I changed the file mods-available/dir.conf this way:
DirectoryIndex /cgi-bin/csv_auth
In csv_auth which is a Perl CGI script I have this:
#! /usr/bin/perl
package Logger;
use strict;
use warnings;
use POSIX qw( strftime );
sub debug {
my $msg = shift;
mkdir '/tmp/authorize';
my $fn = '/tmp/authorize/auth.txt';
open (my $fh, '>>', $fn) or die "Could not open file $fn: $!";
my $timestamp = strftime("%Y-%m-%d %H:%M:%S", localtime);
say $fh "$timestamp : $msg";
}
package CGI::Session::Auth::CSV;
use strict;
use warnings;
use parent 'CGI::Session::Auth';
use Text::CSV;
# Need to override new()
sub new {
my $class = shift;
my ($params) = shift;
Logger::debug('CGI::Session::Auth::CSV::new() called');
$class = ref($class) if ref($class);
# initialize parent class
my $self = $class->SUPER::new($params);
bless($self, $class);
return $self;
}
# Override the _login method to use a CSV file
sub _login {
my $self = shift;
my ($user, $pass) = @_;
$self->{username} = $user;
Logger::debug('CGI::Session::Auth::CSV::_login() called');
my $csv = Text::CSV->new;
open my $fh, '<', 'login.csv' or die "Can't open login.csv: $!";
# Loop through the rows and check for a match
while (my $row = $csv->getline($fh)) {
Logger::debug("CGI::Session::Auth::CSV::_login() : user and psswrd : $user $pass");
Logger::debug("CGI::Session::Auth::CSV::_login() : CSV row 0 and 1 : $row->[0] $row->[1]");
if ($row->[0] eq $user and $row->[1] eq $pass) {
# Found a match, return true
close $fh;
Logger::debug("CGI::Session::Auth::CSV::_login() : found match for username: $user");
#return 1;
}
}
# No match, return false
close $fh;
#return 0;
}
package main;
use feature qw(say);
use strict;
use warnings;
use CGI(-utf8);
use CGI::Carp qw(fatalsToBrowser);
use CGI::Cookie;
use CGI::Session;
use Data::Dumper qw(Dumper);
use utf8;
use File::Copy;
# CGI object for headers, cookies, etc.
my $cgi = CGI->new();
my $user = $cgi->param('log_username');
my $password = $cgi->param('log_password');
my $cmd = $cgi->param('cmd');
my %cgi_vars = $cgi->Vars;
Logger::debug('cgiscript: rp.cgi : query parameters: ' . Dumper(\%cgi_vars));
Logger::debug('cgiscript: rp.cgi : cookies: ' . (join ',', $cgi->cookie()));
Logger::debug('cgiscript: rp.cgi : cookie: CGISESSID : ' . Dumper($cgi->cookie('CGISESSID')));
# CGI::Session object for session handling
my $session = CGI::Session->new(undef, $cgi, {Directory=>'/tmp/authorize'});
Logger::debug('cgiscript: rp.cgi : session = ' . $session->dump());
my $session_params = $session->dataref();
Logger::debug('cgiscript: rp.cgi : session data : ' . Dumper($session_params));
my $session_params_text = Dumper($session_params);
if (defined $user) {
$session->param('username', $user);
$session->flush();
} else {
$user = $session->param('username');
}
my $cookie = $cgi->cookie( -name => $session->name,
-value => $session->id );
print $cgi->header( -cookie=>$cookie );
# CGI::Session::Auth object for authentication
my $auth = CGI::Session::Auth::CSV->new({CGI => $cgi, Session => $session});
Logger::debug('cgiscript: rp.cgi : auth object 1 : ' . Dumper($auth));
Logger::debug('cgiscript: rp.cgi : calling authenticate');
$auth->authenticate();
Logger::debug('cgiscript: rp.cgi : auth object 2 : ' . Dumper($auth));
if ($cmd eq 'logout') {
logout($auth, $user);
exit;
}
# check if visitor has already logged in
if ($auth->loggedIn) {
Logger::debug('cgiscript: rp.cgi : user is logged in');
print <<HTML
!DOCTYPE html>
<html>
<body>
<h3>Hello you are lógged in $user</h3>
<p><a href='rp.cgi?cmd=logout'>Log out</a></p>
</body>
</html>
HTML
} else {
Logger::debug('cgiscript: rp.cgi : user is not logged in');
show_login_page();
}
$session->flush();
sub show_login_page {
my $self = shift;
print <<HTML;
<!DOCTYPE html>
<html>
<head><title>Not logged in</title></head>
<body>
<h1>You are not logged in</h1>
<p>Please log in to see the secret page:</p>
<form action='/cgi-bin/rp.cgi' method='POST'>
<p><input type='text' size='30'' name='log_username'</p>
<p><input type='password' size='30' name='log_password'</p>
<p><input type='submit'></p>
</form>
</body>
</html>
HTML
}
sub logout {
my ($auth, $user) = @_;
auth->logout();
print <<HTML;
<!DOCTYPE html>
<html>
<head><title>Logged out</title></head>
<body>
<h1>You have logged out user $user.</h1>
<p>Please log in to see the secret page:</p>
<form action='maing.cgi' method='POST'>
<p><input type='text' size='30' name='log_username'></p>
<p><input type='email' size='30' name='log_password'></p>
<p><input type='submit'></p>
</form>
</body>
</html>
HTML
}
And then my browser shows this if I print Content-type:
Content-type: text/html; charset=utf-8
Hello you are logged in marcos
This is the header for response header:
HTTP/1.1 200 OK
Date: Thu, 03 Aug 2023 05:02:39 GMT
Server: Apache/2.4.56 (Debian)
Set-Cookie: CGISESSID=fc23b50f1b15cbf978e5f797fddc9986; path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 240
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
This is the request header:
GET / HTTP/1.1
Host: recordspreservation.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: CGISESSID=fc23b50f1b15cbf978e5f797fddc9986
Upgrade-Insecure-Requests: 1
Sec-GPC: 1
It should not show Content-type but it does. Does that mean that when my initial page is a Perl CGI then I don't need the Content-type line?
Thanks!