Hi. I help install CGI scripts for people, but i can not seem to find any script that enables me to create encrypted passwords for use with .htaccess and .htpasswd files. Any suggestions would be much appreciated.

Yours

A.J.Newby
webmaster@youradds.com
http://ace.upyour.com

 
The code to encypt a password is here.

$cyptedPass = crypt($password, "MM");

MM is the type of encryption. I don't know if there is a certain type you have to use, but give it a try.

perlkid

No MM is the salt used for the encryption. You should not hardcode MM in there, it should be random for higher security.

Then when comparing passwords, you read in the encrypted string, and the first 2 characters of it will be the salt used, so you encrypt the entered password with that salt and compare against the stored password.

see perldoc -f crypt for more info.

--mark

Installation support is provided via ICQ at UIN# 53788453. I will only respond on that number.

If you just want to use something already setup, try

http://www.euronet.nl/~arnow/htpasswd/

Cheers!
Ben
------------
http://www.travel-experiences.com

I came across your post about encrypting password. I have the problem with a script that I tried to modify.
I sucessfully encrypted the password (at least i think I did), but no matter what I try I just can't get the script to log in the authorized user when he trys to log in with the password.
Below is what I did. The first subrountine is the one that admits people in when they key in the correct password/username while the second subroutine encrypts the password when the person registers. Can you help me debug?

sub admit {

open(FILE, "$datafile") || die "I can't\n";

while(<FILE>) {
chop;
@all = split(/\n/);

foreach $line (@all) {
($loginname, $loginemail) = split(/:/, $line);

if(($form_data{'callsign'} eq $loginname) && (crypt($form_data{'$pw'}, $loginemail) eq $loginemail)) {
$match = 1;
}
}

}

close(FILE);
}

sub register {

&duplicate_callsign;

&GetFileLock ("$lock_file");
open(FILE, ">>$datafile") || die "Nope\n";
srand( time() ^ ($$ + ($$ << 15)) );
my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
my $encrypted = crypt($form_data{'$pw'}, $salt);
print FILE "$callsign:$encrypted\n";
close(FILE);
&ReleaseFileLock ("$lock_file");

print "Content-type: text/html\n\n";
print "<html><head><title>Thanks! $callsign!</title></head>\n";
print "<body>\n";
print "<p><h1>Thanks $callsign </p></h1>\n";
print "
Thank you for joining. You can go back and log in now.\n";
print "</body></html>\n";
exit;
}

sub relocate {
print "Location: $location\n\n";
}



Julian