Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine

Strange behaviour in Apache::Htpasswd::htpasswd()

by George_Sherston (Vicar)
on Oct 25, 2002 at 09:54 UTC ( #207944=perlquestion: print w/replies, xml ) Need Help??
George_Sherston has asked for the wisdom of the Perl Monks concerning the following question:

I'm using Apache::Htpasswd to manage log-ins to a web site. User/Password pairs are stored in a text file. It works fine for creating and deleting the User/Pwd pairs. But when I try to let users change their passwords I get into trouble.

What happens is that the password changes fine, but then the next user in the list doesn't work. When I look at the password file what I find is, when I'm changing password for user3,
user1:pwd1 user2:pwd2 user3:pwd3 user4:pwd4 user5:pwd5 user6:pwd6
user1:pwd1 user2:pwd2 user3:newpwd3:user4:pwd4 user5:pwd5 user6:pwd6
So user3 has a new password, but user4 can't log in at all (n.b. the extra : between newpwd3 and user4 is what actually appears, oddly enough).

I've stripped down the code that does this to the bearest essentials, and it still exhibits this behaviour:
my $g = shift; my $UserName = shift; print h1 "new $g->{NewPassWord}, old $g->{OldPassWord}"; # these details are shown to be correct my $pwd = new Apache::Htpasswd("/path/to/my/passwordfile"); #$pwd->htpasswd($UserName, $g->{NewPassWord}, $g->{OldPassWord}); # either with the line above or the line below it still goes wrong: $pwd->htpasswd($UserName, $g->{NewPassWord}, 1);
I'm really stumped by this. One option is to delete the user and then create a new user with the same user name but a different password. But (A) that creates the very faint risk of a race condition and somebody else getting in with the same user name; and (B) it bothers me not to understand why this is going wrong. But I must confess I don't understand. I'd be most grateful to any sibling monk who can shed some light.

George Sherston

Replies are listed 'Best First'.
Re: Strange behaviour in Apache::Htpasswd::htpasswd()
by Jaap (Curate) on Oct 25, 2002 at 11:02 UTC
    If i look at the source of Apache::Htpasswd, it looks like this module assumes there is a colon ":" after every password like this:
    user1:pwd1: user2:pwd2: user3:pwd3: user4:pwd4: user5:pwd5: user6:pwd6:
    After this colon there is a column for "info", whatever that may be. If i were you, i'd mail the owner/author of Apache::Htpasswd (Kevin Meltzer).
Re: Strange behaviour in Apache::Htpasswd::htpasswd()
by adrianh (Chancellor) on Oct 25, 2002 at 11:45 UTC

    I'm not getting the same behaviour on my box.

    I notice that you're not checking the return values of htpasswd. The method can fail, so looking at the return values might give you a clue ;-)

    The following test script runs fine on my box...

      Thanks very much for that. Alas, when I run it on my machine I get the same problem. My output is:
      1..13 ok 1 - user 1 added ok 2 - user 2 added ok 3 - user 3 added ok 4 - user 4 added ok 5 - user 5 added ok 6 - user 6 added ok 7 - password for user3 changed ok 8 - user 1 still valid ok 9 - user 2 still valid ok 10 - user 3 still valid not ok 11 - user 4 still valid # Failed test ( at line 33) ok 12 - user 5 still valid ok 13 - user 6 still valid # Looks like you failed 1 tests of 13.
      Also, when I comment out your last line and then examine the password file itself I find
      user1:htcxz2m4/W7uI user2:htAJmEn5bZEr2 user3:htw0q0ujGkzis:user4:htp108GVoN87g user5:htntqB2/z6ld6 user6:htF9EduYYp1o6
      ... which is the same prob I got before.

      Perhaps it's a version problem. I have Apache::Htpasswd v 1.5 and Test::More v 0.33. Also, I don't have method diag, which I'm substituting with die - this in itself wouldn't account for why it's not working for me, but might point to the difficulty. Except, I am guessing diag is a Test::More method?

      insta-update..Aha! It *was* a version problem. I installed v 1.5.5 and now get the right result from your script... and I doubt not, also from the script that was giving me trouble...

      insta-update 2Yes! It works now. Thanks very much - I'm most grateful.

      George Sherston

        This is yet another example of why I love Test::More, Test::Builder and friends so much.

        It is so much simpler to track down problems like this once you have a test script that just sits their and will succeed/fail without human intervention.

        If you've not done it already go read Test::Tutorial, The Joy of Test and What goes in a test suite?.

        Once you have become test infected you'll never turn back :-)

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://207944]
Approved by robartes
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (6)
As of 2017-05-30 09:19 GMT
Find Nodes?
    Voting Booth?