#!/usr/bin/perl $U="ronzo"; $P=q/"[test]"/; print "P=$P \n"; $P=~s/\\/\\\\\\\\/g; # escape the \ for shell $P=~s/"/\\"/g; # escape the " for shell $P=~s/'/\\'/g; # escape the ' for shell $P=~s/`/\\`/g; # escape the ` for shell $P=~s/!/\\!/g; # escape the ! for shell print "P=", $P, " \n"; #run ftp command with `` my $a=`(ftp -n -v - <<EOF open localhost user $U $P bye EOF ) 2>&1`; # a good connect will return a 230 User X Logged In if ($a =~ /230 /) { print "Password Good \n"; } else { print "Password BAD \n"; }
It's not the best, but I tested it and it works, even with the funny character passwords. Just gotta get all the shell characters escaped if you run into any bad passwords that can't verify properly. Since I grew up on shell scripting I still rely on it for solutions.
On the FTP, -n does not auto login
-v for verbose, so it returns the 230 message.
- just the minus, for using STDIN for FTP commands
At the end of the FTP is the 2>&1, this just redirects STDERR back to STDOUT, this way $a has all the output.
I've used this method in the past, and you don't have to deal with having read access to /etc/shadow or special permissions to run other programs that can read the shadow file. The Apache user can do this just fine.
ronzo
In reply to Re: Using Unix passwd/shadow to authenticate in perl
by ronzomckelvey
in thread Using Unix passwd/shadow to authenticate in perl
by bennomatic
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |