Skip Menu |

This queue is for tickets about the Apache-Htpasswd CPAN distribution.

Report information
The Basics
Id: 21018
Status: resolved
Priority: 0/
Queue: Apache-Htpasswd
People
Owner: Nobody in particular
Requestors: webmaster [...] desipro.de
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)
Attachments
htpasswd

History Show all quoted text
  Wed Aug 16 09:38:42 2006 webmaster [...] desipro.de - Ticket created
Subject: Incorrect password but htCheckPassword returns valid
Date: Wed, 16 Aug 2006 15:38:25 +0200
To: <bug-Apache-Htpasswd [...] rt.cpan.org>
From: webmaster [...] desipro.de
I have just created a little sample: #!/usr/bin/perl use Apache::Htpasswd; $file = "/data/Testrepos/conf/htpasswd"; $foo = new Apache::Htpasswd({passwdFile => $file, ReadOnly => 1,} ); # Check that a password is correct $valid = $foo->htCheckPassword("admin", "superuse"); if($valid) { print "Pass is valid\n"; } else { print "Pass is invalid\n"; } But this sample code returns a valid pass in case I use the password: superuse, like in the above code. The real password however is: superuser , which also returns valid. If I use another pass for example: superus , it reaturns invalid as expected. Any Idea what is wrong here? Attached is the htpasswd file I used for the test, I create the passwords inside this file with htpasswd Thanks Richard
Download htpasswd
application/octet-stream 44b

Message body not shown because it is not plain text.

  Thu Aug 17 11:21:46 2006 kmeltz [...] cpan.org - Correspondence added
I'm not sure this is a bug of the module. It's crypt() which is returning the same string for superuse. Also, I used your password file with Apache, and Basic Authentication also let me log in using 'superuse' as the password (since the module is to mimic what Apache Basic Auth would do, it is doing the right thing). perl -wle'@foo = qw(superuser superuse) ; print crypt($_, q{qt5ye7WIaY0SE}) for @foo;' Whatever you use for the SALT, those will return the same crypt()ed string. Cheers, Kevin On Wed Aug 16 09:38:42 2006, webmaster@desipro.de wrote: Show quoted text
> I have just created a little sample: > > #!/usr/bin/perl > > use Apache::Htpasswd; > > $file = "/data/Testrepos/conf/htpasswd"; > > $foo = new Apache::Htpasswd({passwdFile => $file, > ReadOnly => 1,} > ); > > # Check that a password is correct > $valid = $foo->htCheckPassword("admin", "superuse"); > > if($valid) > { > print "Pass is valid\n"; > } > else > { > print "Pass is invalid\n"; > } > > > But this sample code returns a valid pass in case I use the password: > superuse, like in the above code. > > The real password however is: superuser , which also returns valid. If > I use another pass for example: superus , it reaturns invalid as > expected. > > Any Idea what is wrong here? > Attached is the htpasswd file I used for the test, I create the > passwords inside this file with htpasswd > > Thanks Richard
  Thu Aug 17 11:21:47 2006 The RT System itself - Status changed from 'new' to 'open'
  Thu Aug 17 11:21:48 2006 kmeltz [...] cpan.org - Status changed from 'open' to 'resolved'