[PHP] Unix passwd file
I apologize if this is might be OT. I have 5,000+ users in a unix passwd file that I would like to move to a MySQL table to build a login system with php. I could then use this table for Postfix and Radius. I know about the getpwent in perl, but does anyone know if I populate a MySQL table with the login/password can php then use that encrypted password to validate users? TIA -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Unix passwd file
You can just put the username and password in the MySQL database as normal text, then build your applications that are reading them to check the passwords with the UNIX Crypt function. In other words, just as your passwords are stored in a plain text file, store them in plain text in the db. Then to confirm them, take the first 2 characters of the crypted password, use them as the salt to crypt the password the user entered, and compare the results. If that are the same, they entered a valid password. I guess I'm assuming your existing passwords are in crypt format, but the same process is probably possible with whatever format they are in. HTH, Peter Janett New Media One Web Services New Upgrades Are Now Live!!! Windows 2000 accounts - Cold Fusion 5.0 and Imail 7.1 Sun Solaris (UNIX) accounts - PHP 4.1.2, mod_perl/1.25, Stronghold/3.0 (Apache/1.3.22), MySQL 3.23.43 PostgreSQL coming soon! http://www.newmediaone.net [EMAIL PROTECTED] (303)828-9882 - Original Message - From: Scott [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 04, 2002 4:43 AM Subject: [PHP] Unix passwd file I apologize if this is might be OT. I have 5,000+ users in a unix passwd file that I would like to move to a MySQL table to build a login system with php. I could then use this table for Postfix and Radius. I know about the getpwent in perl, but does anyone know if I populate a MySQL table with the login/password can php then use that encrypted password to validate users? TIA -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Unix passwd file
Scott wrote: [...] does anyone know if I populate a MySQL table with the login/password can php then use that encrypted password to validate users? http://www.php.net/manual/en/function.crypt.php should be the answer to your questions. -- jakob -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Unix passwd file
Peter, I think he's stuck with the parsing part? you can file() the /etc/passwd file then explode() it and add the username,passhash parts and/or more values into the mysql table. Elias, Peter Janett [EMAIL PROTECTED] wrote in message 026a01c26b94$7b45d0a0$55285742@peters">news:026a01c26b94$7b45d0a0$55285742@peters... You can just put the username and password in the MySQL database as normal text, then build your applications that are reading them to check the passwords with the UNIX Crypt function. In other words, just as your passwords are stored in a plain text file, store them in plain text in the db. Then to confirm them, take the first 2 characters of the crypted password, use them as the salt to crypt the password the user entered, and compare the results. If that are the same, they entered a valid password. I guess I'm assuming your existing passwords are in crypt format, but the same process is probably possible with whatever format they are in. HTH, Peter Janett New Media One Web Services New Upgrades Are Now Live!!! Windows 2000 accounts - Cold Fusion 5.0 and Imail 7.1 Sun Solaris (UNIX) accounts - PHP 4.1.2, mod_perl/1.25, Stronghold/3.0 (Apache/1.3.22), MySQL 3.23.43 PostgreSQL coming soon! http://www.newmediaone.net [EMAIL PROTECTED] (303)828-9882 - Original Message - From: Scott [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 04, 2002 4:43 AM Subject: [PHP] Unix passwd file I apologize if this is might be OT. I have 5,000+ users in a unix passwd file that I would like to move to a MySQL table to build a login system with php. I could then use this table for Postfix and Radius. I know about the getpwent in perl, but does anyone know if I populate a MySQL table with the login/password can php then use that encrypted password to validate users? TIA -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Unix passwd file
I found this code in a web (or somthink like this), but can remever
where to give the credits, sorry.
include_once('/etc/php/bases.php');
function autentifica($user,$pass)
{
global $db1Host, $db1User, $db1Pass;
$auth = false;
mysql_connect($db1Host,$db1User,$db1Pass)
or die ('Unable to connect to server.');
// Select database on MySQL server
mysql_select_db('mysql')
or die ('Unable to select database.');
// Formulate the query
$sql = SELECT user FROM user WHERE User='$user'
password=PASSWORD('$pass');
// Execute the query and put results in $result
$result = mysql_query($sql)
or die ('Unable to execute query.');
// Get number of rows in $result.
$num = mysql_numrows( $result );
if ($num != 0) {
// A matching row was found - the user is authenticated.
$auth = true;
}
return $auth;
}
Josep R. Raurell
En/na Scott ha escrit:
I apologize if this is might be OT. I have 5,000+ users in a unix passwd
file that I would like to move to a MySQL table to build a login system
with php. I could then use this table for Postfix and Radius. I know
about the getpwent in perl, but does anyone know if I populate a MySQL
table with the login/password can php then use that encrypted password to
validate users?
TIA
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Unix passwd file
At 04:54 AM 10/4/2002 -0600, Peter Janett wrote: You can just put the username and password in the MySQL database as normal text, then build your applications that are reading them to check the passwords with the UNIX Crypt function. Basically that is what I am trying to do. I just converted a BSDI passwd file to Linux to move the users to a new server. Now I want to move the user accounts to a MySQL table that Postfix, Radius and Apache/PHP can share to authenticate the users. In other words, just as your passwords are stored in a plain text file, store them in plain text in the db. Then to confirm them, take the first 2 characters of the crypted password, use them as the salt to crypt the password the user entered, and compare the results. If that are the same, they entered a valid password. So this would validate the user? What about if the user wants to change their password? In PHP can I crypt backwards and still be compatible with the Linux passwd file? I am trying to avoid manually typing in over 5,000 usernames and passwords. -Scott --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.391 / Virus Database: 222 - Release Date: 9/19/2002 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Unix passwd file
At 01:54 PM 10/4/2002 +0200, lallous wrote: Peter, I think he's stuck with the parsing part? you can file() the /etc/passwd file then explode() it and add the username,passhash parts and/or more values into the mysql table. I can parse the file just fine, what I am trying to do is actually make use of the data coming out of the passwd file. In other words if you set up a simple table: UserID Username Password And then populate the table using a PHP script that parses the /etc/passwd file and then write your app to verify the user on that data can it be done? Username is no problem, the Unix encrypted password is the one I am trying to work out. If the user has a password of: phprocks and in /etc/passwd that encrypted password works out to be: !#@KJCKMSD, then I validate the user, they enter the correct username and password, will PHP be able to validate that the password they entered matches the encrypted password. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.391 / Virus Database: 222 - Release Date: 9/19/2002 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Unix passwd file
Username is no problem, the Unix encrypted
password is the one I am trying to work out. If the user has a
password of: phprocks and in /etc/passwd
that encrypted password works out to be: !#@KJCKMSD, then I
validate the user, they enter the correct username and password,
will PHP be able to validate that the password they entered matches
the encrypted password.
Just as Peter said, you can use crypt to check the passwords, it'll be
something like:
if ( '!#@KJCKMSD' == crypt( 'phprocks', substr( 'phprocks', 0, 2 ) ) )
{
// Validation succeeded
}
else
{
// Invalid password
}
Crypt can not be unencrypted, but you can of course compare the crypted
passwords...
HTH
Erwin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
