Board index   FAQ   Search  
Register  Login
Board index PHP PHP General

login script and /etc/passwd

General discussions related to php

Moderators: macek, egami, gesf

login script and /etc/passwd

Postby leon » Wed Aug 14, 2002 12:49 am

Hello ,

I am trying to create a protected helpdesk for some user I have on my server . I want authorize only users on my /etc/passwd file.

With perl is quite easy using the Auth::PAM module however I am not safe with perl .....

so with php , what I have to do to create a login script , using the user and password available on /etc/passwd dir ?.

Thannk you
User avatar
leon
New php-forum User
New php-forum User
 
Posts: 36
Joined: Sat Aug 03, 2002 11:54 am

Postby Pim » Wed Aug 14, 2002 1:28 am

Hi Leon,

The easiest way is to create a user database and keep it seperate from the etc/password. And create a 'web user' and 'web helpdesk person' in linux as accounts. So all helpdesk personal will need to authorise themselves through db connection with user 'web helpdesk person' and normal account may login in using db user 'web user'.

Pim.
Pim
New php-forum User
New php-forum User
 
Posts: 18
Joined: Tue Aug 06, 2002 3:51 am
Location: Netherlands

Postby Jay » Wed Aug 14, 2002 2:55 am

If you're using Apache you can use HTTP Authentication by adapting it to your own needs (getting the data from a database or whatever)
Jay
 

Postby leon » Wed Aug 14, 2002 5:42 am

Thank you all .

For Pim : do you have any idea of what I have to do to extract user and password from /etc/passwd to store it on a mysql database ?


For Jay : ... the problem is how to do to recognize user and password in /etc/passwd using php .
User avatar
leon
New php-forum User
New php-forum User
 
Posts: 36
Joined: Sat Aug 03, 2002 11:54 am

Postby Jay » Wed Aug 14, 2002 8:15 am

leon wrote:For Jay : ... the problem is how to do to recognize user and password in /etc/passwd using php .

Thats for you to work out depending how your user names and passwords are currently stored!
Jay
 

Postby leon » Thu Aug 15, 2002 4:43 am

Jay wrote:
leon wrote:For Jay : ... the problem is how to do to recognize user and password in /etc/passwd using php .

Thats for you to work out depending how your user names and passwords are currently stored!



red hat linux , store the user in /etc/passwd and password are shadowed .It means that the password are stored and enrypted in /etc/shadow .

So to create authentication with /etc/passwd is not easy as it seems .. :(


for example if /etc/passwd contains this line for user experiment....

experiment:x:32017:519::/home/experiment:/usr/local/cpanel/bin/noshell

(the 'x' after experiment means that the password is encrypted and stored on /etc/shadow)


....then /etc/shadow contains this line

experiment:LMQm2./MddWA.:11887::::::

So the encrypted password is LMQm2./MddWA .


So my question could be also this :
How to create php authentication using /etc/shadow file (however consider that /etc/shadow is accessible only from root , so the problem should be solved using /etc/passwd , I think... ) ?
User avatar
leon
New php-forum User
New php-forum User
 
Posts: 36
Joined: Sat Aug 03, 2002 11:54 am

Postby Pim » Thu Aug 15, 2002 5:06 am

I think you are choosing the wrong authorisation method!!

Do your authorisation with apache or maintain a database yourself.
Remember person does not logon to your machine itself the page that was loaded does. Therefor you don't need to keep track of your users as actual user accounts on your linux machine.

Pim
Pim
New php-forum User
New php-forum User
 
Posts: 18
Joined: Tue Aug 06, 2002 3:51 am
Location: Netherlands

Postby leon » Thu Aug 15, 2002 5:31 am

I FOUND the solution in this way .

I created a cron which copy /etc/shadow in /etc/shadow2 .

shadow2 is readable so I can work with it .


With following code .......


Code: Select all

<?php
$user ='test';
$password ='testpwd';
$passwdFile='/etc/shadow2';

$users=file($passwdFile);

if (!$user=preg_grep("/^$userName/",$users))
{
    echo "User '$userName' not found!";
}
else

{

    list(,$passwdInDB)=explode(':',array_pop($user));
    if (crypt($userPasswd,$passwdInDB) == $passwdInDB)

    {
       echo "Password verified!";
    }

    else
    {
        echo "Passwords don't match!";
       
}
        }
       
     

?>




......I solve the problem , however there is still something wrong on it .

This line ...

Code: Select all
list(,$passwdInDB)=explode(':',array_pop($user));
if (crypt($userPasswd,$passwdInDB) == $passwdInDB)


should search the user ($user) and crypt the password after :

It works , but instead to get the $user it get the LAST user
in the list .


For example ... if the list contained in /etc/shadow2 is ;

useralfa:ZqrYf9Sia4xz6:11906::::::
userbravo:9IpB2JN0oVAUA:11912::::::
usercharlie:9IpB2JN0oVAUA:11912::::::

and I insert $user= 'userbravo';

the code crypt the user usercharlie instead of userbravo .
Can you find the error ?


thank you.
User avatar
leon
New php-forum User
New php-forum User
 
Posts: 36
Joined: Sat Aug 03, 2002 11:54 am


Return to PHP General

Who is online

Users browsing this forum: No registered users and 0 guests

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.