Home Links
Home Page Trap for a spam - bot We work with files on PHP DDOS-attacks and methods of struggle against them PHP supports realization of the mechanism of sending of headings HTTP. Date in Russian Choice from a DB in the casual order on PHP Autentifikacija users through the Web - interface Business on podkastakh - already a reality What is PageRank Google'b and how to receive it on a maximum How to struggle with magic_quotes_gpc Heading If-Modified-Since if PHP it is not established as a fashion Php blocking Soft increase IC and PR PHP and DNS. Check of the post address How to break search about pages (a paginal conclusion of the data)? Helps on job in system Google Adsense. Bases of technology AJaX Instruction beginning{starting} khosteram on zatykaniju dyrok in PHP

topic

Autentifikacija users through the Web - interface

About autentifikaciju users it is written weight of clauses{articles} and for this procedure it is made hundreds scripts.


However, in the majority all these methods are designed for storage of logins / passwords in a separate file, or on autentifikaciju users with pomosh`ju apachesvkogo .htaccess. Here the question will be about autentifikaciju real users unix the server through the web - interface.


There are very many methods for the decision of this problem , but use basically

Two ways: cipher the password entered in the web - form and compare it  to the password

In a file passwd or shadow, use pop3 autentifikaciju. The first method rather slippery for his  realization demands the rights of the superuser (root) for opening a file of the ciphered passwords (shadow), and as consequence{investigation}, is a hole in safety of the server. He is realized by execution{performance} of a cgi-script with the rights root (suid).


Voobhhem, algorithm idle time:


To take a pair the login / password from the web-form;

To cipher the password the same algorithm, as on the server;

To open a file shadow for comparison of the password there stored{kept} with received with web-form. Ezheli the result of comparison is positive, autentifikacija has passed is successful and alas otherwise. To not forget to close all files.


All voobhhem is rather simple. Have opened a file, have read in the buffer, have found the line necessary to us, zakriptovali the password, have compared to that, that in a file and on affairs ikhnim we render autentificirujuhhemusja to the user.


In unix systems encryption occurs in one party  - to the ciphered password

dobavaljaetsja a good portion of a surplus information (salt - salts), and to pull out password back therefrom is not obviously possible. So, "breaking" of passwords is possible{probable} only a trial and error method of it. Well, and if the user legal and the password valid ciphering it , we at once it is successfully passable autentifikaciju.


For what is pleasant to me perl so it is uselessness to invent bicycles. Check of the password is reduced to a call of standard system function crypt ($text, $salt). She operates so: as parameters the password in a "pure"{"clean"} kind and ciphered moves, on an output{exit} she should give out the same ciphered password. If it has not taken place, the password as a plain text means was wrong.


In general all procedure looks all somewhere so:



*!/usr/bin/suidperl


*


* We read the form


.........


*check_passwd;


sub check_passwd {


my $shadow = "/etc/shadow";


* Below two lines = transferred{handed} from the form a password / login


$plaintext = $form {'password'};


$username = $form {'login'};


* We try to open a file of the ciphered passwords (on normal system


* He is accessible only to reading only a root-ohm.)


* And at the same time we shall try it  zalochit`.


open (shadow, " <$shadow ") or die " internal system error: $! ";



flock (shadow, 2) or die " internal lock error: $! ";


@shadows =;


flock shadow, 8;


* We shall close shadow


close shadow;




foreach $line (@shadows) {


chomp ($line);


($currentuser, $currentpass, $restofline) = split/:/, $line, 3;


if ($currentuser eq $username)


* We pull out the ciphered password from shadow


$saltedpass = $currentpass;


* We check his  standard function crypt


if (crypt ($plaintext, $saltedpass) eq $saltedpass) {


print " authentification for $username success! n ";


} else {


print " authentification for $username failure! n ";


}


}


}


}



The file containing this "masterpiece" of programmer art should establish attributes with a view of safety: the Owner - root, Cocked bats of installation

id the user at execution{performance} a mode of access r-sr-xr-x. Roughly speaking, in octal display it will look as 104555


In it suid-e danger also is covered, - if someone will manage to put a piece of the

Code in your program can get access to your system. (For non-believers - read something about ramen - he also not did/did{made/did;did/made} that).


And therefore this method as unsafe, it is better to not use.


It is better to take ready perl-library: net.



2. pop3 Autentifikacija.


Simple and safe method of authentication of the user.


The library net:: pop3 undertakes and standard methods we try vloginit`sja in a mail box. If it was possible to us, the login / password are correct, and return result otherwise.


The module net:: pop3 gives the user to create object and 14 methods to it .


All methods to study no sense - they rather nepodrobno are described in the documentation to the module, us the method login ($user, $passwd) more interests.


He returns value undef in case of unsuccessful autentifikacii, or, in a case

Successful input{entrance} in a mail box, quantity{amount} of letters in it, or a line "0e0",

If letters no, i.e. "write".


The operating procedure with it  the following:



use net:: pop3;


*parse_form * the password / login Is readable from the form transferred{handed}


* We create object


$pop = net:: pop3-> new ('popserver') || print " cannot create connectionn ";



* We taste vloginit`sja


* In $res the result of a login will be returned


$res = $pop-> login ($form {'login'}, $form {'password'});


if ($res == undef) {


* Failure


print " incorrect username or password! n ";


} else {


* vloginilis`


* We do{make}, that is necessary


*


* The following code is drawn that though something


* It was done{made}.


if ($res eq "0e0") {


* Letters no


print " you have $res messages in mailbox.n ";


} else {


* Letters are


print " you have $res messages in mailbox.n ";


}


}


*ºb¬UHHubS¼ connection.


$pop-> quit ();


Much easy and more safely than to climb in the sanctum of safety unix systems

File shadow. And it is not necessary to ask to establish the system administrator of the server on your script

setuid bit though it is beforehand possible to say, that any normal system administrator to you in it

Will give up, and on all hundred it will be right. And the library net is practically on any web-server where there is an access to perl to the interpreter.