%args>
$username
$password
$redirect_to
%args>
<%init>
if (my @errors = check_login($username, $password) {
$m->comp( 'redirect.mas',
path => 'login_form.html',
query => { errors => \@errors,
username => $username,
password => $password,
redirect_to => $redirect_to } );
}
$MasonBook::Session{username} = $username;
$MasonBook::Session{token} =
Digest::SHA1::sha1_hex( 'My secret phrase', $username );
$m->comp( 'redirect.mas',
path => $redirect_to );
%init>
if ( $MasonBook::Session{token} ) {
if ( $MasonBook::Session{token} eq
Digest::SHA1::sha1_hex( 'My secret phrase',
$MasonBook::Session{username} ) {
# R<... valid login, do something here>
} else {
# R<... someone is trying to be sneaky!>
}
} else { # no token
my $wanted_page = $r->uri;
# Append query string if we have one.
$wanted_page .= '?' . $r->args if $r->args;
$m->comp( 'redirect.mas',
path => '/login/login_form.html',
query => { redirect_to => $wanted_page } );
}
<%init>
my $user = get_user(); # again, hand waving
my $required_access = $m->base_comp->attr('required_access');
unless ( $user->has_access_level($required_access) ) {
# R<... do something like send them to another page>
}
$m->call_next;
%init>
<%attr>
required_access => 'Guest'
%attr>
<%attr>
required_access => 'Admin'
%attr>
% while (my ($name, $def) = each %styles) {
<% $name %> <% $def %>
% }
<%args>
$cobrand
%args>
<%init>
my %styles;
die "Security violation, style=$style" unless $cobrand =~ /^\w+$/;
foreach my $file ('default.css', "$cobrand.css") {
local *FILE;
open FILE, "< /var/styles/$file"
or die "Cannot read /var/styles/$file: $!";
while () {
next unless /(\S+) \s+ (\S.*)/x;
$styles{$1} = $2;
}
close FILE;
}
$r->content_type('text/css');
%init>