Gossamer Forum
Home : Products : DBMan : Discussions :

password

Quote Reply
password
How can I see the encrypted password in .pass? or rather can I have a non encrypted password store in .pass?

Quote Reply
Re: password In reply to
There is no way to decrypt the passwords in the .pass file.

Having unencrypted passwords in your .pass file is a very bad idea. I have experience with what can happen, and it isn't pretty.

JPD
Quote Reply
Re: password In reply to
Why do you ask esk? If you have a heap of pre-defined usernames/passwords you'd like to import, there are scripts that can do such a thing.

- Mark

Astro-Boy!!
http://www.zip.com.au/~astroboy/
Quote Reply
Re: password In reply to
I want to do a import, which scripts does the job? pls advise

Quote Reply
Re: password In reply to
Ok, first, copy the code below and save it as convert.cgi in the same dir as db.cgi. Chmod the file 755
The lines in red are lines you will need to change for your settings.

------------------------------------
Code:
#!/usr/local/bin/perl
# Change the line above to match your path to perl
# ------------------------------------------------------
# CGI Script for converting delimited ascii text files
# into a password file for DB man.
#
# Data in password.txt should be of the format:
# username|password
# ------------------------------------------------------

$db_script_path = ".";

# change the line below to the name of your current password file
$password_file = $db_script_path . "/password.txt";

# Full path and file name of the password file.
$auth_pw_file = $db_script_path . "/default.pass";
# Permissions for every user (View, Add, Delete, Modify, Admin), 1 = enable, 0 = disable.
@auth_signup_permissions = (1,0,0,1,0);


open (PASS, "<$password_file") or
&cgierr("error in convert. unable to open password file: $password_file.\nReason: $!");
@lines=<PASS>;
close PASS;

srand( time() ^ ($$ + ($$ << 15)) ); # Seed Random Number
open (PASS, ">$auth_pw_file") or
&cgierr("error in convert. unable to open password file: $auth_pw_file.\nReason: $!");
foreach $line (@lines) {
# Defines the delimiter. In this case, a "|"
@data=split '\|',$line;
my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
my $encrypted = crypt($data[1], $salt);
my $permissions = join (":", @auth_signup_permissions);
print PASS "$data[0]:$encrypted:$permissions\n";
}
close PASS;

chmod 0666, $auth_pw_file;

print "Content-type: text/html\n\n
<html><head><title>File Converted</title><head>
<body>Your text file has been converted</body></html>";

sub cgierr {
# --------------------------------------------------------
# Displays any errors
if (!$html_headers_printed) {
print "Content-type: text/html\n\n";
$html_headers_printed = 1;
}
print "<PRE>\n\nCGI ERROR\n==========================================\n";
$_[0] and print "Error Message : $_[0]\n";
$0 and print "Script Location : $0\n";
$] and print "Perl Version : $]\n";
print "\n</PRE>";
exit -1;
}
------------------------------------

The script is configured for use with a text file with pipe "|" delimiters. So your text document should look something like:

user1|pass
user2|pass
user3|pass
etc...

Then edit the red lines as directed by the comments, run it from your browser and you'll get a message when its done.

(JPDeni - perhpas it's time this went into the Resources? Smile)

Good luck,

- Mark

Astro-Boy!!
http://www.zip.com.au/~astroboy/
Quote Reply
Re: password In reply to
I'll get it in the Resource Center, Mark, after someone uses the script and tells me if it works or not. Smile

JPD
Quote Reply
Re: password In reply to
I use it all the time... it works perfectly.

I've even adapted it to create dummy records for each user Smile

The only criticism I would make is that for some odd reason, it double spaces everything... but that's easy to fix, just taking out the \n at the end of the 'print PASS...'

Although maybe that's because I don't have any closing delimiter in my password.txt, so its printing the carriage return too... which isnt all that odd really... (ok, so it needs some documentation) Crazy

- Mark

Astro-Boy!!
http://www.zip.com.au/~astroboy/
Quote Reply
Re: password In reply to
I think I forgot this in my other code, too, but you need to get rid of the linefeed at the end of the .txt file.

After

foreach $line (@lines) {

add

chomp $line;

That should fix the problem.

Why don't you go ahead and make up a mod page for this? Smile


JPD
Quote Reply
Re: password In reply to
It also works if you remove the carriage return in the 'print PASS'
(which I figured out and mentioned in my above post.... but didnt edit it in time - you're too quick) Smile

Either way is good... but your way is probobly the best, because it wont matter if they have a closing "|" or not... (by my understanding anyway)

I can certainly make the mod page... though it may have to wait till I've finished work Tongue
(2 hours to the weekend - and freedom! Smile)

- Mark

Astro-Boy!!
http://www.zip.com.au/~astroboy/
Quote Reply
Re: password In reply to
Sorry, where do i get this password.txt?

Quote Reply
Re: password In reply to
Think my explanation is not correct. I think should be export..I want to export the default.pass. The password now are all encrypted...how do I export it to the normal password?

Quote Reply
Re: password In reply to
We all thought you were going the other way! Smile

I'm afraid there is no way to decrypt the .pass file.

