Hello ,

I am trying to create a protected helpdesk for some user I have on my server . I want authorize only users on my /etc/passwd file.

With perl is quite easy using the Auth:πŸ˜›AM module however I am not safe with perl .....

so with php , what I have to do to create a login script , using the user and password available on /etc/passwd dir ?.

Thank you

p.s. this post is discussed here too
http://www.php-forum.com/p/viewtopic.php?t=153

    Try putting the following into a .htaccess file (making sure that the AllowOverride directive is set to All):

    AuthType Basic
    AuthName Authentication
    AuthUserFile /etc/passwd
    Require valid-user

    Not sure if this will work, but it might be worth a try...

      Unfortunatly Apache stores it's passwords in a different format to unix.

      But, you can parse the passwd file and use crypt() to test.

      <?php

$userName='USERNAME';
$userPasswd='PASSWORD';
$passwdFile='/etc/passwd';

$users=file($passwdFile);

if (!$user=preg_grep("/^$userName/",$users))
{
	echo "User '$userName' not found!";
}
else
{
	list(,$passwdInDB)=explode(':',array_pop($user));
	if (crypt($userPasswd,$passwdInDB) == $passwdInDB)
	{
	   echo "Password verified!";
	}
	else
	{
		echo "Passwords don't match!";
	}
}
?>

        for piersk
        I tried it of course πŸ™‚ , the problem is not easy as it seems since the password are shadowed on /etc/shadow

          Originally posted by dannys
          Unfortunatly Apache stores it's passwords in a different format to unix.

          But, you can parse the passwd file and use crypt() to test. 

          <?php

$userName='USERNAME';
$userPasswd='PASSWORD';
$passwdFile='/etc/passwd';

$users=file($passwdFile);

if (!$user=preg_grep("/^$userName/",$users))
{
	echo "User '$userName' not found!";
}
else
{
	list(,$passwdInDB)=explode(':',array_pop($user));
	if (crypt($userPasswd,$passwdInDB) == $passwdInDB)
	{
	   echo "Password verified!";
	}
	else
	{
		echo "Passwords don't match!";
	}
}
?>

          [/B]

          Hello ,

          thank you , however I receive always Passwords don't match! .
          I have put a echo for crypt($userPasswd,$passwdInD😎 and the value returned doesn't match with the password stored on /etc/shadow (password shadowed)....

            Originally posted by dannys
            Unfortunatly Apache stores it's passwords in a different format to unix.

            But, you can parse the passwd file and use crypt() to test. 

            <?php

$userName='USERNAME';
$userPasswd='PASSWORD';
$passwdFile='/etc/passwd';

$users=file($passwdFile);

if (!$user=preg_grep("/^$userName/",$users))
{
	echo "User '$userName' not found!";
}
else
{
	list(,$passwdInDB)=explode(':',array_pop($user));
	if (crypt($userPasswd,$passwdInDB) == $passwdInDB)
	{
	   echo "Password verified!";
	}
	else
	{
		echo "Passwords don't match!";
	}
}
?>

            [/B]

            Hello Danny ,

            I solved the problem creating a copy of /etc/shadow in /etc/shadow2 and setting 755 permission on
            shadow2 .

            then on your script above I replaced /etc/passwd with /etc/shadow2

            The problem now is with these 2 lines of your script

            {

list(,$passwdInDB)=explode(':',array_pop($user));
if (crypt($userPasswd,$passwdInDB) == $passwdInDB)

{

            Your code , search the last user in the list and check the password for it , and not the user $userName .
            Do you find the error in your code ?

            Thank you !!!!!!

              No, it works fine here - what does your /etc/shadow2 look like? I think it may be different to my passwd file (I don't use linux - I use FreeBSD).

              If you could post a line or 2 from the file, it would help.

                Originally posted by dannys
                No, it works fine here - what does your /etc/shadow2 look like? I think it may be different to my passwd file (I don't use linux - I use FreeBSD).

                If you could post a line or 2 from the file, it would help.

                Hello ,

                my file is like this

                 
one:$1$P5ZvyRDb$1Q5A3163ipii4NCoxef3z1:11904::::::
two:$1$PwUeQvVg$PIUIWMaY8rcv3SrhKZLQj1:11905::::::
three:ZqrYf9Sia4xz6:11906::::::
four:9IpB2JN0oVAUA:11912::::::

                If I insert $user= 'two' , your script return doesn't match ,
                and if I put an echo for (crypt($userPasswd,$passwdInD😎 ,
                it returns me 9IpB2JN0oVAUA , which is the password for user
                four (the last user in the list instead of two ).

                Thank you

                  Just tried with your passwd file - entered 'two' and it came back with the following password (I added ' echo "<br>PasswdInDB was: $passwdInDB";' to the end of the code btw):

                  PasswdInDB was: $1$PwUeQvVg$PIUIWMaY8rcv3SrhKZLQj1

                  Which is correct, isn't it?

                  What happens if you add var_dump($user) to the end of the code?

                    Originally posted by dannys
                    Just tried with your passwd file - entered 'two' and it came back with the following password (I added ' echo "<br>PasswdInDB was: $passwdInDB";' to the end of the code btw):

                    PasswdInDB was: $1$PwUeQvVg$PIUIWMaY8rcv3SrhKZLQj1

                    Which is correct, isn't it?

                    What happens if you add var_dump($user) to the end of the code?

                    Hello ,

                    if I insert "two" I receive this

                    Passwords don't match! 
9IjurpaLgbTiQ
PasswdInDB was: 9IpB2JN0oVAUA

                    Instead of $1$PwUeQvVg$PIUIWMaY8rcv3SrhKZLQj1

                    ?

                    If I insert var_dump($user) i receive this ........

                    Passwords don't match! 
9IjurpaLgbTiQ
PasswdInDB was: 9IpB2JN0oVAUAarray(3) { [0]=> string(52) "one:$1$P5ZvyRDb$1Q5A3163ipii4NCoxef3z1:11904:::::: " [1]=> string(52) "two:$1$PwUeQvVg$PIUIWMaY8ucv3SrhKZLQj1:11905:::::: " [2]=> string(33) "three:ZqrYf9Sia4xz6:11906:::::: "

                    ?

                    I am using this code

                    <?php
$user ='two'; 
$password ='onlyatest'; 
$passwdFile='shadow';

$users=file($passwdFile);

if (!$user=preg_grep("/^$userName/",$users))
{
    echo "User '$userName' not found!";
}
else

{

list(,$passwdInDB)=explode(':',array_pop($user));
if (crypt($userPasswd,$passwdInDB) == $passwdInDB)

{
   echo "Password verified!";
}

else
{
    echo "Passwords don't match! <br>";
    echo (crypt($userPasswd,$passwdInDB));
    echo "<br>PasswdInDB was: $passwdInDB";
}
        }
        var_dump($user)

?>

                    this is the shadow file ;

                    one:$1$P5ZvyRDb$1Q5A3163ipii4NCoxef3z1:11904::::::
two:$1$PwUeQvVg$PIUIWMaY8ucv3SrhKZLQj1:11905::::::
three:ZqrYf9Sia4xz6:11906::::::
four:9IpB2JN0oVAUA:11912::::::

                    What's wrong ? Any idea ? Thank you

                      Ok, that certainly shouldn't be happening. What version of PHP are you running?

                      I've zipped and attached my code and my passwd file (based on your passwd file) - which works here.

                        Originally posted by dannys
                        Ok, that certainly shouldn't be happening. What version of PHP are you running?

                        I've zipped and attached my code and my passwd file (based on your passwd file) - which works here.

                        I will try your script now and I will tell you , thank you .

                        However i am running php 4.2.2 ..

                        Thanks for now , going to try .

                          Great dannys , your script work fine for me too πŸ™‚

                          Thank you !!

                            Gald it worked at last 'cos I was all out of ideas πŸ™‚ I'm running PHP4.2.2 aswell (shouldn't everyone).

                              Write a Reply...