 |
 |
 |
Mod_python Manual |  |
 |
 |
|
|
|
Mod_python Manual | |
|
|
Syntax:
Python*Handler Syntax
Context:
server config, virtual host, directory, htaccess
Override:
not None
Module:
mod_python.c
This routine is called to check the authentication information sent with the request (such as looking up the user in a database and verifying that the [encrypted] password sent matches the one in the database).
Where multiple handlers are specified, if any handler in the sequence
returns a value other than apache.DECLINED, then execution of all
subsequent handlers for this phase are aborted.
To obtain the username, use req.user. To obtain the password
entered by the user, use the req.get_basic_auth_pw() function.
A return of apache.OK means the authentication succeeded. A
return of apache.HTTP_UNAUTHORIZED with most browser will bring
up the password dialog box again. A return of
apache.HTTP_FORBIDDEN will usually show the error on the
browser and not bring up the password dialog
again. HTTP_FORBIDDEN should be used when authentication
succeeded, but the user is not permitted to access a particular URL.
An example authentication handler might look like this:
def authenhandler(req):
pw = req.get_basic_auth_pw()
user = req.user
if user == "spam" and pw == "eggs":
return apache.OK
else:
return apache.HTTP_UNAUTHORIZED
req.get_basic_auth_pw() must be called prior to using the
req.user value. Apache makes no attempt to decode the
authentication information unless req.get_basic_auth_pw() is called.
|
|
|
Mod_python Manual | |
|
|