Try a search for user authentication at hotscripts.com.

I'm not 100% sure what you're asking for.

Are you saying: you want a form that allows them to type in a username/password field, and then when they press "submit" it authenticates them for the htaccess area of the site?

Or are you saying that you're sick of htaccess and want to handle the whole thing through Perl?

I'm saying I want something that authenticates them for the htaccess area of the site.

Thanks to both of you.

I'll search in hotscripts.com

Eric

Not to dodge your question... but are you sure you want to do that? What's the point?

I've seen systems that use Perl for authentication 100% of the way; you log into one script and that keeps passing your password (or encrypted password) from page to page. Hotmail is like that.

Then of course we've all seen systems that use htaccess 100% of the way. That's the "normal" method of protecting a directory.

But why mix it up? You want to use htaccess but for some reason you want to take control of the acceptance of the username and password from a form? Why bother?

I'm not sure but I think that some of these authentication services like "AdultCheck" do something vaguely like what you want--to tell the truth, I'm really not sure how they work. Perhaps some sort of a redirection with the password embedded?

Bolotomus,

You're right.

I'll use Perl all the way.

Thanks

Eric

I hope I didn't steer you down the wrong path... the 100% Perl method is by far more difficult to implement.

My opinion is: you want to use 100% Perl if you're letting the user into a suite of cgi-bin programs. Hotmail is a perfect example of where you'd want to do it that way. If you want the user to have access to both cgi-bin programs AND normal HTML files, e.g. your typical membership site, the 100% Perl method becomes a chore, as you need some method of showing normal HTML pages through your Perl scripts.

Another problem with authentication via Perl scripts is that you have to be careful to never show the actual password in a URL. E.g., a link that points to /cgi-bin/script.pl?username=joe&password=blow is a definite no-no.

The easiest way, usually, is to use htaccess for your password purposes. Then if there is some reason the person might want to use a cgi-bin script, like to change their password or account status, you write a script which is in an htaccess protected directory. This script can know what their "username" is through an $ENV{...} variable. If that variable is set, you know that the user is properly logged in with the right password.

Regarding the password protection of a directory. I would like to use an .htaccess file for this purpose. There will only be one username and password (let's say it's usertest and password is 1234). How would I configure this .htaccess file if I wanted to password protect the directory [fakedomain.com...]

Thank you.

Hello,

I've used this resource with good results.

[kelv.net...]

Eric

I can't get it to work...quick question...does .htaccess work on NT?

Someone correct me if I'm wrong, but I don't think .htaccess works on NT.

I don't know what NT uses to secure directories.

Sorry

I ended up using a JavaScript code. It seems to work okay. Thanks.

You cannot use htaccess on NT, you need other methods. I used a perl based script and I found an ASP based script which I like better.

There is a wonderful perl utility to help manage htaccess. Do a search on the web for "htaccess" and you'll probably find it right away. The author is in Hawaii.

I'm running Apache on NT at the moment and I seem to be able to restrict users with an ht.acl file. (same as an .htaccess file, you just have to change the httpd.conf a bit)

I'm using the mod_ntlm module within this file. This checks to see if the user is within the NT Domain Users. If their not then it will prompt for a Username, password and domain.

Works perfectly for our intranet