How to remove login form from this CGI::Application example?

Question

In this tutorial he creates a custom login form, just to show how it is done. Please search for

How do I remove the custom login and fall back to the default?

To code looks like this

sub cgiapp_init {
    my $self = shift;
    my %CFG = $self->cfg;

    # ...

    $self->authen->config(
    DRIVER => [ 'Authen::Simple::LDAP',
            host   => '',
            basedn => '',
    ],

    STORE => 'Session',
    LOGOUT_RUNMODE       => 'logout',
    LOGIN_RUNMODE        => 'login',
    POST_LOGIN_RUNMODE   => 'okay',

    RENDER_LOGIN         => \&my_login_form,
    );

    $self->authen->protected_runmodes(
    'mustlogin',
    );
}

sub login : Runmode {
    my $self   = shift;
    my $url = $self->query->url;

    my $user = $self->authen->username;
    if ($user) {
    my $message = "User $user is already logged in!";
    my $template = $self->load_tmpl('default.html');
    $template->param(MESSAGE => $message);
    $template->param(MYURL => $url);
    return $template->output;
    } else {
    my $url = $self->query->self_url;
    unless ($url =~ /^https/) {
        $url =~ s/^http/https/;
        return $self->redirect($url);
    }
    return $self->my_login_form;
    }
}

Update

Here is mentions that CGI::Application have a default login that looks better than his.

Line 159 specifies a subroutine to use to generate a login form. Note that the Authentication plugin comes with a default form that you can use. I'm including this one just to demonstrate how to go about creating one of your own, in case you really want to. The default one actually looks much better than mine, so you might wish to comment out line 159!

Err … what default? Do you mean "How can I use HTTP Basic Authentication via CGI::Application?" (HTTP Basic Auth is, IMNSHO, hideous and best avoided, there is a reason you almost never see it on the WWW) — Quentin, Jun 28 '11 at 14:27
Did you read the tutorial? What 'default' login? "The finished example demonstrates a simple CGI login page. Authentication is performed against a MySQL database. The session ID is stored as a cookie on the client side (browser). There are public pages anyone can see, and private pages one must login to see. The login form uses SSL to provide greater security. " — Raoul, Jun 28 '11 at 14:30
I have updated the question with the quote here he says CGI::Application have a default login form, which is the one that I like to use =) — Sandra Schlichting, Jun 28 '11 at 14:33

score 4 · Accepted Answer · answered Jun 28 '11 at 21:34

4

I'm the author of that tutorial. Sorry for the confusion! What I should have said is "comment out lines 157, 158, and 159 of Login.pm". To use the default form that's built in to the CGI::Application::Plugin::Authentication module, you don't need to specify LOGIN_RUNMODE, POST_LOGIN_RUNMODE, or RENDER_LOGIN. Those are all provided just to help you customize your login page. I included a customized version in the tutorial thinking that most people would need to know how to do so.

answered Jun 28 '11 at 21:34

scorpio17

136
3

Thank you so much for the tutorial! It have an exceeding helpful skeleton for building a complex website that I otherwise wouldn't have been able to make due to the high barrier to entry. If you collect feedback, then it would have been easier if you had written all the explanations as comments rather than pointing to line numbers. The first think I did was copy/pasting your explanations into comments =) From what I remember then the script to remove the line numbers didn't work. Either it wouldn't run at all or it generated invalid files. Can't remember which. Other than that, fantastic work! – Sandra Schlichting Jun 29 '11 at 12:17
Btw. Yes, I also need to make my own login form, but for the time being, the custom is fine =) So thanks for also explaining how to make a custom one. – Sandra Schlichting Jun 29 '11 at 12:18
1

There was a typo in the script to remove the line numbers! I have fixed it - thanks for pointing that out. – scorpio17 Jun 29 '11 at 12:52
@scorpio17 : If I can make a feature request, then it would be to have cookie less sessions. Does `CGI::Application` have that? – Sandra Schlichting Jun 29 '11 at 22:57
1

No cookies? Are you sure?! I really think that's the best way. But, looking at the docs for CGI::Application::Plugin::Session, it appears that you can set SEND_COOKIE => 0 in your session config, then you'll get no cookies. But you'll have to manually pass around the session id by appending it to your url. – scorpio17 Jun 30 '11 at 03:47
Yes that is the problem. I suppose it has something to do with `MYURL => $self->query->url()` that is in each runtime? – Sandra Schlichting Jun 30 '11 at 08:07

score 2 · Answer 2 · answered Jun 28 '11 at 14:34

2

The default one actually looks much better than mine, so you might wish to comment out line 159!

Comment out line 159.

answered Jun 28 '11 at 14:34

Quentin

914,110
126
1,211
1,335

When I do that I still get his login form. So I imagined that it have something to do with `return $self->my_login_form;`? Changing that to just `return;` removes the login form completely. – Sandra Schlichting Jun 28 '11 at 14:39

How to remove login form from this CGI::Application example?

2 Answers2