CGI::AuthenticationFramework - A CGI authentication framework that utilizes mySQL for the user and session management
Version 0.04
Allows the login authentication, registration of user accounts, and password reset of webbased users.
Sample CGI script :-
#!/usr/bin/perl use strict; use CGI::AuthenticationFramework; use DBI; use CGI; my $cgi = new CGI; # == connect to the database my $dbh = DBI->connect("DBI:mysql:database=DATABASE;host=SERVERNAME",'username','password') || die $DBI::errstr; # == create the authentication link my $sec = CGI::AuthenticationFramework->new({ dbh => $dbh, cgi => $cgi }); # == create the tables $sec->setup_database(); # run this only once for performance.. No damage to keep it there # == do we go through, or block access.. This is where the rubber meets the road $sec->secure(); # == once we get through that, we can send our headers print $sec->header(); # == We can call some additional functions print "<a href=\"?func=logout\">Logout</a>\n"; print "<a href=\"?func=password\">Change password</a>\n"; print "<p>\n"; print "This is the secret message.<br>\n"; print "Email Address is $sec->{username}<br>\n"; print "Session ID is $sec->{session}<br>\n"; print "</p>"; print "<a href=\"#\">Me again</a>\n"; # == when we're done, we call the finish function. This clears the data connection, and prints the footer code $sec->finish();
Creates a new authentication connection
my $sec = CGI::AuthenticationFramework->new({ dbh => $dbh, cgi => $cgi });
Defined the database handle to use
Defines the CGI handle to use
The name of the cookie (default is 'my_cookie')
Default header code to include
Default footer code to include
To enable yubikey support, set to 1.
When you enable yubikey support, you have to set the yubi_id and yubi_api fields as well. To get these, you need to sign up at https://upgrade.yubico.com/getapikey/
Defines the timeout before a user has to log on again. Default is 600 seconds.
If you need users to register on their own, set the register option to 1. Default is 0
If you need users to have the ability to reset their passwords by emailing a new one to them, set this option to 1. Default is 0. =head4 SMTP server settings
If you have register enabled, you need to specify SMTP settings
The hostname of the SMTP server
The from email address to use when sending emails
The smtpuser and smtppass parameters are optional. If your SMTP server requires you to authenticate, set these two fields.
Defined if you want to use a captcha. Default is 0.
Sign up for a free API from https://www.google.com/recaptcha/admin/create and enter the values in captcha_public and captcha_private
The main gatekeeper.. Checks if the session is valid. If not, pass control to the login screen. If the session is still valid, the timeout is reset, and control is returned to the main program.
Works identical to CGI::header. The only difference is the adding of a cookie to the header, and passing the header value if defined from the new function.
Function to send the footer, and sign everything off. Call this function last (or if you want to terminate the program
Generates an HTML form based on a schema
form (schema,submit text,hidden func field,title for the header,captcha option,%VALUES)
Takes the input from a form, and inserts it into a database
Input : schema, table, default values (for readonly fields)
Show the result of a SQL table
Create a mySQL table based on a schema definition
input : schema, table name
Call this module once to setup the database tables. Running it multiple times will only introduce excessive load on the DB, but won't delete any tables.
It will create the tables tbl_users, tbl_session, and tbl_logs.
It will also create the default user 'admin', with it's password 'password'. Remember to change this password on your first logon.
Phil Massyn, <phil at massyn.net>
<phil at massyn.net>
0.03 Added no-cache tags to header function Added input validation procedure Added input validation for tokens Moved valid_email procedure into validate_input Fixed omission of $forgot parameter check on sub forgot Added reCaptcha
0.02 Added registration option (including Net::SMTP) Changed password encryption to a salted hash Added forgotten password option Logging all messages being displayed
0.01 Initial version
There is still plenty to do.
Please report any bugs or feature requests to bug-cgi-authenticationframework at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=CGI-AuthenticationFramework. I will be notified, and then you'llautomatically be notified of progress on your bug as I make changes.
bug-cgi-authenticationframework at rt.cpan.org
You can find documentation for this module with the perldoc command.
perldoc CGI::AuthenticationFramework
You can also look for information at:
RT: CPAN's request tracker (report bugs here)
http://rt.cpan.org/NoAuth/Bugs.html?Dist=CGI-AuthenticationFramework
AnnoCPAN: Annotated CPAN documentation
http://annocpan.org/dist/CGI-AuthenticationFramework
CPAN Ratings
http://cpanratings.perl.org/d/CGI-AuthenticationFramework
Search CPAN
http://search.cpan.org/dist/CGI-AuthenticationFramework/
Copyright 2013 Phil Massyn.
This program is free software; you can redistribute it and/or modify it under the terms of either: the GNU General Public License as published by the Free Software Foundation; or the Artistic License.
See http://dev.perl.org/licenses/ for more information.
This module has not been scrutinized yet. It may very well contain security issues. Although unintentional, you should excersize caution, and not start deploying production systems on this code. Any bugs or issues raised will be rectified. Use this module at own risk.
2 POD Errors
The following errors were encountered while parsing the POD:
'=item' outside of any '=over'
You forgot a '=back' before '=head1'
To install CGI::AuthenticationFramework, copy and paste the appropriate command in to your terminal.
cpanm
cpanm CGI::AuthenticationFramework
CPAN shell
perl -MCPAN -e shell install CGI::AuthenticationFramework
For more information on module installation, please visit the detailed CPAN module installation guide.