Gossamer Forum
(Advanced Search)
for
Home : General : Perl Programming :

.htaccess Limits?

Jul 8, 2001, 1:38 AM
Andy
Veteran / Moderator (18441 posts)
Andy's avatar
Jul 8, 2001, 1:38 AM
Post #1 of 6
Views: 4927
Shortcut
Quote Reply
.htaccess Limits?
Hi. I am just wondering if anyone knows of limitations to .htaccess password protection. I have just made a site I partnered with free membership based. In 3 days we have had 250+ sign ups. What I am wondering is, what is the limitations of .htaccess? Is there a better way to protect?

Also, when I do a check to see if the user exists I have to put all of the usernames into an array, see below code. Is this secure, and how will it affect the speed?

open(HTPASSWD,"/home/pokemon/public_html/free/.htpasswd");
flock(HTPASSWD, LOCK_EX);
@htpasswd = <HTPASSWD>;
close(HTPASSWRD);
flock(HTPASSWD, LOCK_UN);

foreach $line (@htpasswd)
{

if ($line =~ /$username\:\:.+/) { &error_username_exists; exit; } else { $return = 1; }

}

Is this effective? I doubt very much it is...LOL.

I am looking into SQL, would this be a better option?

Thanks for any help and pointers you can offer.

Andy

webmaster@ace-installer.com
http://www.ace-installer.com
Jul 8, 2001, 3:58 AM
Paul
Veteran (19537 posts)
Jul 8, 2001, 3:58 AM
Post #2 of 6
Views: 4782
Shortcut
Quote Reply
Re: .htaccess Limits? In reply to
There is no error checking again!

I don't think you need FLOCK either as you are not writing to the file!

Also the regex uses escaping where it isn't necessary.

You should use a while loop.

close(HTPASSWD) automatically releases the lock - LOOK at Links2.

You regex would NEVER match as .htpasswd files are
Code:
username:pass
not
Code:
username::pass
250 lines in a .htpasswd file is nothing. Large membership sites such as adult sites use .htaccess (so I'm told Smile) and they have thousands of members.

So.....

Code:
open(HTPASSWD,"</home/pokemon/public_html/free/.htpasswd") || die "Couldn't open .htpasswd : $!";
while (<HTPASSWD>) {
if ($username =~ /^$_/i) { # Remove the i for case-sensitivity
&found;
} else {
&found_not;
}
close(HTPASSWRD);
Also you obviously haven't checked your code properly because you have:

HTPASSWRD and HTPASSWD

If you want flock:

Code:
open(HTPASSWD,"</home/pokemon/public_html/free/.htpasswd") || die "Couldn't open .htpasswd : $!";
flock(HTPASSWD, 2);
while (<HTPASSWD>) {
if ($username =~ /^$_/i) {
&found;
} else {
&found_not;
}
close(HTPASSWRD);
Installs:http://wiredon.net/gt
FAQ:http://www.perlmad.com

Jul 8, 2001, 11:49 PM
Andy
Veteran / Moderator (18441 posts)
Andy's avatar
Jul 8, 2001, 11:49 PM
Post #3 of 6
Views: 4761
Shortcut
Quote Reply
Re: .htaccess Limits? In reply to
Hi. Thanks for the reply. The regex I use does actualy work Wink

Have a look at http://www.vgacd.com/free-signup.cgi and try signing up for a username called admin.

As for the while loop, I'll give it a try. Thinking about it that would be a more logical way of doing it, rather than searching through the whole database Smile

Thanks

Andy

webmaster@ace-installer.com
http://www.ace-installer.com
Jul 9, 2001, 3:41 AM
Paul
Veteran (19537 posts)
Jul 9, 2001, 3:41 AM
Post #4 of 6
Views: 4773
Shortcut
Quote Reply
Re: .htaccess Limits? In reply to
Thinking about it you should probably use:

Code:
open(HTPASSWD,"</home/pokemon/public_html/free/.htpasswd") || die "Couldn't open .htpasswd : $!";
my $found;
while (<HTPASSWD>) {
if ($username =~ /^$_/i) { # Remove the i for case-sensitivity
$found = 1;
last;
} else {
$found = 0;
}
close(HTPASSWRD);
Code:
if ($found == 1) {
bla
} else {
bla
}
If that regex matches then the content of your .htpasswd file is incorrect.

Installs:http://wiredon.net/gt
FAQ:http://www.perlmad.com

Jul 9, 2001, 6:01 AM
Andy
Veteran / Moderator (18441 posts)
Andy's avatar
Jul 9, 2001, 6:01 AM
Post #5 of 6
Views: 4767
Shortcut
Quote Reply
Re: .htaccess Limits? In reply to
Mmmm. That has me stumped. Why would the .htpasswd protection work then if I am using :: ??? I have looked it all up, and sure enough it should be one : . I wonder if it just ignores the other : ??? I'm stumped.

Andy

webmaster@ace-installer.com
http://www.ace-installer.com
Jul 9, 2001, 9:59 AM
Paul
Veteran (19537 posts)
Jul 9, 2001, 9:59 AM
Post #6 of 6
Views: 4731
Shortcut
Quote Reply
Re: .htaccess Limits? In reply to
Maybe they assume that some people will use variations and so use something like:

Code:
split /:+/;
It probably isn't done using split but that was just an example.

Installs:http://wiredon.net/gt
FAQ:http://www.perlmad.com