First... before I answer your question, this is USENET. It's not "theQuote:><HTML>
>I am interested in setting up a user authentication scheme on our web site.
>The site resides on a Free BSD box running Apache 1.2.6. Here is a description
>of what I would like to have.
web" so don't put markup on your posting. This is a plain text medium
here. <HTML> goes on web pages.
A little creativity here. Your password protection will most likelyQuote:
><P>1. Upon entering the site for the first time, a user must accept to
>a subscriber agreement which states they will not use the material for
>commercial purposes. They agree by entering their initials.
><P>2. The user also enters a unique username and password which they will
>use to enter the site.
><P>3. Instead of making the user enter the name and password each visit,
>I would like it to be stored in a cookie on the user's
><BR>computer, so they can be identified easily.
><P>4. If the cookie is deleted from the users computer, or their browser
>does not accept cookies, the user should be able to enter their
><BR>name and password to enter the site.
><P>I would like that all pages within the site are protected.
><P>I have implemented password protection on sites and I have implemented
>cookies on sites. But I have never used the two in
need to be CGI based, unless you want to try something with
With CGI based password protection, your "main page" can be a perl
script (or other) that first looks for the cookie data, if it finds
the cookie string, it decodes it into a filename, which is where you
stored that user's information. If we've succeeded so far, we just
proceed with whatever content we're dishing out. If there isn't a
cookie, or if the cookie doesn't match up with data stored on your
site, then you print out a login page.
Now, with mod_rewrite I think it should be possible to actually
retrieve the cookie information and if found, set the REMOTE_USER
environment variable, which should then cause access to an .htaccess
protected URL to behave as if the user had already logged in. If you
don't find a cookie with valid information, you don't set the
REMOTE_USER variable and a login prompt should appear. I think you'll
need to have mod_rewrite use an external script to achieve this, but
it shouldn't be all that hard.