perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tomáš Procházka <ka...@pef.mendelu.cz>
Subject [mp2.0] wrong crypt behavior
Date Fri, 06 Sep 2002 06:23:33 GMT
Hello,
I use own PerlAuthenHandler module to verify users' login and password from
database.

For comparsion of password user entered and password stored in database is
crypt function used.

Here is the code:
my $real_pass = $d->[0][0];	# crypted password from database
my $salt = substr $real_pass,0,2;	# salt
my $test_pass = crypt $sent_pw,$salt;	# in $sent_pw is the password user entered
if ($real_pass eq $test_pass) {
	$r->subprocess_env(REMOTE_USER => $user);
	return OK;
} else {
	$r->note_basic_auth_failure;
	return AUTH_REQUIRED;
}

Problem:  Sometimes, although user entered correct password, is authentication
rejected. I tried logging values of $real_pass and $test_pass and they
differed. When I add line

$r->log_reason("User $user tested (".$real_pass."/".$test_pass.")...","");

just before 'if' statement behavior is most of time correct.

Can anybody help me? Thanks.

Kacer

Mime
View raw message