Although I think it is a really bad idea to keep unencrypted passwords on your server, I'll give you the changes you need so that future passwords will not be encrypted.

In the code below, the lines in blue should be deleted and the lines in red should be added. I have added # characters to the beginning of the lines you should delete. If you want, you can just copy and paste the code below over the current code.

In db.cgi, sub admin_display --

Code:

open (PASS, ">>$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
# my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
# my $salt = join '', @salt_chars[rand 64, rand 64];
# my $encrypted = crypt($in{'password'}, $salt);
# print PASS "$in{'new_username'}:$encrypted:$in{'per_view'}:$in{'per_add'}:$in{'per_del'}:$in{'per_mod'}:$in{'per_admin'}\n";

print PASS "$in{'new_username'}:$in{'password'}:$in{'per_view'}:$in{'per_add'}:$in{'per_del'}:$in{'per_mod'}:$in{'per_admin'}\n";
close PASS;
$message = "User: $in{'new_username'} created.";
Also in db.cgi, sub admin_display:

Code:

open (PASS, ">$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
my $found = 0;
foreach $line (@lines) {
if ($line =~ /^$in{'username'}:/) {
$password = $in{'password'};
# my $password = (split (/:/, $line))[1];
# unless ($password eq $in{'password'}) {
# my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
# my $salt = join '', @salt_chars[rand 64, rand 64];
# $password = crypt($in{'password'}, $salt);
# }

print PASS "$in{'username'}:$password:$in{'per_view'}:$in{'per_add'}:$in{'per_del'}:$in{'per_mod'}:$in{'per_admin'}\n";
$found = 1;
}
else {
print PASS $line;
}
}
$in{'inquire'} = $in{'username'};
$found ?
($message = "User: $in{'username'} updated.") :
($message = "Unable to find user: '$in{'username'}' in the password file.");
In db.cgi, sub signup:

Code:

open (PASS, ">>$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
# srand( time() ^ ($$ + ($$ << 15)) ); # Seed Random Number
# my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
# my $salt = join '', @salt_chars[rand 64, rand 64];
# my $encrypted = crypt($in{'pw'}, $salt);

my $permissions = join (":", @auth_signup_permissions);

# print PASS "$in{'userid'}:$encrypted:$permissions\n";
print PASS "$in{'userid'}:$in{'pw'}:$permissions\n";
close PASS;
In auth.pl, sub auth_check_password:

Code:

elsif ($in{'login'}) { # The user is trying to login.
open (PASSWD, "<$auth_pw_file") || &cgierr("unable to open password file. Reason: $!\n");
@passwds = <PASSWD>; # Let's get the user id and passwords..
close PASSWD;
my ($view, $add, $mod, $del, $admin);
PASS: foreach $pass (@passwds) { # Go through each pass and see if we match..
next PASS if ($pass =~ /^$/); # Skip blank lines.
next PASS if ($pass =~ /^#/); # Skip Comment lines.
chomp ($pass);
($userid, $pw, $view, $add, $del, $mod, $admin) = split (/:/, $pass);
# if (($in{'userid'} eq $userid) && (crypt($in{'pw'}, $pw) eq $pw)) {
if (($in{'userid'} eq $userid) && ($in{'pw'} eq $pw)) {
srand( time() ^ ($$ + ($$ << 15)) ); # Seed Random Number
$db_uid = "$userid." . time() . (int(rand(100000)) + 1);# Build User Id
open(AUTH, ">$auth_dir/$db_uid") or &cgierr("unable to open auth file: $auth_dir/$uid. Reason: $!\n");
print AUTH "$uid: $ENV{'REMOTE_HOST'}\n";
close AUTH;
foreach (0 .. 3) { $permissions[$_] = int($permissions[$_]); }
&auth_logging('logged on', $userid) if ($auth_logging);
return ('ok', $db_uid, $view, $add, $del, $mod, $admin);
}
}
return ("invalid username/password");
}
JPD
Quote Reply
Re: password In reply to
oh no....I need to export the password after decrypting it...

Quote Reply
Re: password In reply to
You can not decrypt the password. It is not possible. The only thing you can do is to prevent future passwords from being encrypted.

Exporting unencrypted passwords would just be a matter of accessing the .pass file and writing the password to it. Is that what you want to do?


JPD
Quote Reply
Re: password In reply to
in the .pass, the password are all encrypted. I wanted to export all the Users to Access..but as the password is encrypted. I cant export the password.

Quote Reply
Re: password In reply to
That is correct. You cannot export them to Access. There is no way to decrypt the passwords. I'm sorry, but it's impossible to do.



JPD
Quote Reply
Re: password In reply to
Hm..can i just use a FORGET PASSWORD? mod?

As in the user enter their email, and the password will be send to them.note..it will send the old password to them, not generate a new password.

isit possible?

Quote Reply
Re: password In reply to
There is a mod a wrote a while back which takes out the encryption from the .pass file. I had deleted it because it is unsafe to use, but someone else saved it. You can pick it up at http://run-down.com/..._password_lookup.txt.

However, it will only work with passwords that are added to the .pass file after you take out the encryption. It will not work with encrypted passwords.

I'm not sure what you can do if you have a whole lot of users who are already signed up.


JPD