CGI Authentication form passthrough question

Dmitry Rozmanov dima at xenon.spb.ru
Sat May 20 06:13:41 EDT 2000 

Give the user a cookie.  There is a module named Cookie.py, take it.

Before each page call this function and according returnig user.status
make a decision:
	1) show a login page to him
	2) take his login/password, give him a cookie and show page he wants
	3) simply show page he wants

- cookie will be some kind of keyword which means he entered
login/password correctly and was given a cookie
- if user makes logout given cookie expires
- if user doesnt request pages for two (?) hours cookie expires
- cookie I use is int(time.time())
- user is a class that holds information about user you want and has
some methods to manage the user info

---------
env = os.environment
webvars = cgi.Form....
cur = odbc.odbc('connect_string').cursor()

---------
def auth(env, webvars, cur):
	"check the client's rights to see our site"

	Usr = user()
	C = Cookie.Cookie()

	id = 0
	if env.has_key('HTTP_COOKIE'):
		C.load(env['HTTP_COOKIE'])

		if C.has_key('id'):	
			# already been at our place.		
			if Usr.id_get(cur, C['id'].value):
				# let's test if more than two hours have passed since last activity
for the user.
				ct = time.localtime(time.time())
				b = list(ct)
				b[3] = b[3] - 2
				ft = tuple(b)

				if time.mktime(ft) < time.mktime(Usr.last_time):
					# if less then let him go
					Usr.status = 1
					Usr.update_time(cur)

				if webvars.has_key('logout'):
					# if no - lead him to login page.
					Usr.status = 0
					Usr.clear_id(cur)

		if webvars.has_key('user') and webvars.has_key('password'):
			# client don't have a cookie, but did fill the login form
			if Usr.login_get(cur, webvars['user'].value):

				if Usr.pw == webvars['password'].value:
					Usr.make_id(cur)
					Usr.status = 1


	return Usr




David Rock wrote:
> 
> Hi all,
> 
> I am trying to write a CGI script to check authentication for a website, but I have a problem.
> 
> Right now, I can take form input for the original username/password combination just fine. I also have no problem checking the input for validity. The
> problem is that when I verify the user, I want to allow them to see the resulting HTML for the rest of their session, not just the first round of HTML
> right afterward.
> 
> Here's an example:
> 
> user goes to www.foo.com/cgi-bin/protected-site.py which displays a simple form for un/pw input.
>

More information about the Python-list mailing list