CGI-Session-Auth
view release on metacpan or search on metacpan
##
## authenticate current visitor
##
my $self = shift;
# is this already a session by an authorized user?
if ( $self->_session->param("~logged-in") ) {
$self->_debug("User is already logged in in this session");
# set flag
$self->_loggedIn(1);
# load user profile
my $userid = $self->_session->param('~userid');
$self->_loadProfile($userid);
return 1;
}
else {
$self->_debug("User is not logged in in this session");
# reset flag
$self->_loggedIn(0);
}
# maybe someone's trying to log in?
my $lg_name = $self->_cgi->param( $self->{lvprefix} . "username" );
my $lg_pass = $self->_cgi->param( $self->{lvprefix} . "password" );
if ($lg_name && $lg_pass) {
# Yes! Login data coming in.
$self->_debug("User trying to log in");
if ($self->_login( $lg_name, $lg_pass )) {
$self->_debug("login successful, userid: ", $self->{userid});
$self->_loggedIn(1);
$self->_session->param("~userid", $self->{userid});
$self->_session->clear(["~login-trials"]);
return 1;
}
else {
# the login seems to have failed :-(
$self->_debug("Login failed");
my $trials = $self->_session->param("~login-trials") || 0;
return $self->_session->param("~login-trials", ++$trials);
}
}
# or maybe we can authenticate the visitor by his IP address?
if ($self->{ipauth}) {
# we may check the IP
if ($self->_ipAuth()) {
$self->_debug("IP authentication successful, userid: ", $self->{userid});
$self->_loggedIn(1);
$self->_session->param("~userid", $self->{userid});
$self->_session->clear(["~login-trials"]);
return 1;
}
}
}
###########################################################
sub sessionCookie {
##
## make cookie with session id
##
my $self = shift;
my $cookie = $self->_cgi->cookie($self->_session->name() => $self->_session->id );
return $cookie;
}
###########################################################
sub loggedIn {
##
## get internal logged-in flag
##
my $self = shift;
return $self->_loggedIn;
}
###########################################################
sub profile {
##
## accessor to user profile fields
##
my $self = shift;
my $key = shift;
if (@_) {
my $value = shift;
$self->{profile}{$key} = $value;
$self->_debug("set profile field '$key' to '$value'");
}
return $self->{profile}{$key};
}
###########################################################
sub hasUsername {
##
## check for given user name
##
my $self = shift;
my ($username) = @_;
return ($self->{profile}{username} eq $username);
}
###########################################################
=over 4
=item CGI
A reference to an CGI or CGI::Simple object.
=item Session
A reference to an CGI::Session object.
=back
Additionally, the following optional parameters are possible:
=over 4
=item IPAuth
Try to authenticate the visitor by his IP address. (Default: 0)
=item LoginVarPrefix
By default, CGI::Session::Auth expects the username and password of
the visitor to be passed in the form variables 'log_username' and
'log_password'. To avoid conflicts, the prefix 'log_' can be altered
by this parameter.
=item Log
Set to 1 to enable logging. CGI::Session::Auth expects an initialized Log::Log4perl
module and gets its logger object calling Log::Log4perl->get_logger('CGI::Session::Auth').
=back
=head2 authenticate()
This method does the actual authentication. It fetches session information to
determine the authentication status of the current visitor and further checks
if form variables from a proceeding login form have been set and eventually
performs a login attempt.
This login attempt is done by calling the method _login() (see below).
If authentication succeeded neither by session data nor login information, and
the parameter C<IPAuth> is set to a true value, it tries to authenticate the
visitor by his IP address.
=head2 _login()
This virtual method performs the actual login attempt by comparing the login
form data the visitor sent with some local user database. The _login method of
the base class CGI::Session::Auth only knows the user 'guest' with password
'guest'.
To access a real user database, you have to use a subclass that modifies the
_login method appropriately. See the modules in the Auth/ subdirectory.
=head2 sessionCookie()
For the session to be persistent across page requests, its session ID has to be
stored in a cookie. This method returns the correct cookie (as generated by CGI::cookie()),
but it remains the duty of the CGI application to send it.
=head2 loggedIn()
Returns a boolean value representing the current visitors authentication
status.
=head2 logout()
Discards the current visitors authentication status.
=head2 hasUsername($username)
Checks if a certain user is logged in.
=head2 isGroupMember($groupname)
Checks if the current user is a member of a certain user group.
=head2 profile($key [, $value])
Returns the user profile field identified by C<$key>. If C<$value> is given,
it will be stored in the respective profile field first.
=head2 _encpw($password)
Returns a cryptographic hash version of the password argument. If you want to
store passwords in encrypted form for security reasons, use this function when
you store the password and when you compare the stored password with the input
submitted by the user.
=head1 SUPPORT
For further information regarding this module, please visit the
project website at https://launchpad.net/perl-cgi-session-auth.
=head1 BUGS
Please report all bugs via the issue tracking on the project website.
Assistance in the development of this modules is encouraged and
greatly appreciated.
=head1 SEE ALSO
L<CGI::Session>
L<CGI::Application::Plugin::Session>
( run in 0.637 second using v1.01-cache-2.11-cpan-7fcb06a456a )