#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2000
    Posts
    5
    Rep Power
    0
    I'm running perl on a unix server, and i want to use htpasswd to protect some directories. Can I do this from with a perl script (e.g. I want to create an admin interface).
  2. #2
  3. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    >>and i want to use htpasswd to protect some directories

    Yes, you can do that. So are you seeking help on something particular that you are having trouble with your script or you simply looking for such script? If so, go to http://www.scriptsearch.com/
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2000
    Posts
    5
    Rep Power
    0
    Thanks, didn't mean to cross post.
    I've already created a number of admin interfaces, and used htaccess before. The interfaces set up new accounts for various services on a server. Each account needs it's own passwd and username. At the moment these have to be created manually via telnet. I just wanted to make the whole process dummy proof.
  6. #4
  7. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    1) create a registration form
    2) the script should first validate all field format
    3) then check against your flat file database or .htpasswd for username existence
    4) If all fine, then open and write to temp.txt and send mail containing a randomly generated activation code
    5) user goes to activation page and enter activation code and pick a password
    6) open and write the previous record plus the password to that flat file database
    open and write to .htpasswd

    How is it? Which procedure you would have trouble with?

    Be sure to keep your temp.txt and flat file database and .htpasswd out of your DocumentRoot or somewhere not reachable from the web.
    Still, I suggest you to check out http://www.scriptsearch.com/ and try some of the scripts. Asking someone to write the entire script for you will not work in devshed.
  8. #5
  9. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2000
    Posts
    5
    Rep Power
    0
    Thanks, I'm not asking for ne1 to write my scripts for me, I just thought that I would ask for a little advice.
    I don't need to be lectured to in a patronising manner in the process.
  10. #6
  11. No Profile Picture
    ledjon
    Guest
    Devshed Newbie (0 - 499 posts)
    Then what do you want? I'm sure nobody here is saying your no good at perl scripting and you don't know what you're doing.. but you asked a nonexplanatory question, he's just trying to help.
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Posts
    300
    Rep Power
    14
    OK, I am asking something specific:

    1) I know that I can get away with a system() call to htpasswd command to add another user, but I think this is not that elegant. I am looking for some way to crypt the password so it would be stored in a .htpasswd file. Any suggestions or tutorials??

    2) Is the split() function a good way to search for a username in the .htpasswd file?? Something like:

    foreach $line (<FILE> ){
    ($user, $pass) = split(/:/,$line);
    if ($user == $q->param("username")){
    $found=1;
    last;
    }else{
    $found = 0;
    }
    }

    Hoping for an answer...
  14. #8
  15. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    >>I am looking for some way to crypt the password
    Try this:
    $salt = substr($username,0,2);
    $encrypted_password = crypt($password,$salt);
    open(HTPASSWD,">>$htpasswd_file");
    flock (HTPASSWD, 2);
    print HTPASSWD "$username:$encrypted_passwordn";
    close(HTPASSWD);

    >>Is the split() function a good way to search for a username..
    I would modify yours like:

    foreach $line (<FILE> ){
    ($user, $pass) = split(/:/,$line);
    if ($user == $q->param("username")){
    $found=1;
    last;
    }
    }
    if ($found == "1") {
    &user_exists_and_send_error;
    }
    else { #this means $found=0, put this outside the foreach loop
    &add_user_to_htpasswd;
    }
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Posts
    300
    Rep Power
    14
    Just a few questions:

    1) Why are you using $username to retrieve the salt characters??? Is this the username the suer submited to the script, or the one that is extracted from the .htpasswd file??

    2) Thanks for the tips, shortened the code a bit and showed me some cool coding... But I a mglad I was on theright track at least...
  18. #10
  19. No Profile Picture
    ledjon
    Guest
    Devshed Newbie (0 - 499 posts)
    $salt is calling the 1st two letters of the input username as the crypt key. This way the key is simi-dynamicly generated. The more you know about the password encryption method and key, the easier it is to crack it (though to my knowledge... there aren't fast enough computers to crack any encryption in a reasonable amount of time.)
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Posts
    300
    Rep Power
    14
    Yes, I know about salt cahracters, and that the standard DES encryption scheme starts with two random characters. What got me confused, was that freebsd used the first 2 characters out of the username. But just now I figured that it was done probably because the username is "there" i.e. it is handy, and Apache doesn't care as long as the passwords are encrypted as they should be.

    Am I on the right track here???
  22. #12
  23. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    >>Am I on the right track here?

    Yes. Have you tried it though? You can even try this..

    @char=(a..z);
    $random="";
    for ($i=2) {
    $random .= $char[rand($char)];
    }
    $any = substr($random,0,2);
    $encrypted_password = crypt($password,$any);
  24. #13
  25. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Posts
    300
    Rep Power
    14
    Thanks a million guys!!! I havent't tried it yet (still caught up in some ohter wok, not computer related) but I will try it as soon as I can muster some serious time.

    Thanks again!! No beating this forum!

IMN logo majestic logo threadwatch logo seochat tools logo