From owner-freebsd-questions Mon May 31 22:10:56 1999 Delivered-To: freebsd-questions@freebsd.org Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.144.32]) by hub.freebsd.org (Postfix) with ESMTP id 50B4A14D66 for ; Mon, 31 May 1999 22:10:53 -0700 (PDT) (envelope-from dwhite@resnet.uoregon.edu) Received: from localhost (dwhite@localhost) by resnet.uoregon.edu (8.8.8/8.8.8) with ESMTP id WAA04584; Mon, 31 May 1999 22:10:50 -0700 (PDT) (envelope-from dwhite@resnet.uoregon.edu) Date: Mon, 31 May 1999 22:10:49 -0700 (PDT) From: Doug White To: Ho Seng Yip Cc: FreeBSD Questions Subject: Re: Web Authentication In-Reply-To: <016d01bea9da$235fd400$10a815a5@oasis> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 29 May 1999, Ho Seng Yip wrote: > I am not too sure if this is possible but has anyone tried writing a perl > script which is able to authenticate a user via web using the password of > his shell account ? Oh, this is _EASY_. Untested, but easy. #!/usr/local/bin/perl5 #Script to authenticate Web users. Assumes username is on paramenter # 'name', password on 'passwd'. # # DANGER: This is VERY INSECURE since it gives passwords in the clear. # Use SSL and POST method, or better yet, don't use at all. use CGI qw/:standard :html3/; use User::pwent; $q = new CGI; print header; $passwd = $q->param{'passwd'}; $orig = pwent($q->param{'name'})->passwd; $try = crypt $passwd, $orig; if($orig eq $try) { print "Welcome aboard\n"; } else { print "Wrong password, fool!\n"; } Doug White Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve http://gladstone.uoregon.edu/~dwhite | www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message