Search code examples
perlhttpheadercgibasic-authentication

how get response http header?

my last question was about how to implement basic authentication in perl and i got my answer. after that i tried to write my code.i used -status => '401 Not Authorized' in my http header and when i try to open my programm it wants me to enter user and password.in my code i got peice of header with ENV variable that include this username and password and check if it was what i want.my problem is that when i enter user and password in authentication box like below basic authentication

i should click on cancel button to get response header!!so what is ok button here? its my verification code

print header(-type => 'text/html', -status => '401 Not Authorized',
         'WWW-Authenticate' => 'Basic realm="Videos"');

print "<HTML>";
print "<HEAD>";

print "<TITLE>this is Test-Case</TITLE>";
print "</HEAD>";

my $signin = $ENV{HTTP_AUTHORIZATION};
my($basic,$userpass) = split( ' ', $signin );
($userpass,$eq) = split( '=',$userpass );
$userpass = decode_base64($userpass);
my ($user,$pass) =  split( ':',$userpass );
my $query = new CGI;
if($user eq 'aa' and $pass eq 'aa'){
show something
}
else{
     print "wrong user or pass";
}

i tried to use CGI::Auth::Basic before but it doesnt work for me and show error in module.

Thanks for your answers.

i solved my problem after a while so i decided to tell the answer for who have this problem too. you should firs check if $ENV{HTTP_AUTHORIZATION} is defined or not.if its defined you should check the user pass and if its true you print "Content-Type: text/HTML", "\n\n" that means 200ok!and if the ENV not defined you should print print header(-type => 'text/html', -status => '401 Not Authorized','WWW-Authenticate' => 'Basic realm="Videos"') to show the authentication box.

    $signin = $ENV{HTTP_AUTHORIZATION};
    if(defined $signin){
       check user and password here
       if(true user and password){
          print "Content-Type: text/HTML", "\n\n";
          do your all works here
       }
       else{
          wrong password
       }
    }
    else{
         print header(-type => 'text/html', -status => '401 Not   Authorized','WWW-Authenticate' => 'Basic realm="Videos"');
    }
Solution

  • HTTP Basic Auth works in two steps:

    First step:

    • Browser sends a request
    • Server replies with a full HTTP Response (header, body) with HTTP status code 401
    • Browser shows a (browser-specific) dialog to ask for username and password
    • "OK" on that dialog typicalls starts step 2
    • "Cancel" on that dialog typically shows the response body received earlier - but that depends on the browser implementation. Don't rely on it!

    Second step:

    • Browser re-sends the original request again, but adds an Authorization header
    • Server checks username and password and sends a full response (header, body) with either HTTP status code 200 (OK) or 401 (in this case: "username or password wrong, try again")
    • For code 401: See browser behavior for step 1
    • For code 200: Show the website as usual
    • Any other code is also valid: A 302 to redirect the user, a 500 to show an error, etc.

    Hope that answers your question. If not, I didn't understand your problem.