htaccess and htpasswd

I'm running perl on a unix server, and i want to use htpasswd to protect some directories. Can I do this from with a perl script (e.g. I want to create an admin interface).

>>and i want to use htpasswd to protect some directories

Yes, you can do that. So are you seeking help on something particular that you are having trouble with your script or you simply looking for such script? If so, go to http://www.scriptsearch.com/

Thanks, didn't mean to cross post.
I've already created a number of admin interfaces, and used htaccess before. The interfaces set up new accounts for various services on a server. Each account needs it's own passwd and username. At the moment these have to be created manually via telnet. I just wanted to make the whole process dummy proof.

1) create a registration form
2) the script should first validate all field format
3) then check against your flat file database or .htpasswd for username existence
4) If all fine, then open and write to temp.txt and send mail containing a randomly generated activation code
5) user goes to activation page and enter activation code and pick a password
6) open and write the previous record plus the password to that flat file database
open and write to .htpasswd

How is it? Which procedure you would have trouble with?

Be sure to keep your temp.txt and flat file database and .htpasswd out of your DocumentRoot or somewhere not reachable from the web.
Still, I suggest you to check out http://www.scriptsearch.com/ and try some of the scripts. Asking someone to write the entire script for you will not work in devshed.

Thanks, I'm not asking for ne1 to write my scripts for me, I just thought that I would ask for a little advice.
I don't need to be lectured to in a patronising manner in the process.

Then what do you want? I'm sure nobody here is saying your no good at perl scripting and you don't know what you're doing.. but you asked a nonexplanatory question, he's just trying to help.

OK, I am asking something specific:

1) I know that I can get away with a system() call to htpasswd command to add another user, but I think this is not that elegant. I am looking for some way to crypt the password so it would be stored in a .htpasswd file. Any suggestions or tutorials??

2) Is the split() function a good way to search for a username in the .htpasswd file?? Something like:

foreach $line (<FILE> ){
($user, $pass) = split(/:/,$line);
if ($user == $q->param("username")){
$found=1;
last;
}else{
$found = 0;
}
}

Hoping for an answer...

>>I am looking for some way to crypt the password
Try this:
$salt = substr($username,0,2);
$encrypted_password = crypt($password,$salt);
open(HTPASSWD,">>$htpasswd_file");
flock (HTPASSWD, 2);
print HTPASSWD "$username:$encrypted_passwordn";
close(HTPASSWD);

>>Is the split() function a good way to search for a username..
I would modify yours like:

foreach $line (<FILE> ){
($user, $pass) = split(/:/,$line);
if ($user == $q->param("username")){
$found=1;
last;
}
}
if ($found == "1") {
&user_exists_and_send_error;
}
else { #this means $found=0, put this outside the foreach loop
&add_user_to_htpasswd;
}

Just a few questions:

1) Why are you using $username to retrieve the salt characters??? Is this the username the suer submited to the script, or the one that is extracted from the .htpasswd file??

2) Thanks for the tips, shortened the code a bit and showed me some cool coding... But I a mglad I was on theright track at least...

$salt is calling the 1st two letters of the input username as the crypt key. This way the key is simi-dynamicly generated. The more you know about the password encryption method and key, the easier it is to crack it (though to my knowledge... there aren't fast enough computers to crack any encryption in a reasonable amount of time.)

Yes, I know about salt cahracters, and that the standard DES encryption scheme starts with two random characters. What got me confused, was that freebsd used the first 2 characters out of the username. But just now I figured that it was done probably because the username is "there" i.e. it is handy, and Apache doesn't care as long as the passwords are encrypted as they should be.

Am I on the right track here???

>>Am I on the right track here?

Yes. Have you tried it though? You can even try this..

@char=(a..z);
$random="";
for ($i=2) {
$random .= $char[rand($char)];
}
$any = substr($random,0,2);
$encrypted_password = crypt($password,$any);

Thanks a million guys!!! I havent't tried it yet (still caught up in some ohter wok, not computer related) but I will try it as soon as I can muster some serious time.

Thanks again!! No beating this forum!