How can I see the encrypted password in .pass? or rather can I have a non encrypted password store in .pass?
Jun 1, 2000, 1:14 PM
Veteran / Moderator (8669 posts)
Jun 1, 2000, 1:14 PM
Post #2 of 18
Views: 9781
There is no way to decrypt the passwords in the .pass file.
Having unencrypted passwords in your .pass file is a very bad idea. I have experience with what can happen, and it isn't pretty.
JPD
Having unencrypted passwords in your .pass file is a very bad idea. I have experience with what can happen, and it isn't pretty.
JPD
Jun 1, 2000, 5:27 PM
Enthusiast (720 posts)
Jun 1, 2000, 5:27 PM
Post #3 of 18
Views: 9804
Why do you ask esk? If you have a heap of pre-defined usernames/passwords you'd like to import, there are scripts that can do such a thing.
- Mark
Astro-Boy!!
http://www.zip.com.au/~astroboy/
- Mark
Astro-Boy!!
http://www.zip.com.au/~astroboy/
Jun 1, 2000, 10:12 PM
Enthusiast (720 posts)
Jun 1, 2000, 10:12 PM
Post #5 of 18
Views: 9782
Ok, first, copy the code below and save it as convert.cgi in the same dir as db.cgi. Chmod the file 755
The lines in red are lines you will need to change for your settings.
------------------------------------
# Change the line above to match your path to perl
# ------------------------------------------------------
# CGI Script for converting delimited ascii text files
# into a password file for DB man.
#
# Data in password.txt should be of the format:
# username|password
# ------------------------------------------------------
$db_script_path = ".";
# change the line below to the name of your current password file
$password_file = $db_script_path . "/password.txt";
# Full path and file name of the password file.
$auth_pw_file = $db_script_path . "/default.pass";
# Permissions for every user (View, Add, Delete, Modify, Admin), 1 = enable, 0 = disable.
@auth_signup_permissions = (1,0,0,1,0);
open (PASS, "<$password_file") or
&cgierr("error in convert. unable to open password file: $password_file.\nReason: $!");
@lines=<PASS>;
close PASS;
srand( time() ^ ($$ + ($$ << 15)) ); # Seed Random Number
open (PASS, ">$auth_pw_file") or
&cgierr("error in convert. unable to open password file: $auth_pw_file.\nReason: $!");
foreach $line (@lines) {
# Defines the delimiter. In this case, a "|"
@data=split '\|',$line;
my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
my $encrypted = crypt($data[1], $salt);
my $permissions = join (":", @auth_signup_permissions);
print PASS "$data[0]:$encrypted:$permissions\n";
}
close PASS;
chmod 0666, $auth_pw_file;
print "Content-type: text/html\n\n
<html><head><title>File Converted</title><head>
<body>Your text file has been converted</body></html>";
sub cgierr {
# --------------------------------------------------------
# Displays any errors
if (!$html_headers_printed) {
print "Content-type: text/html\n\n";
$html_headers_printed = 1;
}
print "<PRE>\n\nCGI ERROR\n==========================================\n";
$_[0] and print "Error Message : $_[0]\n";
$0 and print "Script Location : $0\n";
$] and print "Perl Version : $]\n";
print "\n</PRE>";
exit -1;
}------------------------------------
The script is configured for use with a text file with pipe "|" delimiters. So your text document should look something like:
user1|pass
user2|pass
user3|pass
etc...
Then edit the red lines as directed by the comments, run it from your browser and you'll get a message when its done.
(JPDeni - perhpas it's time this went into the Resources?
)
Good luck,
- Mark
Astro-Boy!!
http://www.zip.com.au/~astroboy/
The lines in red are lines you will need to change for your settings.
------------------------------------
Code:
#!/usr/local/bin/perl # Change the line above to match your path to perl
# ------------------------------------------------------
# CGI Script for converting delimited ascii text files
# into a password file for DB man.
#
# Data in password.txt should be of the format:
# username|password
# ------------------------------------------------------
$db_script_path = ".";
# change the line below to the name of your current password file
$password_file = $db_script_path . "/password.txt";
# Full path and file name of the password file.
$auth_pw_file = $db_script_path . "/default.pass";
