Colin Kong > LibWeb-0.02 > LibWeb::Admin

Download:
LibWeb-0.02.tar.gz

Dependencies

Annotate this POD

View/Report Bugs
Module Version: 0.02   Source  

NAME ^

LibWeb::Admin - User authentication for libweb applications

SUPPORTED PLATFORMS ^

BSD, Linux, Solaris and Windows.

REQUIRE ^

ISA ^

SYNOPSIS ^

    use LibWeb::Admin;
    my $a = LibWeb::Admin->new();

    $a->login( $user_name, $guess_password );

             ...

    my ($user_name,$uid) = $a->get_user();

             ...

    $a->logout();

             ...

    $a->is_logout();

ABSTRACT ^

This class manages user authentication for web applications written based on the interfaces and frameworks defined in LibWeb, a Perl library/toolkit for programming web applications. It is responsible for managing user login, logout and new sign-up. Therefore you may want to use this module in the login script for your site.

The current version of LibWeb::Admin.pm is available at

   http://libweb.sourceforge.net

Several LibWeb applications (LEAPs) have be written, released and are available at

   http://leaps.sourceforge.net

TYPOGRAPHICAL CONVENTIONS AND TERMINOLOGY ^

Variables in all-caps (e.g. MAX_LOGIN_ATTEMPT_ALLOWED) are those variables set through LibWeb's rc file. Please read LibWeb::Core for more information. `Sanitize' means escaping any illegal character possibly entered by user in a HTML form. This will make Perl's taint mode happy and more importantly make your site more secure. Definition for illegal characters is given in LibWeb::Core. All `error/help messages' mentioned can be found at LibWeb::HTML::Error and they can be customized by ISA (making a sub-class of) LibWeb::HTML::Default. Please see LibWeb::HTML::Default for details.

DESCRIPTION ^

HANDLING USER LOGIN

Fetch the user name and password from a HTML form and pass them to login(),

  $a->login( $user_name, $guess );

If the password is correct and the user name exists in the database, this will send an authentication cookie to the client web browser and return 1; send an alert e-mail to the site administrator (ADMIN_EMAIL) and print out an error message and exit otherwise.

HANDLING USER SESSION AFTER LOGIN

At the top of every web application that requires user authentication,

  my ($user_name,$uid) = $a->get_user();

to retrieve user name and user ID from cookie. This will send an alert e-mail to the site administrator (ADMIN_EMAIL) and redirect the user to the login page (LM_IN) if no authentication cookie is found or it has been tampered with. I would recommend you use LibWeb::Session instead which is specifically designed for that purpose and therefore runs a little bit faster,

  use LibWeb::Session;
  my $s = new LibWeb::Session();

  my ($user_name,$uid) = $s->get_user();

LibWeb::Admin should be used by login scripts; whereas LibWeb::Session should be used by any web applications once the user has logged in. Read LibWeb::Session for details.

To update the database (set the login indicator to LOGIN_INDICATOR) when the user is first logged in,

  my ($user_name,$uid)
      = $s->get_user( -is_update_db => 1 );

This is probably done in `my control panel' or `my page' of some sorts which is the first script invoked after password authentication.

HANDLING USER LOGOUT

  $a->logout();

This will check to see if the user is logged in. Send an alert e-mail to the site administrator (ADMIN_EMAIL) and redirect user to the login page (LM_IN) if the remote user is not logged in or has no authentication cookie. Otherwise, this will flush NUM_LOGIN_ATTEMPT to 0 in database (indicating that the user has logged out). This will also send de-authentication cookies to nullify all authentication cookies on client web browser. Return 1 upon success.

PARANOIA

  $a->is_logout();

Check to see if authentication cookies are indeed removed from the client Web browser and return true (1). Otherwise, print an error message, send an alert e-mail to ADMIN_EMAIL and exit the program.

ADDING NEW USER TO DATABASE

  $a->add_new_user(
                   -user => 'user_name',
                   -password => 'password',
                   -email => 'user_email'
                  );

Print out an error message and abort if,

If the parameters pass all the tests, this will encrypt the password, add that with the user name to the database, notify the site administrator (ADMIN_EMAIL) by e-mail if IS_NOTIFY_ADMIN_WHEN_ADDED_NEW_USER is set to 1 and log that event in FATAL_LOG if FATAL_LOG is defined. Return the registered user_name upon success.

AUTHORS ^

Colin Kong (colin.kong@toronto.edu)

CREDITS ^

BUGS ^

SEE ALSO ^

LibWeb::Core, LibWeb::CGI, LibWeb::Crypt, LibWeb::Database, LibWeb::Digest, LibWeb::HTML::Default, LibWeb::Session, LibWeb::Themes::Default.

syntax highlighting: