I have a module to do this for a couple of websites:
###########################
# use mapps;
#
# CREATE TABLE users (
# auid int(10) unsigned NOT NULL auto_increment,
# auname varchar(30) default NULL,
# PRIMARY KEY (auid)
# ) TYPE=MyISAM;
#
# CREATE TABLE secrets (
# auid int(10) unsigned NOT NULL auto_increment,
# passwd char(40) NOT NULL default '',
# salt int(11) NOT NULL default '0',
# PRIMARY KEY (auid)
# ) TYPE=MyISAM DEFAULT;
##########################
package Mapps::Auth;
use Exporter;
use Digest::SHA1;
use DBI;
use warnings;
use strict;
use vars qw($VERSION @ISA @EXPORT);
our $VERSION = 1.00;
our @ISA = qw(Exporter);
our @EXPORT = qw(&new &auth);
sub new {
my $class = shift;
my $self = {};
return bless $self, $class;
}
sub auth {
my ($self, $dbh1);
my $uname = shift;
my $passwd = shift;
my ($dbsecret, $salt, $uid);
$dbh1 = DBI->connect('dbi:mysql:itiv', 'lwriter', '**I can't tell
+you!') or die "Couldn't connect: $dbh1->errstr";
# get secret from db
my $statement="SELECT
admin_users.auid,
auname,
passwd,
salt
FROM
admin_users,
secrets
WHERE
admin_users.auid=secrets.auid
AND
auname='$uname';";
my $sth = $dbh1->prepare($statement) or die "Couldn't prepare stat
+ement: ".$dbh1->errstr;
$sth->execute or die "Couldn't execute statement: ".$dbh1->errstr;
while (my $ref = $sth->fetchrow_hashref){
$dbsecret = $ref->{'passwd'};
$salt = $ref->{'salt'};
$uid = $ref->{'auid'};
}
# encrypts password using
# SHA-1 algorithm
my $sha1 = Digest::SHA1->new;
# reset algorithm
$sha1->hexdigest;
# encrypt
my $secret = Digest::SHA1::sha1_hex($passwd . $salt);
#die "$uid, $dbsecret, $secret, $salt ";
# does generated secret match database secret?
if ($secret eq $dbsecret){
return (1, $uid);
}
return (0, $uid);
}
1;
|