perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Enrico Sorcinelli <e.sorcine...@pisa.iol.it>
Subject Re: [mp2.0] wrong crypt behavior
Date Fri, 06 Sep 2002 07:57:01 GMT
On Fri, 6 Sep 2002 08:23:33 +0200
Tomá¹ Procházka <kacer@pef.mendelu.cz> wrote:

> Hello,
> I use own PerlAuthenHandler module to verify users' login and password from
> database.
> 
> For comparsion of password user entered and password stored in database is
> crypt function used.
> 
> Here is the code:
> my $real_pass = $d->[0][0];	# crypted password from database
> my $salt = substr $real_pass,0,2;	# salt
> my $test_pass = crypt $sent_pw,$salt;	# in $sent_pw is the password user entered
> if ($real_pass eq $test_pass) {
> 	$r->subprocess_env(REMOTE_USER => $user);
> 	return OK;
> } else {
> 	$r->note_basic_auth_failure;
> 	return AUTH_REQUIRED;
> }
> 
> Problem:  Sometimes, although user entered correct password, is authentication
> rejected. I tried logging values of $real_pass and $test_pass and they
> differed. When I add line
> 
> $r->log_reason("User $user tested (".$real_pass."/".$test_pass.")...","");
> 
> just before 'if' statement behavior is most of time correct.
> 
> Can anybody help me? Thanks.
> 
> Kacer

Hi,
It seems to be not a mod_perl related problem.
However, try with:

	$test_pass = crypt $sent_pw,$real_pass;

Bye,
	- Enrico


Mime
View raw message