Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

PERL automation of .htpasswd

Posted on 1998-03-10
10
Medium Priority
?
565 Views
Last Modified: 2012-06-27
I have asked this question before as have many other people but I have never seen an anwser which solved my particular setup.

I need a PERL script which can automatically generate the .htpasswd file for use with .htaccess on an Apache server.  I have only got access to PERL 5.001 and do not have the facility to upgrade nor use modules other than those available with the standard PERL distribution.

At present (as I am sure you are aware), to create a username and password pair I have to telnet in and then type:-

htpasswd -c file user

enter the password twice and then for each subsequent user do the same but minus the -c switch.

What I need is a PERL script which can do this by reading a text file of names and unencrypted passwords and then create the .htpasswd file of names and encrypted passwords. I understand that htpasswd uses something along the lines of:

to64(&salt[0],rand(),2);
cpw = crypt(pw,salt);

but how to use this in a PERL script to create my .htpasswd file I have no idea.

Given the example below I need a script to convert it into the appropriate .htpasswd file:

user1:password1
user2:password2
user3:password3

Thanks in advance
0
Comment
Question by:Trevor013097
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 84

Expert Comment

by:ozo
ID: 1209871
@to64=('0'..'9','A'..'Z','a'..'z','.','/');
srand($$+time);
while( <DATA> ){
  ($user,$pw) = split/:/;
  $salt=$to64[rand(64)].$to64[rand(64)];
  $cpw = crypt($pw,$salt);
  print "$user:$cpw\n";
}
__DATA__
user1:password1
user2:password2
user3:password3

0
 
LVL 5

Author Comment

by:Trevor013097
ID: 1209872
Hi ozo,

well the code certainly generator a name/encrypted password pair but when itested it with a suitable .htaccess restriction the passwords failed.

This is the code I used to generate the password file which appeared to work okay (ie I had a file with encrypted passwords):


@to64=('0'..'9','A'..'Z','a'..'z','.','/');
srand($$+time);

################################################################
#
# Return Content-type of HTML
#
################################################################

print "Content-type: text/html\n\n";


open(PasswordData, "../docs/secret/passworddata.txt")
      or die "can't open ../docs/secret/passworddata.txt for reading because $!";
            open(PasswordFile, ">../docs/secret/.htpasswd")
                  or die "can't open ../docs/secret/.htpasswd for writing because $!";
      while( <PasswordData> ){
        ($user,$pw) = split(/:/);
        $salt=$to64[rand(64)].$to64[rand(64)];
        $cpw = crypt($pw,$salt);
#        print "$user:$cpw\n";
        print PasswordFile "$user:$cpw\n";
      }
      close(PasswordData);
close(PasswordFile);

  print "All Passwords encrypted\n\n";

1;


The passworddata.txt file looks like this:-

trev:letmein
me:password

and the resulting file (.htpasswd) looks like this:-

trev:SER8liZGw04zo
me:jCnBGraYXCZKQ

but when I put a .htaccess file in a directory and LIMIT to users *trev* and *me* the pop-up appears requesting the password but it fails with authorization required.


0
 
LVL 84

Expert Comment

by:ozo
ID: 1209873
Well, I did forget to do a
  chomp;
before the
  ($user,$pw) = split(/:/);
which would have changed the
trev:SER8liZGw04zo
to
trev:SE7gum0tJ6hP6
but
me:jCnBGraYXCZKQ
would be the same, since "password" has 8 letters already...
What does
htpasswd -c file user
create?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Author Comment

by:Trevor013097
ID: 1209874
Okay ozo,

I think we have a small problem.  When I added a chomp; line the new passwords generated were:-

trev:14916O3L./PTQ
me:pYw5pQf1/i11w

however when I create them using

htpasswd -c file user

and then

htpasswd file user

I get:-

trev:psTPlr1R2qDEU
me:8m7UxPXfRw7/2

I get the feeling that the PERL script is encrypting with a different key or am I barking up the wrong tree?


0
 
LVL 5

Author Comment

by:Trevor013097
ID: 1209875
ozo,

I don't fully understand this passwording thing.  Everytime I re-run the program I get a different set of name/password pairs, I assume due to the random number and variable time being used.  So how therefore does the htpasswd program on the server know how to decrypt the passowrd in order to verify it?  Am I just being stupid? (probably..)


0
 
LVL 84

Expert Comment

by:ozo
ID: 1209876
the salt is the first 2 characters of cpw, so to verify it check that
crypt($pw,$cpw) eq $cpw;
The documentation for crypt explains this.

(and setting $salt to 'ps' or '8m' instead of random does give the same thing as htpasswd file user)

Sorry again for the chomp problem.
0
 
LVL 1

Expert Comment

by:hutter
ID: 1209877
Trevor,

you can't verify the passwords by generating them again. The same password entered at two different points in time will yield different output. But the encrypted passwords will be recognized. I have tried the script and it works wonderfully. The passwords are accepted by the Apache server with no problems.
0
 
LVL 5

Author Comment

by:Trevor013097
ID: 1209878
excellent ozo, it works.

Absolutley no idea what was causing me problems.  I simply recreated the password file and then the user *me* worked fine but still user *trev* failed.  ithen closed my browser and retried and it worked. I think it had something to do with the proxy I am running through, however it all works fine.  Thanks for your help, post your answer and I'll grade it.


0
 
LVL 84

Accepted Solution

by:
ozo earned 1600 total points
ID: 1209879
$cpw = crypt($pw,$salt);
0
 
LVL 5

Author Comment

by:Trevor013097
ID: 1209880
Thanks ozo,

Has been nice working with you again.


0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many time we need to work with multiple files all together. If its windows system then we can use some GUI based editor to accomplish our task. But what if you are on putty or have only CLI(Command Line Interface) as an option to  edit your files. I…
There are many situations when we need to display the data in sorted order. For example: Student details by name or by rank or by total marks etc. If you are working on data driven based projects then you will use sorting techniques very frequently.…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Six Sigma Control Plans

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question