Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Strange behaviour in Apache::Htpasswd::htpasswd()

by George_Sherston (Vicar)
on Oct 25, 2002 at 09:54 UTC ( #207944=perlquestion: print w/replies, xml ) Need Help??

George_Sherston has asked for the wisdom of the Perl Monks concerning the following question:

I'm using Apache::Htpasswd to manage log-ins to a web site. User/Password pairs are stored in a text file. It works fine for creating and deleting the User/Pwd pairs. But when I try to let users change their passwords I get into trouble.

What happens is that the password changes fine, but then the next user in the list doesn't work. When I look at the password file what I find is, when I'm changing password for user3,
before: 
user1:pwd1
user2:pwd2
user3:pwd3
user4:pwd4
user5:pwd5
user6:pwd6

[download]
after: 
user1:pwd1
user2:pwd2
user3:newpwd3:user4:pwd4
user5:pwd5
user6:pwd6

[download]
So user3 has a new password, but user4 can't log in at all (n.b. the extra : between newpwd3 and user4 is what actually appears, oddly enough).

I've stripped down the code that does this to the bearest essentials, and it still exhibits this behaviour: 
my $g = shift;
my $UserName = shift;
print h1 "new $g->{NewPassWord}, old $g->{OldPassWord}";
# these details are shown to be correct

my $pwd = new Apache::Htpasswd("/path/to/my/passwordfile");

#$pwd->htpasswd($UserName, $g->{NewPassWord}, $g->{OldPassWord});
# either with the line above or the line below it still goes wrong:
$pwd->htpasswd($UserName, $g->{NewPassWord}, 1);

[download]
I'm really stumped by this. One option is to delete the user and then create a new user with the same user name but a different password. But (A) that creates the very faint risk of a race condition and somebody else getting in with the same user name; and (B) it bothers me not to understand why this is going wrong. But I must confess I don't understand. I'd be most grateful to any sibling monk who can shed some light.

§ George Sherston

Replies are listed 'Best First'.
Re: Strange behaviour in Apache::Htpasswd::htpasswd()
by Jaap (Curate) on Oct 25, 2002 at 11:02 UTC
    If i look at the source of Apache::Htpasswd, it looks like this module assumes there is a colon ":" after every password like this: 
    user1:pwd1:
user2:pwd2:
user3:pwd3:
user4:pwd4:
user5:pwd5:
user6:pwd6:

    [download]
    After this colon there is a column for "info", whatever that may be. If i were you, i'd mail the owner/author of Apache::Htpasswd (Kevin Meltzer).
[reply]
[d/l]
Re: Strange behaviour in Apache::Htpasswd::htpasswd()
by adrianh (Chancellor) on Oct 25, 2002 at 11:45 UTC

    I'm not getting the same behaviour on my box.

    I notice that you're not checking the return values of htpasswd. The method can fail, so looking at the return values might give you a clue ;-)

    The following test script runs fine on my box...

    Read more... (1435 Bytes)
[reply]
[d/l]
      Thanks very much for that. Alas, when I run it on my machine I get the same problem. My output is: 
      1..13
ok 1 - user 1 added
ok 2 - user 2 added
ok 3 - user 3 added
ok 4 - user 4 added
ok 5 - user 5 added
ok 6 - user 6 added
ok 7 - password for user3 changed
ok 8 - user 1 still valid
ok 9 - user 2 still valid
ok 10 - user 3 still valid
not ok 11 - user 4 still valid
#     Failed test (ht.pl at line 33)
ok 12 - user 5 still valid
ok 13 - user 6 still valid
# Looks like you failed 1 tests of 13.

      [download]
      Also, when I comment out your last line and then examine the password file itself I find 
      user1:htcxz2m4/W7uI
user2:htAJmEn5bZEr2
user3:htw0q0ujGkzis:user4:htp108GVoN87g
user5:htntqB2/z6ld6
user6:htF9EduYYp1o6

      [download]
      ... which is the same prob I got before.

      Perhaps it's a version problem. I have Apache::Htpasswd v 1.5 and Test::More v 0.33. Also, I don't have method diag, which I'm substituting with die - this in itself wouldn't account for why it's not working for me, but might point to the difficulty. Except, I am guessing diag is a Test::More method?

      insta-update..Aha! It *was* a version problem. I installed v 1.5.5 and now get the right result from your script... and I doubt not, also from the script that was giving me trouble...

      insta-update 2Yes! It works now. Thanks very much - I'm most grateful.

      § George Sherston
[reply]
[d/l]
[select]

        This is yet another example of why I love Test::More, Test::Builder and friends so much.

        It is so much simpler to track down problems like this once you have a test script that just sits their and will succeed/fail without human intervention.

        If you've not done it already go read Test::Tutorial, The Joy of Test and What goes in a test suite?.

        Once you have become test infected you'll never turn back :-)

[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://207944]
Approved by robartes
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (1)
As of 2023-03-21 18:21 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Which type of climate do you prefer to live in?






    Results (60 votes). Check out past polls.
    Notices?