package Apache::AuthzTieDBI;
 
use strict;
use Apache::Constants qw(:common);
use Tie::DBI ();
 
sub handler {
    my $r = shift;
    my $requires = $r->requires;
    
    return DECLINED unless $requires;
    my $user = $r->connection->user;
    
    # get configuration information
    my $dsn        = $r->dir_config('TieDatabase') || 'mysql:test_www';
    my $table_data = $r->dir_config('TieTable')    || 'users:user:passwd';
    my($table, $userfield, $passfield) = split ':', $table_data;
    
    tie my %DB, 'Tie::DBI', {
	db => $dsn, table => $table, key => $userfield,
    } or die "couldn't open database";
    
    if ($DB{$user}) {  # evaluate each requirement
	for my $entry (@$requires) {
	    my $op = $entry->{requirement};
	    return OK if $op eq 'valid-user';
	    $op =~ s/\$\{?(\w+)\}?/\$DB{'$user'}{$1}/g;
	    return OK if eval $op;
	    $r->log_error($@) if $@;
	}
    }
    
    $r->note_basic_auth_failure;
    $r->log_reason("user $user: not authorized", $r->filename);
    return AUTH_REQUIRED;
}

1;
__END__