Re: Passing values to htdigest from command line problem

If you're doing what I think you're doing, I'd suggest a completely different plan of attack.

It looks like you're using some kind of Apache htauth thingy for access control. Frankly, there are better and more secure ways of doing this.

I'd look into putting your usernames and passwords into a database (I'd suggest MySQL) and using perl to validate them. You could use sessions (either CGI::Session or Apache::Session) to keep track of authorization and have each page in the directory check the session to see if the user has been authorized. If you must be registered in order to post, this offers a much better way of keeping track of your users. I'd try and stay away from htdigest, htpass, and .htaccess unless there is no other option.

Comment on Re: Passing values to htdigest from command line problem

Replies are listed 'Best First'.
Re^2: Passing values to htdigest from command line problem by Nik (Initiate) on Oct 21, 2006 at 15:16 UTC
Why, whats wrong with htdigest? Fianlly i did this and it worked! use Digest::MD5; ... ... #*********CHECK IF USER ALREADY EXISTS & ITS NOT AN AUTOMATED SCRIPT +****** $select = $dbh->prepare( "SELECT username, date FROM users WHERE usern +ame = ? AND date > DATE_SUB(NOW(), INTERVAL 5 MINUTE)" ); $select->execute( $username ); if ( $select->rows ) { print h1( {class=>'cyan'}, "Αυτός &#9 +59; Χρήστης υπά&#96 +1;χει ήδη! Διάλ&#94 +9;ξε άλλο όνομ&#945 +; χρήστη!" ); exit 0; } #*******ADD NEW USER TO THE DIGEST PASSWORD FILE & TO THE DATABASE +******** my $user = $username; my $realm = "You Must Be Registered In Order To Post!"; my $pass = $password; open(FILE, ">>/path/to/password/file") or die $!; print FILE "$user:$realm:" . Digest::MD5::md5_hex("$user:$realm:$ +pass") . "\n"; close(FILE); $select = $dbh->prepare( "INSERT INTO users (username, password, email +, date, host) VALUES (?, ?, ?, ?, ?)" ); $select->execute( $username, $password, $email, $date, $host); [download] Isnt that approach an ok option to use? ps. Is it safe to keep the password file inside the www directory or put it outside the webroot better?!	[reply] [d/l]

Replies are listed 'Best First'.

Re^2: Passing values to htdigest from command line problem
by Nik (Initiate) on Oct 21, 2006 at 15:16 UTC

use Digest::MD5;
...
...
#***********CHECK IF USER ALREADY EXISTS & ITS NOT AN AUTOMATED SCRIPT
+**********
$select = $dbh->prepare( "SELECT username, date FROM users WHERE usern
+ame = ? AND date > DATE_SUB(NOW(), INTERVAL 5 MINUTE)" );
$select->execute( $username );

if ( $select->rows ) {
        print h1( {class=>'cyan'}, "&#913;&#965;&#964;&#972;&#962; &#9
+59; &#935;&#961;&#942;&#963;&#964;&#951;&#962; &#965;&#960;&#940;&#96
+1;&#967;&#949;&#953; &#942;&#948;&#951;! &#916;&#953;&#940;&#955;&#94
+9;&#958;&#949; &#940;&#955;&#955;&#959; &#972;&#957;&#959;&#956;&#945
+; &#967;&#961;&#942;&#963;&#964;&#951;!" );
        exit 0;
}


#***********ADD NEW USER TO THE DIGEST PASSWORD FILE & TO THE DATABASE
+**********
my $user  = $username;
my $realm = "You Must Be Registered In Order To Post!";
my $pass  = $password;

open(FILE, ">>/path/to/password/file") or die $!;
     print FILE "$user:$realm:" . Digest::MD5::md5_hex("$user:$realm:$
+pass") . "\n";
close(FILE);

$select = $dbh->prepare( "INSERT INTO users (username, password, email
+, date, host) VALUES (?, ?, ?, ?, ?)" );
$select->execute( $username, $password, $email, $date, $host);
[download]

[reply]
[d/l]