Skip to Main Content
Practical Internet Groupware
book

Practical Internet Groupware

by Jon Udell
October 1999
Beginner content levelBeginner
521 pages
15h 28m
English
O'Reilly Media, Inc.
Content preview from Practical Internet Groupware

An Attribute-Based Authorization Script

Now we can proceed, in a portable manner, to build an access-control application that correlates docbase attributes with user attributes. Example 12.3 focuses on the part of the solution that compares a docbase attribute to a database of subscriptions.

Example 12-3. Authorizing Users by a Docbase Attribute

use strict;

use DBI;   

my $dbh = DBI->connect('DBI:Solid:Subscriptions','dba','dba') # connect to subs db
  or die ("connect, $DBI::errstr");                         

my $http_authorization_header = $ENV{HTTP_AUTHORIZATION};   # extract auth header
                                                            
sub isBasicAuthUserForCompany
  {
  my ($http_authorization, $dbh) = @_;
  $http_authorization_header = m/Basic (.+)/i;              # isolate credentials
  my $http_authorization = $1;                          
  my ($user, $password) = split (':', $1);                  # get name/pw
  my ($st) =                                                # make query
   "select count(*) from cmp_users where cmp = '$company' and user = '$user'";
  return ( 
         isAuthenticated($user,$password) and               # authenticate (not shown)
         dbSqlReturnValue ($dbh, $st)                       # authorize
         );
  }

sub dbSqlReturnValue
  {
  my ($dbh,$st) = @_;
  my $sth = $dbh->prepare($st);  # prepare sql
  my $value;
  $sth->execute;                 # execute sql
  $sth->bind_col(1, \$value);    # bind result to value
  $sth->finish;                  # finish sql
  return $value;                 
  }

In this fragment, $http_authorization gets the value of the CGI environment variable $ENV{HTTP_AUTHORIZATION}. This is the Authorization: header sent from a browser in response to a prior challenge issued by this (or another) script. We’ll assume that $company was extracted ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Web Operations

Web Operations

John Allspaw, Jesse Robbins

Publisher Resources

ISBN: 1565925378Catalog PageErrata