 |
 |
Find a programming school near you
php3-list | 199807
Date: 07/13/98
- Next message: Adam Roderick: "[PHP3] getting info from a socket connection"
- Previous message: Mark Musone: "Re: [PHP3] passwords"
- In reply to: Chad Cunningham: "Re: [PHP3] passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I would think that if you encrypt something using the crypt() function using
an encrypted password out of /etc/shadow or /etc/master.passwd as a salt
that the two could be used for compairson.
In other words. Say you have a user named John and his password is "doe".
In /etc/master.passwd the password would be displayed as "JDj29Hx.239h" or
something to that effect. You'd then do something like:
<?
$salt = "JDj29Hx.239h"; //Get this from /etc/master.passwd
if( !crypt($pass, $salt) ) {
echo("Error: bad password!);
exit;
}
?>
...to see if they match. '$pass' would be input from a form field or
whatever and you'd get '$salt' by searching through /etc/master.passwd for
the user and his respective encrypted passwd.
Or maybey I missed the question altogether in which case... nevermind. :)
Darrell
> -----Original Message-----
> From: Chad Cunningham [mailto:debtman <email protected>]
> Sent: Monday, July 13, 1998 10:45 AM
> To: Christopher Curtis
> Cc: php3 <email protected>
> Subject: Re: [PHP3] passwords
>
>
> That would be all too easy... The real problem is that I have to
> check encrypted passwords in /etc/shadow. There are two ways I
> can think to do this. 1) somehow have the OS do it for me. I
> don't think this is really possible, unless I write a telnet
> client that will simply try to log in as the user and check to
> see if it was successful. This sounds like too much work. 2)
> Somehow have PHP encrypt the password the same as the OS would,
> and then check the encrypted pass against the file. This doesn't
> sound like a real winner either.
>
> Hmmm. I thought someone once told me that perl had a function to
> encrypt I could use. If this can't be done easily with PHP,
> anyone know a way to do it with perl?
>
> ---
>
> Chad Cunningham
> http://socrates.mps.ohio-state.edu/~ccunning
>
> "Power corrupts. Absolute power is pretty neat."
> >On Sun, 12 Jul 1998, Chad Cunningham wrote:
> >
> >> way I can tap into the unix system username and passwords? I have a few
> >
> >I put some code on the PX that is essentially the same as Rasmus', except
> >it uses .htpasswd entries (as created by htpasswd). I believe
> these to be
> >of the same format at /etc/passwd entries but haven't tested it. You can
> >try this, presuming you have access to the password entries. I don't
> >think PHP has a getpwent() type function ...
> >
> >The code, btw, is under 'authentication', or some such.
> >
> >--
> >Christopher Curtis - http://www.ee.fit.edu/users/ccurtis
> >Florida Institute of Technology - System Administrator, Programmer
> >Melbourne, Florida USA - http://www.lp.org/
> >
> >
>
>
> Free web-based email, anytime, anywhere!
> ZDNet Mail - http://www.zdnetmail.com
>
> --
> PHP 3 Mailing List http://www.php.net/
> To unsubscribe send an empty message to php3-unsubscribe <email protected>
> To subscribe to the digest list: php3-digest-subscribe <email protected>
> For help: php3-help <email protected> Archive:
http://www.tryc.on.ca/php3.html
-- PHP 3 Mailing List http://www.php.net/ To unsubscribe send an empty message to php3-unsubscribe <email protected> To subscribe to the digest list: php3-digest-subscribe <email protected> For help: php3-help <email protected> Archive: http://www.tryc.on.ca/php3.html
- Next message: Adam Roderick: "[PHP3] getting info from a socket connection"
- Previous message: Mark Musone: "Re: [PHP3] passwords"
- In reply to: Chad Cunningham: "Re: [PHP3] passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
