Usually, if you run into problems that only affect POST requests, that
means that somewhere earlier in the apache cycle there is something
consuming the posted data. Looking at the code you've posted though,
it's not immediately obvious that that is the problem, nor is it obvious
that it's actually the even related to the problem that phpMyAdmin is
displaying. That is something you can look into further though Perhaps
part of DataJoy::Application is reading the post variables out of STDIN.

Adam



Miha Lampret wrote:
> Hello all,
>
> Today I tried to limit access to phpMyAdmin using my own Authen.pm
> module. It works well but not always. Looks like phpMyAdmin has
> problems with HTTP post method if I enable my PerlAuthenHandler
> Authen.pm. Otherwise phpMyAdmin and Authen.pm work well.
>
> The error I get in phpMyAdmin is:
> Fatal error: PMA_sendHeaderLocation called when headers are already
> sent! in /opt/datajoy/www/lib/phpMyAdmin/libraries/common.lib.php on
> line 650
>
> I am not sure what causes this problem. It may be phpMyAdmin issue or
> there is something wrong in my Authen.pm. But since my Authen.pm works
> well when limiting access to directories/files and since I have no
> problem with phpMyAdmin if I use .htaccess with password file
> (AuthUserFile) I thought it might be mod_perl issue. Anyone else
> noticed strange behaviour when using PerlAuthenHandler? It is the same
> if I use PerlAccessHandler.
>
> I hope someone can direct me where to look for solution.
>
> Best regards,
> Miha
>
> Server software:
> Apache/2.2.9 (Debian) PHP/5.2.6-5 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
> I also noticed this problem in older versions of Apache, perl, mod_perl and php.
>
> Bellow are my Apache settings for phpMyAdmin dir and Authen.pm module:
>
>
> PerlSendHeader Off
> AuthName DatajoyWebAuth
> AuthType Basic
> PerlAuthenHandler Datajoy::Authen
> require valid-user
>

>
>
> package Datajoy::Authen;
>
> use strict;
> use Apache2::Access ();
> use Apache2::RequestUtil ();
> use Apache2::Const -compile => qw(OK DECLINED HTTP_UNAUTHORIZED);
>
> use Datajoy::Application;
> use Datajoy::Config;
>
> sub Authenticate {
> my ($domain,$user,$pass,$file)=@_;
> my $result=0;
>
> my $app=Datajoy::Application->new();
> $app->Db_Connect;
>
> my $sth=$app->{dbh}->prepare("select users.org_id, users.id, pages.path
> from domains,users,pages
> where domains.page_id=pages.id and users.org_id=domains.org_id
> and domains.domain=? and users.username=?");
> $sth->execute($domain,$user);
> my ($org_id,$user_id,$domain_path)=$sth->fetchrow_array;
>
> if ($org_id && $user_id) {
> my $auth=undef;
> eval '$auth='.$app->{config}->{auth_module}.'->new($app)';
> if (! $@) {
> my ($logged_in,$uref)=$auth->Login($org_id,$user,$pass);
> if ($logged_in>0) {
> $result=1;
> }
> }
> }
>
> return $result;
> }
>
> sub handler {
> my $r=shift;
>
> my ($status,$pass)=$r->get_basic_auth_pw;
>
> return $status unless $status == Apache2::Const::OK;
>
> my $domain=$r->hostname();
> my $user=$r->user;
> my $file=$r->filename();
>
> if (Authenticate($domain,$user,$pass,$file)) {
> return Apache2::Const::OK;
> } else {
> $r->note_basic_auth_failure;
> return Apache2::Const::HTTP_UNAUTHORIZED;
> }
>
> }
>
> 1;
>