Join Up! 104882 members and counting!

Login To PHPBuilder User Name: Password: Register A New Site Account * NOTE: This is for logging into the main site only! To login to the forums, click here

Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Hiermenus DatabaseJournal Technology Jobs Covalent Extends Apache 2.0 to Microsoft ASP.NET ShopWorX - Support for Windows PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Network Risk Assessment Full-Featured, Java-Based Apache GUI Table types in MySQL: Part 1 - HEAP tables PHP and Adobe Flex Zend Studio For Eclipse Template Framework For Static Sites PHP Arrays: Advanced Iteration and Manipulation

php3-list | 199903

From: Richard Lynch (lynch <email protected>)
Date: 03/05/99

• Next message: Sanford Carr: "[PHP3] Printing newline in HTML output"
• Previous message: Chad Cunningham: "Re: [PHP3] Newbie Help"
• Maybe in reply to: Matthew Joseff: "[PHP3] .htpasswd"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 3:28 AM 3/6/99, Z.Nijmeyers <email protected> wrote:
>two things
>
>original post(bottom):
>using crypt() without a salt results in different outcomes everytime
>doesn't it?

Not exactly. They are picked randomly, so every approximately every
26*26th time, it will repeat. :-)

>what good is that?

But the salt is always the first two characters of the encrypted password,
so you can reconstruct it from crypt, the password, and the first two
characters of the encrypted password.

Why the hell do it that way?
Simple. There are plenty of morons who use the same password on every
system for, oh, 20 years or so. By picking a random salt, hackers who are
searching for matches within the passwords have only a 1 in 26*26 chance of
finding such a moron to target as a password to crack to get access to a
multitude of systems at once.

>answer(top):
>can someone point me to information about semaphores?
>don't know what the hell they are
>
>At 20:05 5-3-99 , you wrote:
>>Sorry to step in here, but it should be noted that this method, while
>>much better than nothing, still does not eliminate the possibility of
>>concurrent
>>attempts to write... After all, what if two processes at the same time, look
>>for the lock file,
>>it doesnt exist yet, so both processes attempt to create a lock file and
>>then happily
>>attempt to modify your file. Semaphores are the only complete way of
>>eliminating this problem.
>
>>-----Original Message-----
>>From: Cameron Just [mailto:ccjust <email protected>]
>>Sent: Thursday, March 04, 1999 10:31 PM
>>To: Matthew Joseff
>>Cc: php3 <email protected>
>>Subject: Re: [PHP3] .htpasswd
>>Heres some code we just wrote which adds users to a htpasswd file.
>>1. Creates a temp file called $htpasswdfile.".lock"
>>2. If this file exists then it waits until doesn't(This stops the
>>occurrence of two people adding at once)
>>3. It reads in an existing htpasswd file and dumps contents into and array.
>>4. Makes sure the new username doesn't already exist.(If it does removes
>>lock file and exits.)
>>5. Generates the new username password combination and tacks it onto the
>>end.
>>6. Writes the new htpasswd file.
>>7. Removes Lock file.
>>
>>The Lock file never gets written to it's just there to let other processes
>>know that the htpasswd file is currently being modified.
>>This could be done using semaphores but we didn't want to re-learn them
>>just yet :)
>>You could also write other functions to delete and modify users using the
>>same principles.
>>
>>VARIABLES USED
>>.............................
>>$username
>>$password
>>$htpasswdfile
>>............................
>>
>>function useradd($username,$password) {
>>global $htpasswdfile;
>>
>> while (file_exists($htpasswdfile.".lock")) {
>> sleep(1);
>> clearstatcache();
>> }
>>
>> symlink($htpasswdfile,$htpasswdfile.".lock");
>> $userfile = file($htpasswdfile);
>>
>> for ($i=0;$i<count($userfile);$i++) {
>> $uppairs[] = explode(":",$userfile[$i]);
>> $uppairs[$i][1] = trim($uppairs[$i][1]);
>> if ($uppairs[$i][0] == $username) {
>> unlink($htpasswdfile.".lock");
>> return -1;
>> }
>> }
>> $uoutfile .= $username.":".crypt($password)."\n";
>>
>> $ufp = fopen($htpasswdfile,"a");
>> fputs($ufp,$uoutfile);
>> fclose($ufp);
>> unlink($htpasswdfile.".lock");
>>}
>dag
>
>tinusz.
>
>
>--
>PHP 3 Mailing List http://www.php.net/
>To unsubscribe send an empty message to php3-unsubscribe <email protected>
>To subscribe to the digest list: php3-digest-subscribe <email protected>
>For help: php3-help <email protected> Archive: http://www.php.net/mailsearch.php3
>List administrator: zeev-list-admin <email protected>

-- "TANSTAAFL" Rich lynch <email protected> webmaster@ and www. all of:
R&B/jazz/blues/rock - jademaze.com music industry org - chatmusic.com
acoustic/funk/world-beat - astrakelly.com sculptures - olivierledoux.com
my own nascent company - l-i-e.com cool coffeehouse - uncommonground.com

--
PHP 3 Mailing List   http://www.php.net/
To unsubscribe send an empty message to php3-unsubscribe <email protected>
To subscribe to the digest list:  php3-digest-subscribe <email protected>
For help: php3-help <email protected>  Archive:  http://www.php.net/mailsearch.php3
List administrator:  zeev-list-admin <email protected>

• Next message: Sanford Carr: "[PHP3] Printing newline in HTML output"
• Previous message: Chad Cunningham: "Re: [PHP3] Newbie Help"
• Maybe in reply to: Matthew Joseff: "[PHP3] .htpasswd"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Columns / Articles | Tips / Quickies | News | News Linking and RSS Feeds | Shared Code Library Mail Archives | Support / Discussion Forums | Get Started! Links | Contribute! | Docs