#===========================================================================
Copyright (C) 2008 by Nik Ogura. All rights reserved.
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
Bug reports and comments to nik.ogura@gmail.com.
#===========================================================================
CGI::Lazy::Authn
use CGI::Lazy;
my $q = CGI::Lazy->new({
tmplDir => '/templates',
jsDir => '/js',
cssDir => '/css',
imgDir => '/css',
buildDir => '/tmp',
plugins => {
dbh => {
dbDatasource => 'dbi:mysql:somedb:localhost',
dbUser => 'luser',
dbPasswd => 's3cr3t',
dbArgs => {RaiseError => 1},
},
session => {
sessionTable => 'session',
sessionCookie => 'frobnitz',
saveOnDestroy => 1,
expires => '+15m',
},
authn => {
table => 'user',
primarykey => 'user_id',
template => 'login.tmpl',
salt => '234998fhgsldkj#$^',
userField => 'username',
passwdField => 'password',
activeField => 'active',
extraFields => {
country => country,
}
},
},
});
return unless $q->authn->check;
CGI::Lazy Authentication module. Draws much of it's inspiration from CGI::Auth. Put the $q->authn->check call in your CGI, if theres a current authenticated session, it will return true. If not, it will print the login template specified and return false.
The intended minimum database structure is as follows:
create table user (user_id int(10) unsigned not null auto_increment primary key, username varchar(50), password(varchar(25), active bool); #mysql
Required Arguments:
table => 'table_name', #name of user table
primarykey => 'field_name', #name of primary key field on above table.
template => 'login.tmpl', #name of template for logins
salt => 'asdf9234ml@#4234', #unique identifying string for this application. Passwords are stored as md5 hashes of $username.$passwd.$salt .
userField => 'username', #name of username field. Defaults to 'username'
passwdField => 'password', #name of password field. Defaults to 'password' needs to be varchar and at least 22 characters wide.
activeField => 'active', #name of field that flags a user as active. Defaults to 'active'. Assumes '1' means active.
Optional Arguments:
extraFields => { #any other fields you want to authenticate on. If set, will authenticate on username, passwd, and every other field set here.
webname => fieldname, #first value is the name of the web control, second is the name of the field in the db
webname2 => fieldname2,
}
Call this in your cgi to check if an authenticated session is present. Returns 1 if session is valid, and authenticated. Returns 0 otherwise; If authentication fails, prints the login template.
Takes username, password, and salt from config and generates hashed value for storage in the db.
The username
The cleartext password.
