############################################################################ # # # auth_check() Version 1.0 # # Written by Craig A. Patchett craig@patchett.com # # Created 1/13/96 Last Modified 11/16/96 # # # # Copyright 1996 Craig Patchett & Matthew Wright. All Rights Reserved. # # This subroutine is part of The CGI/Perl Cookbook from John Wiley & Sons. # # License to use this subroutine or install it on a server (in original or # # modified form) is granted only to those who have purchased a copy of The # # CGI/Perl Cookbook. (This notice must remain as part of the source code.) # # # ############################################################################ ### Subroutine: &auth_check() ### ### Function: Checks to see if the caller of a program has entered a ### valid user ID and password using the Authenticate program. ### Will optionally call Authenticate if not. ### ### Usage: &auth_check([$AUTHENTICATE]); ### ### Variables: $AUTHENTICATE -- Optional non-zero value or string. If ### this argument is included and the visitor ### is not already authenticated, the ### subroutine will pass control over to ### Authenticate which will in turn pass ### control back to this URL after the ### visitor has been authenticated. ### Example: 1 ### ### Returns: ($user_id, $last_visit) if visitor has been authenticated. ### $user_id is the visitor's user ID, $last_visit is the ### date of the visitor's last visit in time() format ### (undefined, undefined) if a URL was not specified and the visitor ### has not been authenticated ### Does not return if a URL was not specified and the visitor ### has not been authenticated (passes control to the ### Authenticate program specified by $AUTH_URL) ### ### Uses Global: $AUTH_URL - See Authenticate ### $AUTH_DIR - See Authenticate ### $MAX_AGE - See Authenticate ### ### Requires: ipconvrt.pl ### error.pl ### ### Files Created: None sub auth_check { # Get argument (if any) local($AUTHENTICATE) = $_[0]; # Set up other variables local($COOKIES, $auth_id, $auth_path, $auth_program, $valid, $user_id, $last_visit); local($date) = time; local($PROGRAM_URL) = "http://$ENV{'SERVER_NAME'}$ENV{'SCRIPT_NAME'}$ENV{'PATH_INFO'}"; # Determine the authentication ID (if one exists) $auth_program = $AUTH_URL; $auth_program =~ s|http://[^/]+||; if ($ENV{'HTTP_COOKIE'} =~ /$auth_program=(\d+)/) { $auth_id = $1 } elsif (!$ENV{'HTTP_COOKIE'}) { $auth_id = &ip_convert($ENV{'REMOTE_ADDR'}) } # If an authentication ID exists, check to see if it's active $auth_path = "$AUTH_DIR$auth_id"; if ($auth_id && (-f $auth_path) && (-r $auth_path) && (-M $auth_path < ($MAX_AGE / 1440))) { # File exists and is valid so set appropriate flag and update file open(AUTH, $auth_path) || &error("Could not open authentication file ($!)."); $user_id = ; close(AUTH); $last_visit = $^T - int((-M $auth_path) * 86400); open(AUTH, ">>$auth_path") || &error("Could not open authentication file ($!)."); print AUTH "$PROGRAM_URL||$date\n"; close(AUTH); $valid = 1; } if (!$valid && $AUTHENTICATE) { print "Location: $AUTH_URL/$PROGRAM_URL\n\n"; exit(0); } else { return($user_id, $last_visit) } } 1;