I'm working on a site that has been left to die for a few years. There is a login to access a certain part of the site. I can't figure out where this password is stored.
When the private html page is accessed the box pops up asking for credentials. It says 'A username and password are being requested by http://www..com. The site says: "Restricted Area"'
If incorrect credentials are supplied it gives a 401 error. Suggestions?
If it helps, its running on a centos linux box. (I think).
Thanks!
8  2684  @DevInCode
Could be a .htaccess restriction (look for an .htaccess file - it will be hidden, usually) or it may be happening on the server (apache, whatever).
I see, I can see the user name, but obviously the password is blanked out. That isn't the issue though. I really don't want the popup box on the webpage, its just a poor way of asking for information. Is it possible I could get this information from the user then authenticate with PHP?
@DevInCode
You could do it all with PHP, sure.
Store the username and a hash of the password in some sort of database (can be flat-file, or in a database such as MySQL).
On pages that need a level of restriction, require the user to enter a username and password, compare these to the stored values. If they match, awesome, let the in. If not, refuse them access.
I can do it with a database, yes. But is there any way to to it with the passwd file?
@DevInCode
The passwd file? If the password is stored inside it, then yes.
The user seems to match without a problem, but when I enter the password it never finds a match. When I print out the hashed password the user entered and the password from the passwd file, they look identical. Why aren't they matching?
ideas? -
-
foreach ($data as $line)
-
{
-
$arr = explode(":", $line);
-
-
-
-
// if username matches
-
// test password
-
-
if ($arr[0] === $user)
-
{
-
$temp .= $user;
-
$temp .= "|";
-
$temp .= $arr[0];
-
// get salt and crypt()
-
$salt = substr($arr[1], 0, 2);
-
echo "user found";
-
// if match, user/pass combination is correct
-
// return 1
-
$temp .= "<br>" . $arr[1] . "<br>" . crypt($pass, $salt);
-
if ($arr[1] === crypt($pass, $salt))
-
{
-
$result = 1;
-
$temp .= "user pass good";
-
break;
-
}
-
// otherwise return 0
-
else
-
{
-
$result = 0;
-
break;
-
}
-
}
-
-
}
Glad we could be of help ;)
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Todd Johnson |
last post by:
I am creating a dialog in wxPython for log in
purposes. Basically when the user clicks the ok
button, the dialog box saves the user name and
password as class attributes. Then as long as the...
|
by: Max |
last post by:
Hello all,
I am trying to protect a page within my site with a JS password
scheme.
Now I know JS can be quite easily "circumvented", but I came by a code
below.
My question is:
1. Is there...
|
by: jrefactors |
last post by:
I want to ask how password is stored and how to check the
authentication?
I have heard password is never encrypted and decrypted, but it is
hashed.
For example, consider a simple email logon...
|
by: M P |
last post by:
Hi!
Im planning to encrypt the password that was stored on msaccess database and
also the text inputed from a password textbox. Also, if I want to get the
password from the database, I need to...
|
by: Elroyskimms |
last post by:
The form has two text fields... one called txtEmail and one called
txtPassword. The username is the email address (txtEmail) and the
password is txtPassword.
Storing cookie using the following...
|
by: Dino M. Buljubasic |
last post by:
I am storing encrypted password in registry and using it then to log on my
application. However, my objConn.Open(str_connecton_string) crashes the
application if I use the encrypted password.
...
|
by: David Garamond |
last post by:
I read that the password hash in pg_shadow is salted with username. Is
this still the case? If so, since probably 99% of all PostgreSQL has
"postgres" as the superuser name, wouldn't it be better...
|
by: tony |
last post by:
I'm designing a survey form page that will be fairly complex and am
becoming confident enough with PHP now to tackle most things.
(Thanks to everyone here who has helped)
Before I go too far...
|
by: custommx3 |
last post by:
I have designed a site that requires users to login. Me being new to
php, I hired a guy to help me setup the database. He set it up and it
works flawlessly. Well.. instead of helping me finish the...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
