免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
最近访问板块 发新帖
查看: 5012 | 回复: 2

关于perl crypt函数加密与apache2.2中htpasswd 生成加密密码的问题 [复制链接]

论坛徽章:
0
发表于 2015-01-05 16:28 |显示全部楼层
本帖最后由 东北胖子 于 2015-01-05 16:29 编辑

我们搭建了一个SVN服务器,想让员工自己修改SVN密码,于是使用了apache2.2与subversion 1.7.13集成。采用了如下脚本 来修改密码

每次修改密码都不成功,提示旧密码错误

我想是因为 apache2.2中的htpasswd生成的加密密码与perl crypt函数生成的密码不一样吧,不知道我判断的对不对。请大家帮忙

怎么样修改可以使  crypt函数生成的加密密码与 htpasswd生成的密码一样?

代码在 70行至93行之间
  1. #!/usr/bin/perl -w

  2. use strict;
  3. use CGI;
  4. my $time        = localtime;
  5. my $remote_id   = $ENV{REMOTE_HOST} || $ENV{REMOTE_ADDR};
  6. my $admin_email = $ENV{SERVER_ADMIN};

  7. my $cgi = new CGI;
  8. my $pwd_not_alldiginal = "密碼不能全爲數字";
  9. my $pwd_not_allchar = "密碼不能全爲字符";
  10. my $user_not_exists ="該用戶不存在";
  11. my $file_not_found ="文件不存在,請聯繫管理員";

  12. my $authuserfile;
  13. my $logfile;
  14. my $pwdminlen;
  15. my $title;
  16. my $description;
  17. my $yourname;
  18. my $oldpwd;
  19. my $newpwd1;
  20. my $newpwd2;
  21. my $btn_change;
  22. my $btn_reset;

  23. my $changepwdok;
  24. my $changepwdfailed;
  25. my $oldpwderror;
  26. my $passmustgreater;
  27. my $twopassnotmatched;
  28. my $entername;
  29. my $enterpwd;
  30. my $errorpwd;
  31. my $back;

  32. &IniInfo;

  33. if ($cgi -> param())
  34. {#8
  35. my $User = $cgi->param('UserName');
  36. my $UserPwd = $cgi->param('OldPwd');
  37. my $UserNewPwd =  $cgi->param('NewPwd1');
  38. my $MatchNewPwd =  $cgi->param('NewPwd2');

  39. if (!$User)
  40.      {&Writer_Log("Enter no user name");
  41.        &otherhtml($title,$entername,$back);}
  42. elsif (!$UserPwd )
  43.     {&Writer_Log("Enter no OldPasswd");
  44.      &otherhtml($title,$enterpwd,$back); }
  45. elsif (length($UserNewPwd)<$pwdminlen)
  46.     {&Writer_Log("Password's length must greater than".$pwdminlen);
  47.      &otherhtml($title,$passmustgreater.$pwdminlen,$back);}
  48. elsif ($UserNewPwd =~/^\d+$/)
  49.     {&Writer_Log("New Passwd isn't all diginal");
  50.      &otherhtml($title,$pwd_not_alldiginal,$back);}
  51. elsif ($UserNewPwd =~/^[A-Za-z]+$/)
  52.     {&Writer_Log("New Passwd isn't all char");
  53.      &otherhtml($title,$pwd_not_allchar,$back);}
  54. elsif ($UserNewPwd ne $MatchNewPwd)
  55.     {&Writer_Log("Two new passwords are not matched");
  56.      &otherhtml($title,$twopassnotmatched,$back);}
  57. else
  58. {if($authuserfile)
  59. {#6
  60.   open UserFile, "<$authuserfile" or die "打開文件失敗:$!";
  61.   while (<UserFile>)
  62.     {#5
  63.        my $varstr=$_;

