CGI Authentication form passthrough question
Dmitry Rozmanov
dima at xenon.spb.ru
Sat May 20 06:13:41 EDT 2000
Give the user a cookie. There is a module named Cookie.py, take it.
Before each page call this function and according returnig user.status
make a decision:
1) show a login page to him
2) take his login/password, give him a cookie and show page he wants
3) simply show page he wants
- cookie will be some kind of keyword which means he entered
login/password correctly and was given a cookie
- if user makes logout given cookie expires
- if user doesnt request pages for two (?) hours cookie expires
- cookie I use is int(time.time())
- user is a class that holds information about user you want and has
some methods to manage the user info
---------
env = os.environment
webvars = cgi.Form....
cur = odbc.odbc('connect_string').cursor()
---------
def auth(env, webvars, cur):
"check the client's rights to see our site"
Usr = user()
C = Cookie.Cookie()
id = 0
if env.has_key('HTTP_COOKIE'):
C.load(env['HTTP_COOKIE'])
if C.has_key('id'):
# already been at our place.
if Usr.id_get(cur, C['id'].value):
# let's test if more than two hours have passed since last activity
for the user.
ct = time.localtime(time.time())
b = list(ct)
b[3] = b[3] - 2
ft = tuple(b)
if time.mktime(ft) < time.mktime(Usr.last_time):
# if less then let him go
Usr.status = 1
Usr.update_time(cur)
if webvars.has_key('logout'):
# if no - lead him to login page.
Usr.status = 0
Usr.clear_id(cur)
if webvars.has_key('user') and webvars.has_key('password'):
# client don't have a cookie, but did fill the login form
if Usr.login_get(cur, webvars['user'].value):
if Usr.pw == webvars['password'].value:
Usr.make_id(cur)
Usr.status = 1
return Usr
David Rock wrote:
>
> Hi all,
>
> I am trying to write a CGI script to check authentication for a website, but I have a problem.
>
> Right now, I can take form input for the original username/password combination just fine. I also have no problem checking the input for validity. The
> problem is that when I verify the user, I want to allow them to see the resulting HTML for the rest of their session, not just the first round of HTML
> right afterward.
>
> Here's an example:
>
> user goes to www.foo.com/cgi-bin/protected-site.py which displays a simple form for un/pw input.
>
More information about the Python-list
mailing list