Re: [mp2.0] wrong crypt behavior

Fri, 06 Sep 2002 00:22:22 -0700 

On Fri, 6 Sep 2002 08:23:33 +0200
Tomáš Procházka <[EMAIL PROTECTED]> wrote:

> Hello,
> I use own PerlAuthenHandler module to verify users' login and password from
> database.
> 
> For comparsion of password user entered and password stored in database is
> crypt function used.
> 
> Here is the code:
> my $real_pass = $d->[0][0];   # crypted password from database
> my $salt = substr $real_pass,0,2;     # salt
> my $test_pass = crypt $sent_pw,$salt; # in $sent_pw is the password user entered
> if ($real_pass eq $test_pass) {
>       $r->subprocess_env(REMOTE_USER => $user);
>       return OK;
> } else {
>       $r->note_basic_auth_failure;
>       return AUTH_REQUIRED;
> }
> 
> Problem:  Sometimes, although user entered correct password, is authentication
> rejected. I tried logging values of $real_pass and $test_pass and they
> differed. When I add line
> 
> $r->log_reason("User $user tested (".$real_pass."/".$test_pass.")...","");
> 
> just before 'if' statement behavior is most of time correct.
> 
> Can anybody help me? Thanks.
> 
> Kacer

Hi,
It seems to be not a mod_perl related problem.
However, try with:

        $test_pass = crypt $sent_pw,$real_pass;

Bye,
        - Enrico

Reply via email to