LibWeb -- a vanilla web site backend current version: 0.02  
Home | Requirements | Features | Documentation | Downloads | License
  Sourceforge
Control panel
CVS
News
Bug Tracking
Mailing lists
Message forums
Downloads

  Sponsors
SourceForge.net
Documentation:

LibWeb::Admin

NAME

LibWeb::Admin - User authentication for libweb applications


SUPPORTED PLATFORMS

BSD, Linux, Solaris and Windows.


REQUIRE

  • LibWeb::Database


ISA

  • LibWeb::Session


SYNOPSIS

     use LibWeb::Admin;
     my $a = LibWeb::Admin->new();
 

     $a->login( $user_name, $guess_password );
 

              ...
 

     my ($user_name,$uid) = $a->get_user();
 

              ...
 

     $a->logout();
 

              ...
 

     $a->is_logout();
 


ABSTRACT

This class manages user authentication for web applications written based on the interfaces and frameworks defined in LibWeb, a Perl library/toolkit for programming web applications. It is responsible for managing user login, logout and new sign-up. Therefore you may want to use this module in the login script for your site.

The current version of LibWeb::Admin.pm is available at

    http://libweb.sourceforge.net
 

Several LibWeb applications (LEAPs) have be written, released and are available at

    http://leaps.sourceforge.net
 


TYPOGRAPHICAL CONVENTIONS AND TERMINOLOGY

Variables in all-caps (e.g. MAX_LOGIN_ATTEMPT_ALLOWED) are those variables set through LibWeb's rc file. Please read LibWeb::Core for more information. `Sanitize' means escaping any illegal character possibly entered by user in a HTML form. This will make Perl's taint mode happy and more importantly make your site more secure. Definition for illegal characters is given in LibWeb::Core. All `error/help messages' mentioned can be found at LibWeb::HTML::Error and they can be customized by ISA (making a sub-class of) LibWeb::HTML::Default. Please see LibWeb::HTML::Default for details.


DESCRIPTION


HANDLING USER LOGIN

Fetch the user name and password from a HTML form and pass them to login(),

   $a->login( $user_name, $guess );
 

If the password is correct and the user name exists in the database, this will send an authentication cookie to the client web browser and return 1; send an alert e-mail to the site administrator (ADMIN_EMAIL) and print out an error message and exit otherwise.


HANDLING USER SESSION AFTER LOGIN

At the top of every web application that requires user authentication,

   my ($user_name,$uid) = $a->get_user();
 

to retrieve user name and user ID from cookie. This will send an alert e-mail to the site administrator (ADMIN_EMAIL) and redirect the user to the login page (LM_IN) if no authentication cookie is found or it has been tampered with. I would recommend you use LibWeb::Session instead which is specifically designed for that purpose and therefore runs a little bit faster,

   use LibWeb::Session;
   my $s = new LibWeb::Session();
 

   my ($user_name,$uid) = $s->get_user();
 

LibWeb::Admin should be used by login scripts; whereas LibWeb::Session should be used by any web applications once the user has logged in. Read LibWeb::Session for details.

To update the database (set the login indicator to LOGIN_INDICATOR) when the user is first logged in,

   my ($user_name,$uid)
       = $s->get_user( -is_update_db => 1 );
 

This is probably done in `my control panel' or `my page' of some sorts which is the first script invoked after password authentication.


HANDLING USER LOGOUT

   $a->logout();
 

This will check to see if the user is logged in. Send an alert e-mail to the site administrator (ADMIN_EMAIL) and redirect user to the login page (LM_IN) if the remote user is not logged in or has no authentication cookie. Otherwise, this will flush NUM_LOGIN_ATTEMPT to 0 in database (indicating that the user has logged out). This will also send de-authentication cookies to nullify all authentication cookies on client web browser. Return 1 upon success.


PARANOIA

   $a->is_logout();
 

Check to see if authentication cookies are indeed removed from the client Web browser and return true (1). Otherwise, print an error message, send an alert e-mail to ADMIN_EMAIL and exit the program.


ADDING NEW USER TO DATABASE

   $a->add_new_user(
                    -user => 'user_name',
                    -password => 'password',
                    -email => 'user_email'
                   );
 

Print out an error message and abort if,

  • `user_name' contains illegal characters other than `_' and `-' or

  • `user_name' is already registered or

  • `user_email' does not conform to the standard format defined in LibWeb::Core or

  • `user_email' is already registered if IS_ALLOW_MULTI_REGISTRATION is set to 0.

If the parameters pass all the tests, this will encrypt the password, add that with the user name to the database, notify the site administrator (ADMIN_EMAIL) by e-mail if IS_NOTIFY_ADMIN_WHEN_ADDED_NEW_USER is set to 1 and log that event in FATAL_LOG if FATAL_LOG is defined. Return the registered user_name upon success.


AUTHORS

Colin Kong (colin.kong(at)utoronto.ca)


CREDITS


BUGS


SEE ALSO

LibWeb::Core, LibWeb::CGI, LibWeb::Crypt, LibWeb::Database, LibWeb::Digest, LibWeb::HTML::Default, LibWeb::Session, LibWeb::Themes::Default.



Copyright © 2000-2002 LibWeb.
All trademarks and copyrights on this page are properties of their respective owners. Forum comments are owned by the poster.