  64.        if($varstr =~/($User)/)
  65.     {#3
  66.      my $eqpos =index($varstr, ":");
  67.      my $UserName = substr($varstr,0,$eqpos);
  68.      my $cryptpwd = substr($varstr,$eqpos + 1,13);
  69.    
  70.      next if($UserName ne $User);
  71.         
  72.      if(crypt($UserPwd,$cryptpwd) eq $cryptpwd)
  73.      {#a
  74.       my $rc = system("/usr/local/apache2/bin/htpasswd -b $authuserfile $User $UserNewPwd");
  75.       if ($rc == 0)
  76.          {#1
  77.             &Writer_Log( $User.":Change Passwd");
  78.             &otherhtml($title,$changepwdok,$back);
  79.           }#1
  80.        else
  81.           {#2
  82.            &Writer_Log( $User.":Change Passwd Failed");
  83.            &otherhtml($title,$changepwdfailed,$back);
  84.           }#2
  85.        exit;
  86.      }#a
  87.      else
  88.      {#b
  89.       &Writer_Log("Old Passwd is Incorrect ");
  90.       &otherhtml($title,$errorpwd,$back);
  91.      }#b
  92.      exit;      
  93.     }#3
  94.        else
  95.     {#4
  96.      if(eof)
  97.      { &Writer_Log($User.":no this user");
  98.        &otherhtml($title,$user_not_exists,$back);
  99.        exit;
  100.      }
  101.      else
  102.      {next;}
  103.     }#4   
  104.      }#5
  105.    close UserFile;
  106. }#6
  107. else
  108. {#7
  109.    &Writer_Log($authuserfile.":no found");
  110.    &otherhtml($title,$file_not_found,$back);
  111. }#7
  112. }
  113. }#8
  114. else
  115. {&Index_Html;}

  116. sub IniInfo{
  117. my $inifile = "/usr/local/apache2/cgi-bin/ChangePasswd.ini";
  118. open CGI_INI_FILE, "<$inifile" or die "打開文件失敗:$!";;
  119. while (<CGI_INI_FILE>)
  120. {
  121.   my $eqpos =index($_,'=');
  122.   my $len = length($_);

  123.   if ($_ =~/authuserfile/)
  124.   {$authuserfile= substr($_, $eqpos + 1, $len - $eqpos -2);}
  125.   elsif ($_ =~/logfile/)
  126.   {$logfile= substr($_, $eqpos + 1);}
  127.   elsif ($_ =~/pwdminlen/)
  128.   {$pwdminlen= substr($_, $eqpos + 1);}
  129.   elsif ($_ =~/title/)
  130.   {$title = substr($_, $eqpos + 1);}
  131.   elsif ($_ =~/description/)
  132.   {$description = substr($_, $eqpos + 1);}
  133.   elsif ($_ =~/yourname/)
  134.   {$yourname = substr($_, $eqpos + 1);}
  135.   elsif ($_ =~/oldpwd/)
  136.   {$oldpwd= substr($_, $eqpos + 1);}
  137.   elsif ($_ =~/newpwd1/)
  138.   {$newpwd1= substr($_, $eqpos + 1);}
  139.   elsif ($_ =~/newpwd2/)
  140.   {$newpwd2= substr($_, $eqpos + 1);}
  141.   elsif ($_ =~/btn_change/)
  142.   {$btn_change = substr($_, $eqpos + 1);}
  143.   elsif ($_ =~/btn_reset/)
  144.   {$btn_reset = substr($_, $eqpos + 1);}
  145.   elsif ($_ =~/changepwdok/)
  146.   {$changepwdok = substr($_, $eqpos + 1);}
  147.   elsif ($_ =~/changepwdfailed/)
  148.   {$changepwdfailed = substr($_, $eqpos + 1);}
  149.   elsif ($_ =~/oldpwderror/)
  150.   {$oldpwderror = substr($_, $eqpos + 1);}
  151.   elsif ($_ =~/passmustgreater/)
  152.   {$passmustgreater = substr($_, $eqpos + 1);}
  153.   elsif ($_ =~/twopassnotmatched/)
  154.   {$twopassnotmatched = substr($_, $eqpos + 1);}
  155.   elsif ($_ =~/entername/)
  156.   {$entername = substr($_, $eqpos + 1);}
  157.   elsif ($_ =~/enterpwd/)
  158.   {$enterpwd= substr($_, $eqpos + 1);}
  159.   elsif ($_ =~/errorpwd/)
  160.   {$errorpwd= substr($_, $eqpos + 1);}
  161.   elsif ($_ =~/back/)
  162.   {$back = substr($_, $eqpos + 1);}
  163. }
  164. close CGI_INI_FILE;
  165. }