# Permissions for every user (View, Add, Delete, Modify, Admin), 1 = enable, 0 = disable.
@auth_signup_permissions = (1,0,0,1,0);
open (PASS, "<$password_file") or
&cgierr("error in convert. unable to open password file: $password_file.\nReason: $!");
@lines=<PASS>;
close PASS;
srand( time() ^ ($$ + ($$ << 15)) ); # Seed Random Number
open (PASS, ">$auth_pw_file") or
&cgierr("error in convert. unable to open password file: $auth_pw_file.\nReason: $!");
foreach $line (@lines) {
# Defines the delimiter. In this case, a "|"
@data=split '\|',$line;
my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
my $encrypted = crypt($data[1], $salt);
my $permissions = join (":", @auth_signup_permissions);
print PASS "$data[0]:$encrypted:$permissions\n";
}
close PASS;
chmod 0666, $auth_pw_file;
print "Content-type: text/html\n\n
<html><head><title>File Converted</title><head>
<body>Your text file has been converted</body></html>";
sub cgierr {
# --------------------------------------------------------
# Displays any errors
if (!$html_headers_printed) {
print "Content-type: text/html\n\n";
$html_headers_printed = 1;
}
print "<PRE>\n\nCGI ERROR\n==========================================\n";
$_[0] and print "Error Message : $_[0]\n";
$0 and print "Script Location : $0\n";
$] and print "Perl Version : $]\n";
print "\n</PRE>";
exit -1;
}
The script is configured for use with a text file with pipe "|" delimiters. So your text document should look something like:
user1|pass
user2|pass
user3|pass
etc...
Then edit the red lines as directed by the comments, run it from your browser and you'll get a message when its done.
(JPDeni - perhpas it's time this went into the Resources?
) Good luck,
- Mark
Astro-Boy!!
http://www.zip.com.au/~astroboy/
Jun 1, 2000, 11:31 PM
Enthusiast (720 posts)
Jun 1, 2000, 11:31 PM
Post #7 of 18
Views: 9802
I use it all the time... it works perfectly.
I've even adapted it to create dummy records for each user
The only criticism I would make is that for some odd reason, it double spaces everything... but that's easy to fix, just taking out the \n at the end of the 'print PASS...'
Although maybe that's because I don't have any closing delimiter in my password.txt, so its printing the carriage return too... which isnt all that odd really... (ok, so it needs some documentation)
- Mark
Astro-Boy!!
http://www.zip.com.au/~astroboy/
I've even adapted it to create dummy records for each user
The only criticism I would make is that for some odd reason, it double spaces everything... but that's easy to fix, just taking out the \n at the end of the 'print PASS...'
Although maybe that's because I don't have any closing delimiter in my password.txt, so its printing the carriage return too... which isnt all that odd really... (ok, so it needs some documentation)
- Mark
Astro-Boy!!
http://www.zip.com.au/~astroboy/
Jun 1, 2000, 11:36 PM
Veteran / Moderator (8669 posts)
Jun 1, 2000, 11:36 PM
Post #8 of 18
Views: 9787
I think I forgot this in my other code, too, but you need to get rid of the linefeed at the end of the .txt file.
After
foreach $line (@lines) {
add
chomp $line;
That should fix the problem.
Why don't you go ahead and make up a mod page for this?
JPD
After
foreach $line (@lines) {
add
chomp $line;
That should fix the problem.
Why don't you go ahead and make up a mod page for this?
JPD
Jun 1, 2000, 11:46 PM
Enthusiast (720 posts)
Jun 1, 2000, 11:46 PM
Post #9 of 18
Views: 9806
It also works if you remove the carriage return in the 'print PASS'
(which I figured out and mentioned in my above post.... but didnt edit it in time - you're too quick)
Either way is good... but your way is probobly the best, because it wont matter if they have a closing "|" or not... (by my understanding anyway)
I can certainly make the mod page... though it may have to wait till I've finished work
(2 hours to the weekend - and freedom!)
- Mark
Astro-Boy!!
http://www.zip.com.au/~astroboy/
(which I figured out and mentioned in my above post.... but didnt edit it in time - you're too quick)
Either way is good... but your way is probobly the best, because it wont matter if they have a closing "|" or not... (by my understanding anyway)
I can certainly make the mod page... though it may have to wait till I've finished work
(2 hours to the weekend - and freedom!
) - Mark
Astro-Boy!!
http://www.zip.com.au/~astroboy/
Jun 2, 2000, 1:34 PM
Veteran / Moderator (8669 posts)
Jun 2, 2000, 1:34 PM
Post #12 of 18
Views: 9762
We all thought you were going the other way!
I'm afraid there is no way to decrypt the .pass file.
Although I think it is a really bad idea to keep unencrypted passwords on your server, I'll give you the changes you need so that future passwords will not be encrypted.
In the code below, the lines in blue should be deleted and the lines in red should be added. I have added # characters to the beginning of the lines you should delete. If you want, you can just copy and paste the code below over the current code.
