This queue is for tickets about the Apache-Htpasswd CPAN distribution.

Report information
The Basics
Id:
21018
Status:
resolved
Priority:
Low/Low

People
Owner:
Nobody in particular
Requestors:
webmaster [...] desipro.de
Cc:
AdminCc:

BugTracker
Severity:
(no value)
Broken in:
(no value)
Fixed in:
(no value)



Subject: Incorrect password but htCheckPassword returns valid
Date: Wed, 16 Aug 2006 15:38:25 +0200
To: <bug-Apache-Htpasswd@rt.cpan.org>
From: webmaster@desipro.de
I have just created a little sample: #!/usr/bin/perl use Apache::Htpasswd; $file = "/data/Testrepos/conf/htpasswd"; $foo = new Apache::Htpasswd({passwdFile => $file, ReadOnly => 1,} ); # Check that a password is correct $valid = $foo->htCheckPassword("admin", "superuse"); if($valid) { print "Pass is valid\n"; } else { print "Pass is invalid\n"; } But this sample code returns a valid pass in case I use the password: superuse, like in the above code. The real password however is: superuser , which also returns valid. If I use another pass for example: superus , it reaturns invalid as expected. Any Idea what is wrong here? Attached is the htpasswd file I used for the test, I create the passwords inside this file with htpasswd Thanks Richard

Message body not shown because it is not plain text.

I'm not sure this is a bug of the module. It's crypt() which is returning the same string for superuse. Also, I used your password file with Apache, and Basic Authentication also let me log in using 'superuse' as the password (since the module is to mimic what Apache Basic Auth would do, it is doing the right thing). perl -wle'@foo = qw(superuser superuse) ; print crypt($_, q{qt5ye7WIaY0SE}) for @foo;' Whatever you use for the SALT, those will return the same crypt()ed string. Cheers, Kevin On Wed Aug 16 09:38:42 2006, webmaster@desipro.de wrote:
Show quoted text
> I have just created a little sample: > > #!/usr/bin/perl > > use Apache::Htpasswd; > > $file = "/data/Testrepos/conf/htpasswd"; > > $foo = new Apache::Htpasswd({passwdFile => $file, > ReadOnly => 1,} > ); > > # Check that a password is correct > $valid = $foo->htCheckPassword("admin", "superuse"); > > if($valid) > { > print "Pass is valid\n"; > } > else > { > print "Pass is invalid\n"; > } > > > But this sample code returns a valid pass in case I use the password: > superuse, like in the above code. > > The real password however is: superuser , which also returns valid. If > I use another pass for example: superus , it reaturns invalid as > expected. > > Any Idea what is wrong here? > Attached is the htpasswd file I used for the test, I create the > passwords inside this file with htpasswd > > Thanks Richard


This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.