Read this entire document for the description, usage, features, and installation instructions for use of these programs. The source code is available here, but be warned that development is in progress. Please indicate unoffical and official versions (i.e., versions not released by me and versions released by me) by prefixing a `U' or an 'O' before the version number. I'd appreciate it if you could notify me of any modifications you may make so I can incorporate them into the official version. You, the user, are responsible for everything the program does.
The registration and login programs will let you maintain a database of users that can access a particular directory. The programs work by the means of HTTP-based user authentication. If you're not familiar with HTTP-based user authentication, before you do anything, it is imperative you read some documentation on this (see the section on basic password authentication). These programs assume you have a working knowledge of user authentication.
The general purpose registraion and login programs support the
following commands and features. For the purposes of this example,
the CGI scripts are assumed to be named register, and
modify. Literal characters (i.e., characters you should
type in as is) are indicated in a fixed-width
font. Variable characters are in italics. See the
source code of the demo pages for real uses of program.
register in POST mode
register can only be used in POST mode to add a
new user profile to the profile database, and to add a new entry in
the htpasswd and htgroup files.
modify in GET mode
modify in POST mode
modify in GET mode will automatically set things up,
but this is how information in the profile database is modified or
deleted. Again, this relies on the REMOTE_USER environment variable
being present.
Before you can use the programs, you need to set things up so you have a valid htpasswd, htgroup, and htaccess files, along with a valid profile database file. The setup script does this for you. It also serves as a handy tutorial on how to set up basic by-password user-authentication, so make sure you read it and understand how it works.
The default profile database file is very simple. You probably should tailor it to your needs. The way it works is explained in the setup script, but essentially the first line (which is a comment, prefixed by a "#") reads
# N name1|name2|name3|name4|...|nameN|
where N is the number of fields, and name1..nameN are the names of
the fields. These names will be used by the modify
program to generate a form with those names. The default is:
# 7 Username|E-mail|Street|City|State|Zip|Country|
There are no bugs. Here is a list of caveats and features you should be aware (beware?) of.
modify script must be placed
where people who haven't registered cannot access it. This is not
just because it depends on the REMOTE_USER variable, but also
because there's no reason for people to mess around with the script
if they've not registered. There are two ways to do it: Add the
appropriate MIME type for .cgi and rename modify.cgi and place it in
the directory. Or create a separate auth-bin directory with a
htaccess file that points to the same htaccess and htgroup files.
The former is of course the more elegant solution.
To install the program, you need a C compiler. Edit the defines
in cgi_defines.h and login_defines.h (explained in detail there) and
the Makefile appropriately, and type in `make' at the prompt; it
should install without a fuss (at least on an Unix system). The
programs generally are referred to as register and
modify. This is configurable in the Makefile.
There's a small script called setup in the src directory that will help you set up by-passwd user authentication for a particular directory. It's nothing fancy, but it'll do the job. Modify it to fit your needs and run it on your server.