In db.cgi, sub admin_display --
open (PASS, ">>$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
# my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
# my $salt = join '', @salt_chars[rand 64, rand 64];
# my $encrypted = crypt($in{'password'}, $salt);
# print PASS "$in{'new_username'}:$encrypted:$in{'per_view'}:$in{'per_add'}:$in{'per_del'}:$in{'per_mod'}:$in{'per_admin'}\n";
print PASS "$in{'new_username'}:$in{'password'}:$in{'per_view'}:$in{'per_add'}:$in{'per_del'}:$in{'per_mod'}:$in{'per_admin'}\n";
close PASS;
$message = "User: $in{'new_username'} created.";
Also in db.cgi, sub admin_display:
open (PASS, ">$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
my $found = 0;
foreach $line (@lines) {
if ($line =~ /^$in{'username'}:/) {
$password = $in{'password'};
# my $password = (split (/:/, $line))[1];
# unless ($password eq $in{'password'}) {
# my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
# my $salt = join '', @salt_chars[rand 64, rand 64];
# $password = crypt($in{'password'}, $salt);
# }
print PASS "$in{'username'}:$password:$in{'per_view'}:$in{'per_add'}:$in{'per_del'}:$in{'per_mod'}:$in{'per_admin'}\n";
$found = 1;
}
else {
print PASS $line;
}
}
$in{'inquire'} = $in{'username'};
$found ?
($message = "User: $in{'username'} updated.") :
($message = "Unable to find user: '$in{'username'}' in the password file.");
In db.cgi, sub signup:
open (PASS, ">>$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
# srand( time() ^ ($$ + ($$ << 15)) ); # Seed Random Number
# my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
# my $salt = join '', @salt_chars[rand 64, rand 64];
# my $encrypted = crypt($in{'pw'}, $salt);
my $permissions = join (":", @auth_signup_permissions);
# print PASS "$in{'userid'}:$encrypted:$permissions\n";
print PASS "$in{'userid'}:$in{'pw'}:$permissions\n";
close PASS;
In auth.pl, sub auth_check_password:
elsif ($in{'login'}) { # The user is trying to login.
open (PASSWD, "<$auth_pw_file") || &cgierr("unable to open password file. Reason: $!\n");
@passwds = <PASSWD>; # Let's get the user id and passwords..
close PASSWD;
my ($view, $add, $mod, $del, $admin);
PASS: foreach $pass (@passwds) { # Go through each pass and see if we match..
next PASS if ($pass =~ /^$/); # Skip blank lines.
next PASS if ($pass =~ /^#/); # Skip Comment lines.
chomp ($pass);
($userid, $pw, $view, $add, $del, $mod, $admin) = split (/:/, $pass);
# if (($in{'userid'} eq $userid) && (crypt($in{'pw'}, $pw) eq $pw)) {
if (($in{'userid'} eq $userid) && ($in{'pw'} eq $pw)) {
srand( time() ^ ($$ + ($$ << 15)) ); # Seed Random Number
$db_uid = "$userid." . time() . (int(rand(100000)) + 1);# Build User Id
open(AUTH, ">$auth_dir/$db_uid") or &cgierr("unable to open auth file: $auth_dir/$uid. Reason: $!\n");
print AUTH "$uid: $ENV{'REMOTE_HOST'}\n";
close AUTH;
foreach (0 .. 3) { $permissions[$_] = int($permissions[$_]); }
&auth_logging('logged on', $userid) if ($auth_logging);
return ('ok', $db_uid, $view, $add, $del, $mod, $admin);
}
}
return ("invalid username/password");
}
JPD
I'm afraid there is no way to decrypt the .pass file.
Although I think it is a really bad idea to keep unencrypted passwords on your server, I'll give you the changes you need so that future passwords will not be encrypted.
In the code below, the lines in blue should be deleted and the lines in red should be added. I have added # characters to the beginning of the lines you should delete. If you want, you can just copy and paste the code below over the current code.
