Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Strange behaviour in Apache::Htpasswd::htpasswd()

by George_Sherston (Vicar)
on Oct 25, 2002 at 09:54 UTC ( #207944=perlquestion: print w/replies, xml ) Need Help??
George_Sherston has asked for the wisdom of the Perl Monks concerning the following question:

I'm using Apache::Htpasswd to manage log-ins to a web site. User/Password pairs are stored in a text file. It works fine for creating and deleting the User/Pwd pairs. But when I try to let users change their passwords I get into trouble.

What happens is that the password changes fine, but then the next user in the list doesn't work. When I look at the password file what I find is, when I'm changing password for user3,
before:
user1:pwd1 user2:pwd2 user3:pwd3 user4:pwd4 user5:pwd5 user6:pwd6
after:
user1:pwd1 user2:pwd2 user3:newpwd3:user4:pwd4 user5:pwd5 user6:pwd6
So user3 has a new password, but user4 can't log in at all (n.b. the extra : between newpwd3 and user4 is what actually appears, oddly enough).

I've stripped down the code that does this to the bearest essentials, and it still exhibits this behaviour:
my $g = shift; my $UserName = shift; print h1 "new $g->{NewPassWord}, old $g->{OldPassWord}"; # these details are shown to be correct my $pwd = new Apache::Htpasswd("/path/to/my/passwordfile"); #$pwd->htpasswd($UserName, $g->{NewPassWord}, $g->{OldPassWord}); # either with the line above or the line below it still goes wrong: $pwd->htpasswd($UserName, $g->{NewPassWord}, 1);
I'm really stumped by this. One option is to delete the user and then create a new user with the same user name but a different password. But (A) that creates the very faint risk of a race condition and somebody else getting in with the same user name; and (B) it bothers me not to understand why this is going wrong. But I must confess I don't understand. I'd be most grateful to any sibling monk who can shed some light.

George Sherston

Replies are listed 'Best First'.
Re: Strange behaviour in Apache::Htpasswd::htpasswd()
by Jaap (Curate) on Oct 25, 2002 at 11:02 UTC
    If i look at the source of Apache::Htpasswd, it looks like this module assumes there is a colon ":" after every password like this:
    user1:pwd1: user2:pwd2: user3:pwd3: user4:pwd4: user5:pwd5: user6:pwd6:
    After this colon there is a column for "info", whatever that may be. If i were you, i'd mail the owner/author of Apache::Htpasswd (Kevin Meltzer).
Re: Strange behaviour in Apache::Htpasswd::htpasswd()
by adrianh (Chancellor) on Oct 25, 2002 at 11:45 UTC

    I'm not getting the same behaviour on my box.

    I notice that you're not checking the return values of htpasswd. The method can fail, so looking at the return values might give you a clue ;-)

    The following test script runs fine on my box...

      Thanks very much for that. Alas, when I run it on my machine I get the same problem. My output is:
      1..13 ok 1 - user 1 added ok 2 - user 2 added ok 3 - user 3 added ok 4 - user 4 added ok 5 - user 5 added ok 6 - user 6 added ok 7 - password for user3 changed ok 8 - user 1 still valid ok 9 - user 2 still valid ok 10 - user 3 still valid not ok 11 - user 4 still valid # Failed test (ht.pl at line 33) ok 12 - user 5 still valid ok 13 - user 6 still valid # Looks like you failed 1 tests of 13.
      Also, when I comment out your last line and then examine the password file itself I find
      user1:htcxz2m4/W7uI user2:htAJmEn5bZEr2 user3:htw0q0ujGkzis:user4:htp108GVoN87g user5:htntqB2/z6ld6 user6:htF9EduYYp1o6
      ... which is the same prob I got before.

      Perhaps it's a version problem. I have Apache::Htpasswd v 1.5 and Test::More v 0.33. Also, I don't have method diag, which I'm substituting with die - this in itself wouldn't account for why it's not working for me, but might point to the difficulty. Except, I am guessing diag is a Test::More method?

      insta-update..Aha! It *was* a version problem. I installed v 1.5.5 and now get the right result from your script... and I doubt not, also from the script that was giving me trouble...

      insta-update 2Yes! It works now. Thanks very much - I'm most grateful.

      George Sherston

        This is yet another example of why I love Test::More, Test::Builder and friends so much.

        It is so much simpler to track down problems like this once you have a test script that just sits their and will succeed/fail without human intervention.

        If you've not done it already go read Test::Tutorial, The Joy of Test and What goes in a test suite?.

        Once you have become test infected you'll never turn back :-)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://207944]
Approved by robartes
help
Chatterbox?
Discipulus manual work: i just tell the same to my boss: every time the quick solution is to assign some manual data entry task to my group.. because we have not direct access to many databases here..
[LanX]: point is: in high speed trade each bank has to remember what he has to get from the others... so dresdner got billed for losses but couldn't claim gains
Discipulus is this the IT?
[Corion]: Discipulus: Well, in many cases it doesn't make sense to build an interface and complicated program just to enter 20 rows into a database ;) But yes, automating data imports should pay off in the long run
[LanX]: Choroba: this happened before I joined, was still in uni, but my boss was summoned to the CEO of the second biggest German bank at that time and could only say " I told them its not ready" ;)
[LanX]: memories....I missed my connection while chatting
[Discipulus]: in this case Corion we are speaking about software licensing: evry year or two we must rescan the whole ced to produce an excel report, while at every activation / disactivation we update a black box DB: i said that i a week i can produce the perl to..

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (9)
As of 2017-03-29 12:02 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Should Pluto Get Its Planethood Back?



    Results (350 votes). Check out past polls.