  166. sub Index_Html
  167. {
  168. print "Content-type: text/html\n\n";
  169. print <<END_OF_PAGE;
  170. <html >
  171. <head>
  172. <title>$title</title>
  173. <meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
  174. </head>
  175. <body>
  176. <center><h1>$description</h1>
  177. </center>
  178. <form method="POST" enctype="multipart/form-data"  action="/cgi-bin/ChangePasswd.cgi">
  179. <br>
  180. <TABLE align="center">
  181. <TR><TD class="t_text">$yourname</TD><TD><input type="text" name="UserName"  /></TD></TR>
  182. <TR><TD class="t_text">$oldpwd</TD><TD><input type="password" name="OldPwd"  /></TD></TR>
  183. <TR><TD class="t_text">$newpwd1</TD><TD><input type="password" name="NewPwd1"  /></TD></TR>
  184. <TR><TD class="t_text">$newpwd2</TD><TD><input type="password" name="NewPwd2"  /></TD></TR>
  185. </TABLE>
  186. <br>
  187. <TABLE align="center">
  188. <TR><TD><input type="submit" name="chgpasswd" value="$btn_change"> <input type="reset" value="$btn_reset"></TD></TR>
  189. </TABLE>
  190. </form>
  191. <HR>
  192. <font color="#FF0000">注意:新密碼位數必需大於$pwdminlen,且爲字母與數字組合</font>
  193. <P>如有問題請與唐風聯繫</P>

  194. <P>XXXXXX網站:</P>
  195. <P>公司主頁:<A href="http://www.XXXXX.com/</p">http://www.XXXXX.com/</p>
  196. </body>
  197. </html>
  198. END_OF_PAGE
  199. }

  200. sub otherhtml{
  201. print "Content-type: text/html\n\n";

  202. print <<END_OF_PAGE;
  203. <html>
  204. <head>
  205. <meta http-equiv="Content-Language" content="zh-cn">
  206. <meta http-equiv="Content-Type" content="text/html; charset=gb2312">
  207. <title>$_[0]</title>
  208. </head>

  209. <body>
  210. <p align="center"><font size="5">$_[1]</font></p>
  211. <p align="center"><a href="/cgi-bin/ChangePasswd.cgi"><font size="4">$_[2]</font></a></p>

  212. <HR>
  213. <P>如有問題請與windone聯繫E-Mail: <A HREF=">
  214. </body>

  215. </html>
  216. END_OF_PAGE
  217. }

  218. sub Writer_Log{
  219. if($logfile)
  220. {
  221.   my $loginfo ="[".$time."] "." [".$remote_id."] "." || ".$_[0];
  222.   open LOGFILE,">>$logfile" or die "Couldn't open LOG FILE for writing: $!";
  223.   print LOGFILE ("$loginfo\n");
  224.   close LOGFILE;
  225. }
  226. }
复制代码

论坛徽章:
0
发表于 2015-01-06 11:24 |显示全部楼层
已解决,我在使用htpasswd创建用户和密码时,加上-d参数,这样加密的方式就和crypt 一样了。
htpasswd默认使用的是MD5加密

论坛徽章:
0
发表于 2016-02-24 14:01 |显示全部楼层
这个必须要支持一下,我也遇到了相同的问题,看了lz的帖子顺利解决,多谢分享。
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP