📄 ch14.htm
字号:
<BLOCKQUOTE>
<TT><FONT FACE="Courier">If CGI_AuthUser = "" Then 'If
they haven't authenticated, do it<BR>
<BR>
Send "HTTP/1.0
401 Unauthorized"<BR>
Send ("Server:
" + CGI_ServerSoftware)<BR>
Send ("Date:
" + WebDate(Now))<BR>
Send ("WWW-Authenticate:
Basic realm=""AuthDemo""")<BR>
Send ("Content-type:
text/html")<BR>
Send ("")
<BR>
<BR>
<BR>
' Anything after this is only seen if they click cancel,<BR>
'Insert code to handle cancel button<BR>
<BR>
Else 'They typed in a username/password<BR>
<BR>
If (CGI_AuthUser
= "Daniel Berlin" And CGI_AuthPass = "danny")
Then <BR>
'they got it right<BR>
<BR>
'Insert your own code here to deal with getting the name/password
right<BR>
<BR>
Else 'they got
it wrong<BR>
<BR>
'Insert your own code here to deal with getting the name/password
wrong.<BR>
<BR>
End If<BR>
End If</FONT></TT>
</BLOCKQUOTE>
<P>
Most of the time, the name and password will be checked against
some kind of database. However, because I don't have such a database
handy, I hardcoded the name and password that will need to be
looked for.
<P>
This is basically a finished program that does authentication.
All I did to make it a real app was fill in my own code and throw
it in a <TT><FONT FACE="Courier">CGI_Main</FONT></TT> sub. See
Listing 14.2.
<HR>
<BLOCKQUOTE>
<B>Listing 14.2. Finished authentication program.</B>
</BLOCKQUOTE>
<BLOCKQUOTE>
<TT><FONT FACE="Courier">'Authentication Demo<BR>
'Copyright 1996 By Daniel Berlin<BR>
<BR>
Sub Inter_Main()<BR>
MsgBox "This program is meant to
be run from the Web Server"<BR>
Exit Sub<BR>
End Sub<BR>
Sub CGI_Main()<BR>
<BR>
If CGI_AuthUser = "" Then 'If
they haven't authenticated, do it<BR>
<BR>
Send "HTTP/1.0
401 Unauthorized"<BR>
Send ("Server:
" + CGI_ServerSoftware)<BR>
Send ("Date:
" + WebDate(Now))<BR>
Send ("WWW-Authenticate:
Basic realm=""AuthDemo""")<BR>
Send ("Content-type:
text/html")<BR>
Send ("")
<BR>
<BR>
<BR>
' Anything after this is only seen if they click cancel,<BR>
' This is because if they don't, it calls the program again<BR>
<BR>
Send ("<HTML><HEAD><TITLE>You
clicked Cancel</TITLE></HEAD>")<BR>
Send ("<BODY><H1>You
Clicked Cancel</H1></BODY></HTML>")<BR>
Else 'They typed in a username/password
<BR>
<BR>
If (CGI_AuthUser
= "Daniel Berlin" And CGI_AuthPass = "danny")
Then <BR>
'they got it right<BR>
Send
("Content-type: text/html")<BR>
Send
("")<BR>
Send
("<HTML><HEAD><TITLE>Congrats</TITLE></HEAD>")
<BR>
Send
("<BODY><H1>You have been properly authenticated</H1></BODY>_
<BR>
</HTML>")<BR>
<BR>
Else 'they got
it wrong<BR>
Send
("Content-type: text/html")<BR>
Send
("")<BR>
Send
("<HTML><HEAD><TITLE>I'm sorry</TITLE></HEAD>")
<BR>
Send
("<BODY><H1>Either username or password is wrong</H1></BODY>_
<BR>
</HTML>")<BR>
End If<BR>
End If<BR>
<BR>
<BR>
End Sub</FONT></TT>
</BLOCKQUOTE>
<HR>
<P>
This just about wraps up authentication.
<P>
The source code for the WinCGI Framework for VB32 is given in
Listing 14.3.
<HR>
<BLOCKQUOTE>
<B>Listing 14.3. CGI32.BAS.<BR>
</B>
</BLOCKQUOTE>
<BLOCKQUOTE>
<TT><FONT FACE="Courier">Attribute VB_Name = "CGI_Framework"
<BR>
'----------------------------------------------------------------------
<BR>
' *************<BR>
' * CGI32.BAS *<BR>
' *************<BR>
'<BR>
' VERSION: 1.7 (December 3, 1995)<BR>
'<BR>
' AUTHOR: Robert B. Denny <rdenny@netcom.com>
<BR>
'<BR>
' Common routines needed to establish a VB environment for<BR>
' Windows CGI programs that run behind the WebSite Server.<BR>
'<BR>
' INTRODUCTION<BR>
'<BR>
' The Common Gateway Interface (CGI) version 1.1 specifies a minimal
<BR>
' set of data that is made available to the back-end application
by<BR>
' an HTTP (Web) server. It also specifies the details for passing
this<BR>
' information to the back-end. The latter part of the CGI spec
is<BR>
' specific to Unix-like environments. The ncSA httpd for Windows
does<BR>
' supply the data items (and more) specified by CGI/1.1, however
it<BR>
' uses a different method for passing the data to the back-end.
<BR>
'<BR>
' DEVELOPMENT<BR>
'<BR>
' WebSite requires any Windows back-end program to be an<BR>
' executable image. This means that you must convert your VB<BR>
' application into an executable (.EXE) before it can be tested
<BR>
' with the server.<BR>
'<BR>
' ENVIRONMENT<BR>
'<BR>
' The WebSite server executes script requests by doing a<BR>
' CreateProcess with a command line in the following form:<BR>
'<BR>
' prog-name cgi-profile<BR>
'<BR>
' THE CGI PROFILE FILE<BR>
'<BR>
' The Unix CGI passes data to the back end by defining environment
<BR>
' variables which can be used by shell scripts. The WebSite<BR>
' server passes data to its back end via the profile file. The
<BR>
' format of the profile is that of a Windows ".INI"
file. The keyword<BR>
' names have been changed cosmetically.<BR>
'<BR>
' There are 7 sections in a CGI profile file, [CGI], [Accept],
<BR>
' [System], [Extra Headers], and [Form Literal], [Form External],
<BR>
' and [Form huge]. They are described below:<BR>
'<BR>
' [CGI] <==
The standard CGI variables<BR>
' CGI Version= The
version of CGI spoken by the server<BR>
' Request Protocol= The server's info protocol
(e.g. HTTP/1.0)<BR>
' Request Method= The method
specified in the request (e.g., "GET")<BR>
' Request Keep-Alive= If the client requested connection
re-use (Yes/No)<BR>
' Executable Path= Physical pathname of
the back-end (this program)<BR>
' Logical Path= Extra
path info in logical space<BR>
' Physical Path= Extra path
info in local physical space<BR>
' Query String= String
following the "?" in the request URL<BR>
' Content Type= MIME
content type of info supplied with request<BR>
' Content Length= Length, bytes,
of info supplied with request<BR>
' Request Range= Byte-range
specfication received with request<BR>
' Server Software= Version/revision of
the info (HTTP) server<BR>
' Server Name= Server's
network hostname (or alias from config)<BR>
' Server Port= Server's
network port number<BR>
' Server Admin= E-Mail
address of server's admin. (config)<BR>
' Referer=
URL of referring document<BR>
' From= E-Mail
of client user (rarely seen)<BR>
' User Agent= String
describing client/browser software/version<BR>
' Remote Host= Remote
client's network hostname<BR>
' Remote Address= Remote client's
network address<BR>
' Authenticated Username=Username if present in request<BR>
' Authenticated Password=Password if present in request<BR>
' Authentication Method=Method used for authentication (e.g.,
"Basic")<BR>
' Authentication Realm=Name of realm for users/groups<BR>
'<BR>
' [Accept]
<== What the client says it can take<BR>
' The MIME types found in the request header as<BR>
' Accept: xxx/yyy; zzzz...<BR>
' are entered in this section as<BR>
' xxx/yyy=zzzz...<BR>
' If only the MIME type appears, the form is<BR>
' xxx/yyy=Yes<BR>
'<BR>
' [System]
<== Windows interface specifics<BR>
' GMT Offset= Offset
of local timezone from GMT, seconds (LONG!)<BR>
' Output File= Pathname
of file to receive results<BR>
' Content File= Pathname
of file containing raw request content<BR>
' Debug Mode= If
server's CGI debug flag is set (Yes/No)<BR>
'<BR>
' [Extra Headers]<BR>
' Any "extra" headers found in the request that activated
this<BR>
' program. They are listed in "key=value" form. Usually,
you'll see<BR>
' at least the name of the browser here as "User-agent".
<BR>
'<BR>
' [Form Literal]<BR>
' If the request was a POST from a Mosaic form (with content type
of<BR>
' "application/x-www-form-urlencoded"), the server will
decode the<BR>
' form data. Raw form input is of the form "key=value&key=value&...",
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -