I'm working on a site that has been left to die for a few years. There is a login to access a certain part of the site. I can't figure out where this password is stored.
When the private html page is accessed the box pops up asking for credentials. It says 'A username and password are being requested by http://www..com. The site says: "Restricted Area"'
If incorrect credentials are supplied it gives a 401 error. Suggestions?
If it helps, its running on a centos linux box. (I think).
Thanks!
8  2683  @DevInCode
Could be a .htaccess restriction (look for an .htaccess file - it will be hidden, usually) or it may be happening on the server (apache, whatever).
I see, I can see the user name, but obviously the password is blanked out. That isn't the issue though. I really don't want the popup box on the webpage, its just a poor way of asking for information. Is it possible I could get this information from the user then authenticate with PHP?
@DevInCode
You could do it all with PHP, sure.
Store the username and a hash of the password in some sort of database (can be flat-file, or in a database such as MySQL).
On pages that need a level of restriction, require the user to enter a username and password, compare these to the stored values. If they match, awesome, let the in. If not, refuse them access.
I can do it with a database, yes. But is there any way to to it with the passwd file?
@DevInCode
The passwd file? If the password is stored inside it, then yes.
The user seems to match without a problem, but when I enter the password it never finds a match. When I print out the hashed password the user entered and the password from the passwd file, they look identical. Why aren't they matching?
ideas? -
-
foreach ($data as $line)
-
{
-
$arr = explode(":", $line);
-
-
-
-
// if username matches
-
// test password
-
-
if ($arr[0] === $user)
-
{
-
$temp .= $user;
-
$temp .= "|";
-
$temp .= $arr[0];
-
// get salt and crypt()
-
$salt = substr($arr[1], 0, 2);
-
echo "user found";
-
// if match, user/pass combination is correct
-
// return 1
-
$temp .= "<br>" . $arr[1] . "<br>" . crypt($pass, $salt);
-
if ($arr[1] === crypt($pass, $salt))
-
{
-
$result = 1;
-
$temp .= "user pass good";
-
break;
-
}
-
// otherwise return 0
-
else
-
{
-
$result = 0;
-
break;
-
}
-
}
-
-
}
Glad we could be of help ;)
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Todd Johnson |
last post by:
I am creating a dialog in wxPython for log in
purposes. Basically when the user clicks the ok
button, the dialog box saves the user name and
password as class attributes. Then as long as the...
|
by: Max |
last post by:
Hello all,
I am trying to protect a page within my site with a JS password
scheme.
Now I know JS can be quite easily "circumvented", but I came by a code
below.
My question is:
1. Is there...
|
by: jrefactors |
last post by:
I want to ask how password is stored and how to check the
authentication?
I have heard password is never encrypted and decrypted, but it is
hashed.
For example, consider a simple email logon...
|
by: M P |
last post by:
Hi!
Im planning to encrypt the password that was stored on msaccess database and
also the text inputed from a password textbox. Also, if I want to get the
password from the database, I need to...
|
by: Elroyskimms |
last post by:
The form has two text fields... one called txtEmail and one called
txtPassword. The username is the email address (txtEmail) and the
password is txtPassword.
Storing cookie using the following...
|
by: Dino M. Buljubasic |
last post by:
I am storing encrypted password in registry and using it then to log on my
application. However, my objConn.Open(str_connecton_string) crashes the
application if I use the encrypted password.
...
|
by: David Garamond |
last post by:
I read that the password hash in pg_shadow is salted with username. Is
this still the case? If so, since probably 99% of all PostgreSQL has
"postgres" as the superuser name, wouldn't it be better...
|
by: tony |
last post by:
I'm designing a survey form page that will be fairly complex and am
becoming confident enough with PHP now to tackle most things.
(Thanks to everyone here who has helped)
Before I go too far...
|
by: custommx3 |
last post by:
I have designed a site that requires users to login. Me being new to
php, I hired a guy to help me setup the database. He set it up and it
works flawlessly. Well.. instead of helping me finish the...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |
