LibWeb::Admin - User authentication for libweb applications
- BSD, Linux, Solaris and Windows.
my $a = LibWeb::Admin->new();
$a->login( $user_name, $guess_password );
my ($user_name,$uid) = $a->get_user();
This class manages user authentication for web applications written based
on the interfaces and frameworks defined in LibWeb, a Perl library/toolkit
for programming web applications. It is responsible for managing user
login, logout and new sign-up. Therefore you may want to use this module in
the login script for your site.
The current version of LibWeb::Admin.pm is available at
Several LibWeb applications (LEAPs) have be written, released and are
Variables in all-caps (e.g. MAX_LOGIN_ATTEMPT_ALLOWED) are those variables
set through LibWeb's rc file. Please read LibWeb::Core
for more information. `Sanitize' means escaping any illegal character
possibly entered by user in a HTML form. This will make Perl's taint mode
happy and more importantly make your site more secure. Definition for
illegal characters is given in LibWeb::Core. All `error/help messages' mentioned can be found at LibWeb::HTML::Error
and they can be customized by ISA (making a sub-class of)
LibWeb::HTML::Default. Please see LibWeb::HTML::Default for details.
Fetch the user name and password from a HTML form and pass them to
$a->login( $user_name, $guess );
If the password is correct and the user name exists in the database, this
will send an authentication cookie to the client web browser and return 1;
send an alert e-mail to the site administrator (ADMIN_EMAIL) and print out an error message and exit otherwise.
At the top of every web application that requires user authentication,
my ($user_name,$uid) = $a->get_user();
to retrieve user name and user ID from cookie. This will send an alert
e-mail to the site administrator (ADMIN_EMAIL) and redirect the user to the login page (LM_IN) if no authentication cookie is found or it has been tampered with. I
would recommend you use LibWeb::Session instead which is specifically
designed for that purpose and therefore runs a little bit faster,
my $s = new LibWeb::Session();
my ($user_name,$uid) = $s->get_user();
LibWeb::Admin should be used by login scripts; whereas LibWeb::Session
should be used by any web applications once the user has logged in. Read LibWeb::Session for details.
To update the database (set the login indicator to LOGIN_INDICATOR) when the user is first logged in,
= $s->get_user( -is_update_db => 1 );
This is probably done in `my control panel' or `my page' of some sorts
which is the first script invoked after password authentication.
This will check to see if the user is logged in. Send an alert e-mail to
the site administrator (ADMIN_EMAIL) and redirect user to the login page (LM_IN) if the remote user is not logged in or has no authentication cookie.
Otherwise, this will flush
NUM_LOGIN_ATTEMPT to 0 in database (indicating that the user has logged out). This will also
send de-authentication cookies to nullify all authentication cookies on
client web browser. Return 1 upon success.
Check to see if authentication cookies are indeed removed from the client
Web browser and return true (1). Otherwise, print an error message, send an
alert e-mail to ADMIN_EMAIL and exit the program.
-user => 'user_name',
-password => 'password',
-email => 'user_email'
Print out an error message and abort if,
`user_name' contains illegal characters other than `_' and `-' or
`user_name' is already registered or
`user_email' does not conform to the standard format defined in
`user_email' is already registered if IS_ALLOW_MULTI_REGISTRATION
is set to 0.
If the parameters pass all the tests, this will encrypt the password, add
that with the user name to the database, notify the site administrator (ADMIN_EMAIL) by e-mail if
IS_NOTIFY_ADMIN_WHEN_ADDED_NEW_USER is set to 1 and log that event in FATAL_LOG if FATAL_LOG is defined. Return the registered user_name upon success.
- Colin Kong (colin.kong(at)utoronto.ca)
LibWeb::Core, LibWeb::CGI, LibWeb::Crypt,
LibWeb::Database, LibWeb::Digest, LibWeb::HTML::Default,