Hi,

Hopefully someone could lend a hand with this. I'm trying to encrypt a password field submitted by a user. Does it need to be converted first, then printed to the file? I haven't the slightest clue on this, so any help would be great..... I read a few posts on this, and they all seemed to use:

my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/')

...but like I said, I'm not sure where I would apply this! Anyway, thanks for your help.

Well, I've managed to get this working (kind of)...the only problem happening now is this. The username and (scrambled) password are printing to the file fine, but for some reason the password doesn't seem to be working?? I'm not sure why...here's what it looks like:

testname:rIRNsZ75eY5Is

...where the second option was originally an inputed password of----> now.

This is what I'm using to crypt the password.

my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
my $encrypted = crypt($in{'db_password'}, $salt);
print "$values[$db_username]:$encrypted\n";

Any feedback would be great! Thank you.

OK, my bad...I guess thinking you know the answer and actually knowing is two entirely different things, sometimes I just want to help and think I am, when in fact I'm just making things worse.

The salt IS automatically saved with the password... it's the first two characters of the encrypted string.

Doing what he did above is the best way to do it. Random salt each time. You don't want a standard one.

--mark

Installation support is provided via ICQ at UIN# 53788453. I will only respond on that number.

Right on...thank you guy's for the reply's....but I think now I'm more confused than ever....(nothing out of the ordinary.) It seems to be printing them randomly as it should...but why would the login not work? To be honest...It's really not even important if they are encrypted or not, but I was under the impression that the .htaccess would only work if the passwords were encrypted? Actually, I think I tried with just the text formats (no encryption) and still denied access?? Which is why I'm going this route now. I'm pretty sure I'm missing a step here....just can't figure out what! Below is a few tests..but I can't get access with any of them.

help:qShAtIbMYyor2
mike:cDjXnNdGoBN1c
grecko:bvSM0ZTIc4sDc
testit:HhGNvvRk/RY

Thanks again for your reply's---I appreciate it.

I don't want to steer you wrong again so I will defer to those more knowledgable, sorry about that...though you may get some ideas on how to use this by looking at the fileman script, it makes use of this in conjunction with .htaccess, it may show you where you are going wrong.

I read your post with interest. I too experience the same problem when I tried to encrypt my password. It writes to the file correctly but somehow refuses to log me in when I enter the password.

I don't know what's wrong. I followed exactly the same encryption script and login script as DBMan but it refuses to work. However, when I use a non-encrypted password, it logs me in.

I hope someone can help us find out what went wrong. I'm at my wits end.

Julian

phoule:
No big deal...I appreciate your response.

mark:
Any ideas why it might not be working?

vampy:
keep your fingers crossed! :-)

To Anyone:
If you happen to read this, and have some spare time...well you know what to do. But seriously, any help with this would be very cool.

thanks

Nevermind....I figured it out.... for anyone else (vampy) the problem with mine was with the way I was calling the password field. I'm not sure what your working on, but I changed mine to $values[$db_password] and it works like a charm now! Thanks for the help guys.

BTW- vampy...give some additional info on what your trying to do, and I'll see if I might be able to help.

Domenic, glad you got it.

Vampy... when you enter a password, are you encrypting it with the stored salt before comparing it against the stored password?

--mark

Installation support is provided via ICQ at UIN# 53788453. I will only respond on that number.

Hey Mark,

Yeah...me too! I was running around like a chicken with my head cut off....what a waste of some good sleeping time!! Thanks again.

Below is the script that i tried to run:

sub admit {

open(FILE, "$datafile") || die "I can't\n";

while(<FILE>) {
chop;
@all = split(/\n/);

foreach $line (@all) {
($loginname, $loginemail) = split(/:/, $line);

if($loginname eq "$callsign" && ($loginemail eq (crypt("$pw", "$pw")))) {
$match = 1;
}
}

}

close(FILE);
}

sub register {

&duplicate_callsign;

&GetFileLock ("$lock_file");
open(FILE, ">>$datafile") || die "Nope\n";
srand( time() ^ ($$ + ($$ << 15)) );
my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
my $encrypted = crypt($in{'$pw'}, $salt);
print FILE "$callsign:$encrypted\n";
close(FILE);
&ReleaseFileLock ("$lock_file");

print "Content-type: text/html\n\n";
print "<html><head><title>Thanks! $callsign!</title></head>\n";
print "<body>\n";
print "<p><h1>Thanks $callsign </p></h1>\n";
print "
Thank you for joining. You can go back and log in now.\n";
print "</body></html>\n";
exit;
}

sub relocate {
print "Location: $location\n\n";
}

Thanks for helping me.

Julian