In db.cgi, sub admin_display --
Code:
open (PASS, ">>$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
# my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
# my $salt = join '', @salt_chars[rand 64, rand 64];
# my $encrypted = crypt($in{'password'}, $salt);
# print PASS "$in{'new_username'}:$encrypted:$in{'per_view'}:$in{'per_add'}:$in{'per_del'}:$in{'per_mod'}:$in{'per_admin'}\n";
print PASS "$in{'new_username'}:$in{'password'}:$in{'per_view'}:$in{'per_add'}:$in{'per_del'}:$in{'per_mod'}:$in{'per_admin'}\n";
close PASS;
$message = "User: $in{'new_username'} created.";
Code:
open (PASS, ">$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
my $found = 0;
foreach $line (@lines) {
if ($line =~ /^$in{'username'}:/) {
$password = $in{'password'};
# my $password = (split (/:/, $line))[1];
# unless ($password eq $in{'password'}) {
# my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
# my $salt = join '', @salt_chars[rand 64, rand 64];
# $password = crypt($in{'password'}, $salt);
# }
print PASS "$in{'username'}:$password:$in{'per_view'}:$in{'per_add'}:$in{'per_del'}:$in{'per_mod'}:$in{'per_admin'}\n";
$found = 1;
}
else {
print PASS $line;
}
}
$in{'inquire'} = $in{'username'};
$found ?
($message = "User: $in{'username'} updated.") :
($message = "Unable to find user: '$in{'username'}' in the password file.");
Code:
open (PASS, ">>$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
# srand( time() ^ ($$ + ($$ << 15)) ); # Seed Random Number
# my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
# my $salt = join '', @salt_chars[rand 64, rand 64];
# my $encrypted = crypt($in{'pw'}, $salt);
my $permissions = join (":", @auth_signup_permissions);
# print PASS "$in{'userid'}:$encrypted:$permissions\n";
print PASS "$in{'userid'}:$in{'pw'}:$permissions\n";
close PASS;
Code:
elsif ($in{'login'}) { # The user is trying to login.
open (PASSWD, "<$auth_pw_file") || &cgierr("unable to open password file. Reason: $!\n");
@passwds = <PASSWD>; # Let's get the user id and passwords..
close PASSWD;
my ($view, $add, $mod, $del, $admin);
PASS: foreach $pass (@passwds) { # Go through each pass and see if we match..
next PASS if ($pass =~ /^$/); # Skip blank lines.
next PASS if ($pass =~ /^#/); # Skip Comment lines.
chomp ($pass);
($userid, $pw, $view, $add, $del, $mod, $admin) = split (/:/, $pass);
# if (($in{'userid'} eq $userid) && (crypt($in{'pw'}, $pw) eq $pw)) {
if (($in{'userid'} eq $userid) && ($in{'pw'} eq $pw)) {
srand( time() ^ ($$ + ($$ << 15)) ); # Seed Random Number
$db_uid = "$userid." . time() . (int(rand(100000)) + 1);# Build User Id
open(AUTH, ">$auth_dir/$db_uid") or &cgierr("unable to open auth file: $auth_dir/$uid. Reason: $!\n");
print AUTH "$uid: $ENV{'REMOTE_HOST'}\n";
close AUTH;
foreach (0 .. 3) { $permissions[$_] = int($permissions[$_]); }
&auth_logging('logged on', $userid) if ($auth_logging);
return ('ok', $db_uid, $view, $add, $del, $mod, $admin);
}
}
return ("invalid username/password");
}
Jun 2, 2000, 11:06 PM
Veteran / Moderator (8669 posts)
Jun 2, 2000, 11:06 PM
Post #14 of 18
Views: 9733
You can not decrypt the password. It is not possible. The only thing you can do is to prevent future passwords from being encrypted.
Exporting unencrypted passwords would just be a matter of accessing the .pass file and writing the password to it. Is that what you want to do?
JPD
Exporting unencrypted passwords would just be a matter of accessing the .pass file and writing the password to it. Is that what you want to do?
JPD
Jun 2, 2000, 11:20 PM
Novice (7 posts)
Jun 2, 2000, 11:20 PM
Post #17 of 18
Views: 9716
Hm..can i just use a FORGET PASSWORD? mod?
As in the user enter their email, and the password will be send to them.note..it will send the old password to them, not generate a new password.
isit possible?
As in the user enter their email, and the password will be send to them.note..it will send the old password to them, not generate a new password.
isit possible?
Jun 3, 2000, 12:44 AM
Veteran / Moderator (8669 posts)
Jun 3, 2000, 12:44 AM
Post #18 of 18
Views: 9717
There is a mod a wrote a while back which takes out the encryption from the .pass file. I had deleted it because it is unsafe to use, but someone else saved it. You can pick it up at http://run-down.com/..._password_lookup.txt.
However, it will only work with passwords that are added to the .pass file after you take out the encryption. It will not work with encrypted passwords.
I'm not sure what you can do if you have a whole lot of users who are already signed up.
JPD
However, it will only work with passwords that are added to the .pass file after you take out the encryption. It will not work with encrypted passwords.
I'm not sure what you can do if you have a whole lot of users who are already signed up.
JPD