gmishra has asked for the wisdom of the Perl Monks concerning the following question:

hi all,
Well.. i dont think.. this is the smartest way of doing it.. but i have written a program that takes user name and password from the console, and runs htpasswd, makes a directory in the docs folder with the user name and creates and htaccess file in that folder. I am basically executing unix commands.
My code is not generating any errors. It makes the required entry in "ulist" in the users directory. It creates the folder and creates the htacces file too.
However, when i enter the same as username/password at the network entry, they dont work.
The commands that i am running are : 
$htpasswd = "htpasswd -b /home/pathto ulist/ulist $user $password";
$makedir = "mkdir /home/pathtodir/$user";

[download]
The contents of the the .htaccess file that i am creating are: 
$mycontents = "AuthType Basic\nAuthName \"Site Access\"\nAuthUserFile 
+/home/pathtoulist/ulist\nrequire user $user\n";

[download]
Is there a problem, with my logic, cant i run htpasswd or create .htacces file this way?
Garry

Replies are listed 'Best First'.
Re: run htpasswd as unix command in the program
by tachyon (Chancellor) on Apr 13, 2004 at 06:52 UTC

    Your .htaccess file is probably the problem. Here is the code I use creating new virtual domains with a /private passwd protected area: 

    my $HTPASSWD_BIN    = '/usr/bin/htpasswd';

# add .htaccess and .htpasswd files
print "Writing .htaccess and .htpasswd files.....\n";
my $htpasswd_file   = "$WWW_ROOT/$domain/.htpasswd";
my $htaccess = get_htaccess( $domain, $htpasswd_file );
print "$htaccess\n" if $VERBOSE;
write_file( "$WWW_ROOT/$domain/public_html/private/.htaccess", $htacce
+ss );
print `$HTPASSWD_BIN -b -c $htpasswd_file $domain $password`;
print "Done!\n";


sub get_htaccess {
    my ($domain, $htpasswd ) = @_;
    return <<CODE;
AuthUserFile $htpasswd
AuthGroupFile /dev/null
AuthName $domain
AuthType Basic

<Limit GET POST>
require valid-user
CODE
}

    [download]

    The first thing to do is put a .htaccess file in the format shown above into any browsable dir. Don't worry about passwords yet (set AuthUserFile to /dev/null or to an existing file whatever). Now if you browse to that dir you should get prompted for a username/pass. If not check the perms on the .htaccess file - can user apache/nobody read it. If you don't get the prompt the underlying issue is in httpd.conf. Find this: 

    #
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileI
+nfo", 
# "AuthConfig", and "Limit"
#
    AllowOverride None

    [download]

    Change the 'None' to 'All' to get .htaccess working then RTFM to see if you really want 'All' or would prefer 'Some but not all :-)'

    Once you have the prompt the rest is details ie apache needs to be able to find and read the password file. As an aside you can send links that autologin in the form: 

    http://username:password@somedomain.com/private/

    [download]

    This is the same functionality that has been used to spoof bank domain names used for its original purpose.

    cheers

    tachyon

[reply]
[d/l]
[select]
      BINGO!!!!!
      Thanks so much!!
[reply]
Re: run htpasswd as unix command in the program
by oakbox (Chaplain) on Apr 14, 2004 at 06:16 UTC
    Umm. I usually skip right over using the htpasswd program from apache and just write the file directly from Perl.

    my $PASSFILE="/pathto/file/.htpasswd";
open(WRT,">$PASSFILE");

my $id_password;

# this is where I pull the list of id's
# and passwords from a database or file,
# then populate $id_password->{id}=pass;

$id_password->{'richard'} = "mypass";

foreach my $id (keys %{$id_password}){
  my $pass  = $id_password->{$id};
  my $pass2 = crypt($pass, "Ce");
  print WRT "$id:$pass2\n";
}

close(WRT);

    [download]
    You can use other two letter combinations in the seed part of that crypt statement. "Ce" or "xV" or whatever.

    oakbox

[reply]
[d/l]

Back to Seekers of Perl Wisdom