Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Strange behaviour in Apache::Htpasswd::htpasswd()

by George_Sherston (Vicar)
on Oct 25, 2002 at 09:54 UTC ( #207944=perlquestion: print w/ replies, xml ) Need Help??
George_Sherston has asked for the wisdom of the Perl Monks concerning the following question:

I'm using Apache::Htpasswd to manage log-ins to a web site. User/Password pairs are stored in a text file. It works fine for creating and deleting the User/Pwd pairs. But when I try to let users change their passwords I get into trouble.

What happens is that the password changes fine, but then the next user in the list doesn't work. When I look at the password file what I find is, when I'm changing password for user3,
before:
user1:pwd1 user2:pwd2 user3:pwd3 user4:pwd4 user5:pwd5 user6:pwd6
after:
user1:pwd1 user2:pwd2 user3:newpwd3:user4:pwd4 user5:pwd5 user6:pwd6
So user3 has a new password, but user4 can't log in at all (n.b. the extra : between newpwd3 and user4 is what actually appears, oddly enough).

I've stripped down the code that does this to the bearest essentials, and it still exhibits this behaviour:
my $g = shift; my $UserName = shift; print h1 "new $g->{NewPassWord}, old $g->{OldPassWord}"; # these details are shown to be correct my $pwd = new Apache::Htpasswd("/path/to/my/passwordfile"); #$pwd->htpasswd($UserName, $g->{NewPassWord}, $g->{OldPassWord}); # either with the line above or the line below it still goes wrong: $pwd->htpasswd($UserName, $g->{NewPassWord}, 1);
I'm really stumped by this. One option is to delete the user and then create a new user with the same user name but a different password. But (A) that creates the very faint risk of a race condition and somebody else getting in with the same user name; and (B) it bothers me not to understand why this is going wrong. But I must confess I don't understand. I'd be most grateful to any sibling monk who can shed some light.

George Sherston

Comment on Strange behaviour in Apache::Htpasswd::htpasswd()
Select or Download Code
Re: Strange behaviour in Apache::Htpasswd::htpasswd()
by Jaap (Curate) on Oct 25, 2002 at 11:02 UTC
    If i look at the source of Apache::Htpasswd, it looks like this module assumes there is a colon ":" after every password like this:
    user1:pwd1: user2:pwd2: user3:pwd3: user4:pwd4: user5:pwd5: user6:pwd6:
    After this colon there is a column for "info", whatever that may be. If i were you, i'd mail the owner/author of Apache::Htpasswd (Kevin Meltzer).
Re: Strange behaviour in Apache::Htpasswd::htpasswd()
by adrianh (Chancellor) on Oct 25, 2002 at 11:45 UTC

    I'm not getting the same behaviour on my box.

    I notice that you're not checking the return values of htpasswd. The method can fail, so looking at the return values might give you a clue ;-)

    The following test script runs fine on my box...

      Thanks very much for that. Alas, when I run it on my machine I get the same problem. My output is:
      1..13 ok 1 - user 1 added ok 2 - user 2 added ok 3 - user 3 added ok 4 - user 4 added ok 5 - user 5 added ok 6 - user 6 added ok 7 - password for user3 changed ok 8 - user 1 still valid ok 9 - user 2 still valid ok 10 - user 3 still valid not ok 11 - user 4 still valid # Failed test (ht.pl at line 33) ok 12 - user 5 still valid ok 13 - user 6 still valid # Looks like you failed 1 tests of 13.
      Also, when I comment out your last line and then examine the password file itself I find
      user1:htcxz2m4/W7uI user2:htAJmEn5bZEr2 user3:htw0q0ujGkzis:user4:htp108GVoN87g user5:htntqB2/z6ld6 user6:htF9EduYYp1o6
      ... which is the same prob I got before.

      Perhaps it's a version problem. I have Apache::Htpasswd v 1.5 and Test::More v 0.33. Also, I don't have method diag, which I'm substituting with die - this in itself wouldn't account for why it's not working for me, but might point to the difficulty. Except, I am guessing diag is a Test::More method?

      insta-update..Aha! It *was* a version problem. I installed v 1.5.5 and now get the right result from your script... and I doubt not, also from the script that was giving me trouble...

      insta-update 2Yes! It works now. Thanks very much - I'm most grateful.

      George Sherston

        This is yet another example of why I love Test::More, Test::Builder and friends so much.

        It is so much simpler to track down problems like this once you have a test script that just sits their and will succeed/fail without human intervention.

        If you've not done it already go read Test::Tutorial, The Joy of Test and What goes in a test suite?.

        Once you have become test infected you'll never turn back :-)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://207944]
Approved by robartes
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (7)
As of 2015-07-07 06:32 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (87 votes), past polls