I know of the existance of Apache::Htpasswd, which can manage .htpasswd files for Apache servers, but that's not really what I'm looking for.

On a site I'm developing, a user must authenticate him or herself with Apache's basic authentication (.htaccess and .htpasswd). What I'm looking to do is to retrieve the user name the user just logged in with (for use in a personalised greeting). Short of storing a session-long cookie, is there any other way of doing this in Perl?

Damn... when I saw this topic, I was just gonna pop in here and say "use Apache::Htpasswd" and be done with it.

Do an %ENV dump... I'm pretty sure that the basic auth string will be somewhere in there. Decode the string using MIME::Base64 to get the username and password.

Ah, $ENV{REMOTE_USER}. Didn't need to be decrypted either. Great stuff.

Thanks again Charles.

Hey, I'm glad I found this topic, probably one of you guys could help me.

I'm loging into a restricted folder using htpasswd/htaccess. Now I access a simple Guestbook, where I want the Username I just use to log in be written in a <input type=text value=???> field (which is part of a cgi-file).

Eventually it would be great to do it like that:
If the htpasswd username is 4 example: "ms2" then it should display in the textfield the Username "Max Smith". Some kina If... then.

Then I could disable the textfield so the user can post only by his real name, according to the htpasswd username he just used.

I'm quite a newbie in that so please explain so that I will understand


Thanks A LOT!!!
Max

Main question would be where would the real name be stored; the .htaccess file ins't meant to be a database of any kind; the way i'd do it is make it php based, then have a small mysql database containing usernames/passwords/real names (you could do flat file too i guess); then you can have it 'if username = jd then realname = John Doe'

Try:
%names = (
"ms2" => "Max Smith",
"ms1" => "Mark Stone",
"tb" => "Tom Bush",
"etc" => "Whatever",
);

Then
print qq~<input type="text" name="name" value="$names{$ENV{REMOTE_USER}}">~;

That's untested but I think it could work.
Note that if it's a type=text, the user can still change the value, but the default one would be from the %names variable.

I'm always a fan of:

But then they can still modify it by going to the code...
You can give them a 12-char session id, so that they'll have almost no way to change it to another true one. Create a sessions.cgi file in the directory, have a randomly-generated id such as "Fr5g4Dds9aG", in the file have "Fr5g4Dds9aG" => "Max Smith", and then add to the HTML: input type="hidden" name="session" value="Fr5g4Dds9aG".

But that's only if you don't trust them.

Thanks guys, you really helped me a lot!

Your script works fine, LK

I just added a 0nfocus="this.blur()" within the textfield, thats enough for my purposes...
The guestbook is just for about 30 people, no one with a good cgi-knowledge and surely not intending to manipulate those variables... so I don't think I'll have to do further scripting

byebye and thanks again,
Max