LEGAL

#===========================================================================

Copyright (C) 2008 by Nik Ogura. All rights reserved.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

Bug reports and comments to nik.ogura@gmail.com.

#===========================================================================

NAME

CGI::Lazy::Authn

SYNOPSIS

use CGI::Lazy;

my $q = CGI::Lazy->new({

		tmplDir         => '/templates',

		jsDir           => '/js',

		cssDir          => '/css',

		imgDir          => '/css',

		buildDir        => '/tmp',

		plugins         => {

				dbh     => {

					dbDatasource    => 'dbi:mysql:somedb:localhost',

					dbUser          => 'luser',

					dbPasswd        => 's3cr3t',

					dbArgs          => {RaiseError  => 1},

				},

				session => {

					sessionTable    => 'session',

					sessionCookie   => 'frobnitz',

					saveOnDestroy   => 1,

					expires         => '+15m',

				},

				authn   => {

					table           => 'user',

					primarykey	=> 'user_id',

					template        => 'login.tmpl',

					salt            => '234998fhgsldkj#$^',

					userField       => 'username',

					passwdField     => 'password',

					activeField	=> 'active',

					extraFields	=> {

						country	=> country,

					}

				},
		},

});


return unless $q->authn->check;

DESCRIPTION

CGI::Lazy Authentication module. Draws much of it's inspiration from CGI::Auth. Put the $q->authn->check call in your CGI, if theres a current authenticated session, it will return true. If not, it will print the login template specified and return false.

The intended minimum database structure is as follows:

create table user (user_id int(10) unsigned not null auto_increment primary key, username varchar(50), password(varchar(25), active bool);  #mysql

CONFIGURATION

Required Arguments:

table		=> 'table_name', 		#name of user table	

primarykey	=> 'field_name',		#name of primary key field on above table.

template	=> 'login.tmpl',		#name of template for logins

salt		=> 'asdf9234ml@#4234',		#unique identifying string for this application.  Passwords are stored as md5 hashes of $username.$passwd.$salt .

userField	=> 'username',			#name of username field.  Defaults to 'username'

passwdField	=> 'password',			#name of password field.  Defaults to 'password' needs to be varchar and at least 22 characters wide.

activeField	=> 'active',			#name of field that flags a user as active.  Defaults to 'active'. Assumes '1' means active. 

Optional Arguments:

extraFields	=> {				#any other fields you want to authenticate on.  If set, will authenticate on username, passwd, and every other field set here.

	webname		=> fieldname,		#first value is the name of the web control, second is the name of the field in the db

	webname2	=> fieldname2,

}

METHODS

check

Call this in your cgi to check if an authenticated session is present. Returns 1 if session is valid, and authenticated. Returns 0 otherwise; If authentication fails, prints the login template.

passwdhash (username, password)

Takes username, password, and salt from config and generates hashed value for storage in the db.

username

The username

password

The cleartext password.