The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.
|
 |
|
Dev Shed Forums
> Programming Languages
> Perl Programming
|
htaccess and htpasswd
Discuss htaccess and htpasswd in the Perl Programming forum on Dev Shed. htaccess and htpasswd Perl Programming forum discussing coding in Perl, utilizing Perl modules, and other Perl-related topics. Perl, the Practical Extraction and Reporting Language, is the choice for many for parsing textual information.
|
|
 |
|
|
|
|

Dev Shed Forums Sponsor:
|
|
|

July 14th, 2000, 04:43 AM
|
|
Junior Member
|
|
Join Date: Jul 2000
Posts: 5
Time spent in forums: < 1 sec
Reputation Power: 0
|
|
|
I'm running perl on a unix server, and i want to use htpasswd to protect some directories. Can I do this from with a perl script (e.g. I want to create an admin interface).
|

July 14th, 2000, 05:36 AM
|
|
Guest
|
|
Posts: n/a
Time spent in forums:
Reputation Power:
|
|
|
>>and i want to use htpasswd to protect some directories
Yes, you can do that. So are you seeking help on something particular that you are having trouble with your script or you simply looking for such script? If so, go to http://www.scriptsearch.com/
|

July 14th, 2000, 06:02 AM
|
|
Junior Member
|
|
Join Date: Jul 2000
Posts: 5
Time spent in forums: < 1 sec
Reputation Power: 0
|
|
|
Thanks, didn't mean to cross post.
I've already created a number of admin interfaces, and used htaccess before. The interfaces set up new accounts for various services on a server. Each account needs it's own passwd and username. At the moment these have to be created manually via telnet. I just wanted to make the whole process dummy proof.
|

July 14th, 2000, 07:30 AM
|
|
Guest
|
|
Posts: n/a
Time spent in forums:
Reputation Power:
|
|
|
1) create a registration form
2) the script should first validate all field format
3) then check against your flat file database or .htpasswd for username existence
4) If all fine, then open and write to temp.txt and send mail containing a randomly generated activation code
5) user goes to activation page and enter activation code and pick a password
6) open and write the previous record plus the password to that flat file database
open and write to .htpasswd
How is it? Which procedure you would have trouble with?
Be sure to keep your temp.txt and flat file database and .htpasswd out of your DocumentRoot or somewhere not reachable from the web.
Still, I suggest you to check out http://www.scriptsearch.com/ and try some of the scripts. Asking someone to write the entire script for you will not work in devshed.
|

July 14th, 2000, 08:59 AM
|
|
Junior Member
|
|
Join Date: Jul 2000
Posts: 5
Time spent in forums: < 1 sec
Reputation Power: 0
|
|
|
Thanks, I'm not asking for ne1 to write my scripts for me, I just thought that I would ask for a little advice.
I don't need to be lectured to in a patronising manner in the process.
|

July 15th, 2000, 03:10 PM
|
|
Guest
|
|
Posts: n/a
Time spent in forums:
Reputation Power:
|
|
|
Then what do you want? I'm sure nobody here is saying your no good at perl scripting and you don't know what you're doing.. but you asked a nonexplanatory question, he's just trying to help.
|

July 17th, 2000, 06:10 AM
|
|
Contributing User
|
|
Join Date: Jun 2000
Posts: 300
Time spent in forums: < 1 sec
Reputation Power: 13
|
|
OK, I am asking something specific:
1) I know that I can get away with a system() call to htpasswd command to add another user, but I think this is not that elegant. I am looking for some way to crypt the password so it would be stored in a .htpasswd file. Any suggestions or tutorials??
2) Is the split() function a good way to search for a username in the .htpasswd file?? Something like:
foreach $line (<FILE> ){
($user, $pass) = split(/:/,$line);
if ($user == $q->param("username")){
$found=1;
last;
}else{
$found = 0;
}
}
Hoping for an answer... 
|

July 17th, 2000, 08:43 AM
|
|
Guest
|
|
Posts: n/a
Time spent in forums:
Reputation Power:
|
|
|
>>I am looking for some way to crypt the password
Try this:
$salt = substr($username,0,2);
$encrypted_password = crypt($password,$salt);
open(HTPASSWD,">>$htpasswd_file");
flock (HTPASSWD, 2);
print HTPASSWD "$username:$encrypted_passwordn";
close(HTPASSWD);
>>Is the split() function a good way to search for a username..
I would modify yours like:
foreach $line (<FILE> ){
($user, $pass) = split(/:/,$line);
if ($user == $q->param("username")){
$found=1;
last;
}
}
if ($found == "1") {
&user_exists_and_send_error;
}
else { #this means $found=0, put this outside the foreach loop
&add_user_to_htpasswd;
}
|

July 17th, 2000, 08:50 PM
|
|
Contributing User
|
|
Join Date: Jun 2000
Posts: 300
Time spent in forums: < 1 sec
Reputation Power: 13
|
|
Just a few questions:
1) Why are you using $username to retrieve the salt characters??? Is this the username the suer submited to the script, or the one that is extracted from the .htpasswd file??
2) Thanks for the tips, shortened the code a bit and showed me some cool coding...  But I a mglad I was on theright track at least...
|

July 18th, 2000, 12:14 AM
|
|
Guest
|
|
Posts: n/a
Time spent in forums:
Reputation Power:
|
|
|
$salt is calling the 1st two letters of the input username as the crypt key. This way the key is simi-dynamicly generated. The more you know about the password encryption method and key, the easier it is to crack it (though to my knowledge... there aren't fast enough computers to crack any encryption in a reasonable amount of time.)
|

July 18th, 2000, 02:08 AM
|
|
Contributing User
|
|
Join Date: Jun 2000
Posts: 300
Time spent in forums: < 1 sec
Reputation Power: 13
|
|
Yes, I know about salt cahracters, and that the standard DES encryption scheme starts with two random characters. What got me confused, was that freebsd used the first 2 characters out of the username. But just now I figured that it was done probably because the username is "there" i.e. it is handy, and Apache doesn't care as long as the passwords are encrypted as they should be.
Am I on the right track here??? 
|

July 18th, 2000, 03:59 AM
|
|
Guest
|
|
Posts: n/a
Time spent in forums:
Reputation Power:
|
|
|
>>Am I on the right track here?
Yes. Have you tried it though? You can even try this..
@char=(a..z);
$random="";
for ($i=2) {
$random .= $char[rand($char)];
}
$any = substr($random,0,2);
$encrypted_password = crypt($password,$any);
|

July 18th, 2000, 06:05 AM
|
|
Contributing User
|
|
Join Date: Jun 2000
Posts: 300
Time spent in forums: < 1 sec
Reputation Power: 13
|
|
Thanks a million guys!!! I havent't tried it yet (still caught up in some ohter wok, not computer related) but I will try it as soon as I can muster some serious time.
Thanks again!! No beating this forum! 
|
Developer Shed Advertisers and Affiliates
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Rate This Thread |
Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|