PERL automation of .htpasswd

I have asked this question before as have many other people but I have never seen an anwser which solved my particular setup.

I need a PERL script which can automatically generate the .htpasswd file for use with .htaccess on an Apache server.  I have only got access to PERL 5.001 and do not have the facility to upgrade nor use modules other than those available with the standard PERL distribution.

At present (as I am sure you are aware), to create a username and password pair I have to telnet in and then type:-

htpasswd -c file user

enter the password twice and then for each subsequent user do the same but minus the -c switch.

What I need is a PERL script which can do this by reading a text file of names and unencrypted passwords and then create the .htpasswd file of names and encrypted passwords. I understand that htpasswd uses something along the lines of:

to64(&salt[0],rand(),2);
cpw = crypt(pw,salt);

but how to use this in a PERL script to create my .htpasswd file I have no idea.

Given the example below I need a script to convert it into the appropriate .htpasswd file:

user1:password1
user2:password2
user3:password3

Thanks in advance
LVL 5
Trevor013097Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ozoCommented:
@to64=('0'..'9','A'..'Z','a'..'z','.','/');
srand($$+time);
while( <DATA> ){
  ($user,$pw) = split/:/;
  $salt=$to64[rand(64)].$to64[rand(64)];
  $cpw = crypt($pw,$salt);
  print "$user:$cpw\n";
}
__DATA__
user1:password1
user2:password2
user3:password3

0
Trevor013097Author Commented:
Hi ozo,

well the code certainly generator a name/encrypted password pair but when itested it with a suitable .htaccess restriction the passwords failed.

This is the code I used to generate the password file which appeared to work okay (ie I had a file with encrypted passwords):


@to64=('0'..'9','A'..'Z','a'..'z','.','/');
srand($$+time);

################################################################
#
# Return Content-type of HTML
#
################################################################

print "Content-type: text/html\n\n";


open(PasswordData, "../docs/secret/passworddata.txt")
      or die "can't open ../docs/secret/passworddata.txt for reading because $!";
            open(PasswordFile, ">../docs/secret/.htpasswd")
                  or die "can't open ../docs/secret/.htpasswd for writing because $!";
      while( <PasswordData> ){
        ($user,$pw) = split(/:/);
        $salt=$to64[rand(64)].$to64[rand(64)];
        $cpw = crypt($pw,$salt);
#        print "$user:$cpw\n";
        print PasswordFile "$user:$cpw\n";
      }
      close(PasswordData);
close(PasswordFile);

  print "All Passwords encrypted\n\n";

1;


The passworddata.txt file looks like this:-

trev:letmein
me:password

and the resulting file (.htpasswd) looks like this:-

trev:SER8liZGw04zo
me:jCnBGraYXCZKQ

but when I put a .htaccess file in a directory and LIMIT to users *trev* and *me* the pop-up appears requesting the password but it fails with authorization required.


0
ozoCommented:
Well, I did forget to do a
  chomp;
before the
  ($user,$pw) = split(/:/);
which would have changed the
trev:SER8liZGw04zo
to
trev:SE7gum0tJ6hP6
but
me:jCnBGraYXCZKQ
would be the same, since "password" has 8 letters already...
What does
htpasswd -c file user
create?
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Trevor013097Author Commented:
Okay ozo,

I think we have a small problem.  When I added a chomp; line the new passwords generated were:-

trev:14916O3L./PTQ
me:pYw5pQf1/i11w

however when I create them using

htpasswd -c file user

and then

htpasswd file user

I get:-

trev:psTPlr1R2qDEU
me:8m7UxPXfRw7/2

I get the feeling that the PERL script is encrypting with a different key or am I barking up the wrong tree?


0
Trevor013097Author Commented:
ozo,

I don't fully understand this passwording thing.  Everytime I re-run the program I get a different set of name/password pairs, I assume due to the random number and variable time being used.  So how therefore does the htpasswd program on the server know how to decrypt the passowrd in order to verify it?  Am I just being stupid? (probably..)


0
ozoCommented:
the salt is the first 2 characters of cpw, so to verify it check that
crypt($pw,$cpw) eq $cpw;
The documentation for crypt explains this.

(and setting $salt to 'ps' or '8m' instead of random does give the same thing as htpasswd file user)

Sorry again for the chomp problem.
0
hutterCommented:
Trevor,

you can't verify the passwords by generating them again. The same password entered at two different points in time will yield different output. But the encrypted passwords will be recognized. I have tried the script and it works wonderfully. The passwords are accepted by the Apache server with no problems.
0
Trevor013097Author Commented:
excellent ozo, it works.

Absolutley no idea what was causing me problems.  I simply recreated the password file and then the user *me* worked fine but still user *trev* failed.  ithen closed my browser and retried and it worked. I think it had something to do with the proxy I am running through, however it all works fine.  Thanks for your help, post your answer and I'll grade it.


0
ozoCommented:
$cpw = crypt($pw,$salt);
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Trevor013097Author Commented:
Thanks ozo,

Has been nice working with you again.


0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Perl

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.