Re: [htmltmpl] securing an H::T site with username/password w/session mgt1
Brought to you by:
samtregar
From: Keith J. <kja...@ey...> - 2003-09-03 19:37:05
|
I use Apache::session to do exactly what you are talking about. You DO have to have a line or 2 of code at the top of every script to fetch the session info but that's not too bad. To keep people from see your .tmpl files simply put them outside the docroot. On our server our standard configuration is to have docroot, cgi-bin, and templates at the same level. In the when I create a template object I point to the template directory to search for the template. HTH. On Wed, 2003-09-03 at 14:23, Puneet Kishor wrote: > Phew! that was mouthful. > > Folks, I am running around in circles trying to comprehend what must be > basics for most of you. > > Having built a fine H::T based website and been singing praises of this > fine module, I want to now put it all behind a username/password login > with session mgt. > > I have gotten my mind suitably confused reading docs on Apache security, > CGI::Session, Apache::Session, and scores of articles on various > websites. Needless to say, I haven't yet figured out the simplest, > easiest way to accomplish the following -- > > on going to my website, the user should be presented with a login form. > On successful login, the user's information should be retrieved from a > database (let's assume MySQL here)... this could be a load of info such > as preferences, various application settings, etc. These pieces of > user-specific information should be stored in a session structure so I > may use it throughout the user's session until the user logs out. On > logging out, the last state should be saved back to the database and the > session should be cleared. > > I am assuming that the script that does the checking whether the user is > logged in or not has to somehow be connected with .htaccess so that it > may run everytime... I don't know how to do that. How do I prevent the > user from going directly to mywebsite/foo.tmpl or whatever else? > > I know this is asking for a basic course in creating a password > protected website -- if someone could provide a link to such an article > (esp. if it deals with H::T-specific issues, if any -- for example, > .tmpl files are not cgi scripts, so how could they be protected, etc.) > that would be great. > > Many thanks. > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Html-template-users mailing list > Htm...@li... > https://lists.sourceforge.net/lists/listinfo/html-template-users -- Keith Jackson <kja...@ey...> |