted_session_key doesn't look like it's properly hex-encoded for auth realm $auth_name", $r->uri );
return undef;
}
# Get the cipher from the cache, or create a new one if the
# cached cipher hasn't been created, & decrypt the session key.
my $cipher;
if ( lc $c{ DBI_encryptiontype } eq 'des' ) {
$cipher = $CIPHERS{ "des:$auth_name" }
( run in 0.319 second using v1.01-cache-2.11-cpan-64827b87656 )