NAME
CGI::AuthenticationFramework - A CGI authentication framework that utilizes mySQL for the user and session management
VERSION
Version 0.05
SYNOPSIS
Allows the login authentication, registration of user accounts, and password reset of webbased users.
Sample CGI script :-
#!/usr/bin/perl
use strict;
use CGI::AuthenticationFramework;
use DBI;
use CGI;
my $cgi = new CGI;
# == connect to the database
my $dbh = DBI->connect("DBI:mysql:database=DATABASE;host=SERVERNAME",'username','password') || die $DBI::errstr;
# == create the authentication link
my $sec = CGI::AuthenticationFramework->new({
dbh => $dbh,
cgi => $cgi
});
# == create the tables
$sec->setup_database(); # run this only once for performance.. No damage to keep it there
# == do we go through, or block access.. This is where the rubber meets the road
$sec->secure();
# == once we get through that, we can send our headers
print $sec->header();
# == We can call some additional functions
print "<a href=\"javascript:void();\" onclick=\"javascript:securefunction('logout');\">Logout</a>\n";
print "<a href=\"javascript:void();\" onclick=\"javascript:securefunction('password');\">Change password</a>\n";
print "<p>\n";
print "This is the secret message.<br>\n";
print "Email Address is $sec->{username}<br>\n";
print "Session ID is $sec->{session}<br>\n";
print "</p>";
print "<a href=\"#\">Me again</a>\n";
# == when we're done, we call the finish function. This clears the data connection, and prints the footer code
$sec->finish();
FUNCTIONS
new
Creates a new authentication connection
my $sec = CGI::AuthenticationFramework->new({
dbh => $dbh,
cgi => $cgi
});
Options
dbh
Defined the database handle to use
cgi
Defines the CGI handle to use
cookie
The name of the cookie (default is 'my_cookie')
header
Default header code to include
footer
Default footer code to include
yubikey
To enable yubikey support, set to 1.
When you enable yubikey support, you have to set the yubi_id and yubi_api fields as well. To get these, you need to sign up at https://upgrade.yubico.com/getapikey/
timeout
Defines the timeout before a user has to log on again. Default is 600 seconds.
register
If you need users to register on their own, set the register option to 1. Default is 0
forgot
If you need users to have the ability to reset their passwords by emailing a new one to them, set this option to 1. Default is 0. =head4 SMTP server settings
If you have register enabled, you need to specify SMTP settings
smtpserver
The hostname of the SMTP server
smtpfrom
The from email address to use when sending emails
smtpuser , smtppass
The smtpuser and smtppass parameters are optional. If your SMTP server requires you to authenticate, set these two fields.
captcha
Defined if you want to use a captcha. Default is 0.
Sign up for a free API from https://www.google.com/recaptcha/admin/create and enter the values in captcha_public and captcha_private
secure
The main gatekeeper.. Checks if the session is valid. If not, pass control to the login screen. If the session is still valid, the timeout is reset, and control is returned to the main program.
header
Works identical to CGI::header. The only difference is the adding of a cookie to the header, and passing the header value if defined from the new function.
finish
Function to send the footer, and sign everything off. Call this function last (or if you want to terminate the program
form
Generates an HTML form based on a schema
form (schema,submit text,hidden func field,title for the header,captcha option,%VALUES)
form_update
Updates the data in the table
input : schema, table name
form_edit
Shows the edit form after an id was passed to it
input : schema, table, title, button text, func field
form_insert
Takes the input from a form, and inserts it into a database
Input : schema, table, default values (for readonly fields)
form_list
Show the result of a SQL table
form_create_table
Create a mySQL table based on a schema definition
input : schema, table name
setup_database
Call this module once to setup the database tables. Running it multiple times will only introduce excessive load on the DB, but won't delete any tables.
It will create the tables tbl_users, tbl_session, and tbl_logs.
It will also create the default user 'admin', with it's password 'password'. Remember to change this password on your first logon.
AUTHOR
Phil Massyn, <phil at massyn.net>
REVISION 0.05 Fixed xss to check all array elements when calling fetchrow_array Replaced all GET with POST functions, and prevent futher usage of GET Added form_edit function Fixed missing hidden id in form function Updated param function to strip unsafe characters
0.04 Updated form to handle hidden field, and input values Added textarea, and readonly fields Included dropdown with SQL in the schema support Added form_create_table Added form_insert Added form_list Added HTML::Entities for encoding output string (prevent cross site scripting) Changed the cookie's session ID to reset on every click Make the cookie secure
0.03 Added no-cache tags to header function Added input validation procedure Added input validation for tokens Moved valid_email procedure into validate_input Fixed omission of $forgot parameter check on sub forgot Added reCaptcha
0.02 Added registration option (including Net::SMTP) Changed password encryption to a salted hash Added forgotten password option Logging all messages being displayed
0.01 Initial version
TODO
There is still plenty to do.
BUGS
Please report any bugs or feature requests to bug-cgi-authenticationframework at rt.cpan.org
, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=CGI-AuthenticationFramework. I will be notified, and then you'llautomatically be notified of progress on your bug as I make changes.
SUPPORT
You can find documentation for this module with the perldoc command.
perldoc CGI::AuthenticationFramework
You can also look for information at:
RT: CPAN's request tracker (report bugs here)
http://rt.cpan.org/NoAuth/Bugs.html?Dist=CGI-AuthenticationFramework
AnnoCPAN: Annotated CPAN documentation
CPAN Ratings
Search CPAN
ACKNOWLEDGEMENTS
LICENSE AND COPYRIGHT
Copyright 2013 Phil Massyn.
This program is free software; you can redistribute it and/or modify it under the terms of either: the GNU General Public License as published by the Free Software Foundation; or the Artistic License.
See http://dev.perl.org/licenses/ for more information.
DISCLAIMER
This module has not been scrutinized yet. It may very well contain security issues. Although unintentional, you should excersize caution, and not start deploying production systems on this code. Any bugs or issues raised will be rectified. Use this module at own risk.
2 POD Errors
The following errors were encountered while parsing the POD:
- Around line 1509:
'=item' outside of any '=over'
- Around line 1513:
You forgot a '=back' before '=head1'