October 1999
Beginner
521 pages
15h 28m
English
Now we can proceed, in a portable manner, to build an access-control application that correlates docbase attributes with user attributes. Example 12.3 focuses on the part of the solution that compares a docbase attribute to a database of subscriptions.
Example 12-3. Authorizing Users by a Docbase Attribute
use strict;
use DBI;
my $dbh = DBI->connect('DBI:Solid:Subscriptions','dba','dba') # connect to subs db
or die ("connect, $DBI::errstr");
my $http_authorization_header = $ENV{HTTP_AUTHORIZATION}; # extract auth header
sub isBasicAuthUserForCompany
{
my ($http_authorization, $dbh) = @_;
$http_authorization_header = m/Basic (.+)/i; # isolate credentials
my $http_authorization = $1;
my ($user, $password) = split (':', $1); # get name/pw
my ($st) = # make query
"select count(*) from cmp_users where cmp = '$company' and user = '$user'";
return (
isAuthenticated($user,$password) and # authenticate (not shown)
dbSqlReturnValue ($dbh, $st) # authorize
);
}
sub dbSqlReturnValue
{
my ($dbh,$st) = @_;
my $sth = $dbh->prepare($st); # prepare sql
my $value;
$sth->execute; # execute sql
$sth->bind_col(1, \$value); # bind result to value
$sth->finish; # finish sql
return $value;
}In this fragment, $http_authorization gets the
value of the CGI environment variable
$ENV{HTTP_AUTHORIZATION}. This is the
Authorization: header sent from a browser in
response to a prior challenge issued by this (or another) script.
We’ll assume that $company was extracted ...