NAME

CGI::AuthenticationFramework - A CGI authentication framework that utilizes mySQL for the user and session management

VERSION

Version 0.02

SYNOPSIS

Allows the login authentication, registration of user accounts, and password reset of webbased users.

Sample CGI script :-

	#!/usr/bin/perl

	use strict;
	use CGI::AuthenticationFramework;
	use DBI;
	use CGI;
	my $cgi = new CGI;
	
	# == connect to the database
	my $dbh = DBI->connect("DBI:mysql:database=DATABASE;host=SERVERNAME",'username','password') || die $DBI::errstr;

	# == create the authentication link
	my $sec = CGI::AuthenticationFramework->new({
        	dbh     => $dbh,
        	cgi     => $cgi
        	});
	
	# == create the tables
	$sec->setup_database(); # run this only once for performance.. No damage to keep it there
	
	# == do we go through, or block access.. This is where the rubber meets the road
	$sec->secure();
	
	# == once we get through that, we can send our headers
	print $sec->header();
	
	# == We can call some additional functions
	print "<a href=\"?func=logout\">Logout</a>\n";
	print "<a href=\"?func=password\">Change password</a>\n";
	
	print "<p>\n";
	print "This is the secret message.<br>\n";
	print "Email Address is $sec->{username}<br>\n";
	print "Session ID is $sec->{session}<br>\n";
	print "</p>";
	print "<a href=\"#\">Me again</a>\n";
	
	# == when we're done, we call the finish function.  This clears the data connection, and prints the footer code
	$sec->finish();

FUNCTIONS

new

Creates a new authentication connection

my $sec = CGI::AuthenticationFramework->new({
	dbh     => $dbh,
	cgi     => $cgi
});

Options

dbh

Defined the database handle to use

cgi

Defines the CGI handle to use

The name of the cookie (default is 'my_cookie')

Default header code to include

Default footer code to include

yubikey

To enable yubikey support, set to 1.

When you enable yubikey support, you have to set the yubi_id and yubi_api fields as well. To get these, you need to sign up at https://upgrade.yubico.com/getapikey/

timeout

Defines the timeout before a user has to log on again. Default is 600 seconds.

register

If you need users to register on their own, set the register option to 1. Default is 0

forgot

If you need users to have the ability to reset their passwords by emailing a new one to them, set this option to 1. Default is 0. =head4 SMTP server settings

If you have register enabled, you need to specify SMTP settings

smtpserver

The hostname of the SMTP server

smtpfrom

The from email address to use when sending emails

smtpuser , smtppass

The smtpuser and smtppass parameters are optional. If your SMTP server requires you to authenticate, set these two fields.

secure

The main gatekeeper.. Checks if the session is valid. If not, pass control to the login screen. If the session is still valid, the timeout is reset, and control is returned to the main program.

header

Works identical to CGI::header. The only difference is the adding of a cookie to the header, and passing the header value if defined from the new function.

finish

Function to send the footer, and sign everything off. Call this function last (or if you want to terminate the program

form

Generates an HTML form based on a schema

form (schema,submit text,hidden func field)

setup_database

Call this module once to setup the database tables. Running it multiple times will only introduce excessive load on the DB, but won't delete any tables.

It will create the tables tbl_users, tbl_session, and tbl_logs.

It will also create the default user 'admin', with it's password 'password'. Remember to change this password on your first logon.

AUTHOR

Phil Massyn, <phil at massyn.net>

REVISION

0.02 Added registration option (including Net::SMTP) Changed password encryption to a salted hash Added forgotten password option Logging all messages being displayed

0.01 Initial version

TODO

There is still plenty to do.

User lost a yubikey
User Administration and user maintenance console

BUGS

Please report any bugs or feature requests to bug-cgi-authenticationframework at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=CGI-AuthenticationFramework. I will be notified, and then you'llautomatically be notified of progress on your bug as I make changes.

SUPPORT

You can find documentation for this module with the perldoc command.

perldoc CGI::AuthenticationFramework

You can also look for information at:

ACKNOWLEDGEMENTS

LICENSE AND COPYRIGHT

Copyright 2013 Phil Massyn.

This program is free software; you can redistribute it and/or modify it under the terms of either: the GNU General Public License as published by the Free Software Foundation; or the Artistic License.

See http://dev.perl.org/licenses/ for more information.

DISCLAIMER

This module has not been scrutinized yet. It may very well contain security issues. Although unintentional, you should excersize caution, and not start deploying production systems on this code. Any bugs or issues raised will be rectified. Use this module at own risk.

2 POD Errors

The following errors were encountered while parsing the POD:

Around line 1004:

'=item' outside of any '=over'

Around line 1008:

You forgot a '=back' before '=head1'