Re: What to do with the htpasswd program?

Robert S. Muhlestein (robertm@teleport.com)
Wed, 28 Aug 1996 10:28:54 -0700 (PDT)

Date: Wed, 28 Aug 1996 10:28:54 -0700 (PDT)
From: "Robert S. Muhlestein" <robertm@teleport.com>
To: Michael Smith <mjs@cursci.co.uk>
Subject: Re: What to do with the htpasswd program?
In-Reply-To: <322426F6.A366943@cursci.co.uk>
Message-Id: <Pine.SUN.3.92.960828095052.8052g-100000@zoe.teleport.com>

On Wed, 28 Aug 1996, Michael Smith wrote:

> I would like to be able to use htpasswd (from the apache support
> directory) in a fastCGI script.  In CGI I call this like so:
>
>     open(PASS,"| htpasswd /opt/.htpasswd $user") || return 0;
>     print PASS $newpass . "\n";
>     close PASS;
>
> This kind of thing doesn't seem to work with fastCGI, presumably because
> of changes in the way stdin/stdout is used.  In which case, how should I
> call it?  Has anyone altered htpasswd so you don't need to pipe to it?
> Otherwise I'd rather not mess about with it - there are other programs
> I'd like to use in this way too.  Or is there some way to execute it as
> a system which would be a better idea?

Actually, invoking a shell like this probably isn't the best way to
accomplish this task.  I suggest calling the perl function crypt() to create
your own encrypted passwords and then appending the new "user" string to an
flocked existing .htpasswd file. This seems like it would work with fcgi.

__BEGIN__

#!/bin/perl

##  Also just for demo, normally one should never send the username and
##  password on the command line.  I'd throw a system('stty','-echo') in
##  somewhere and read from STDIN

($user, $password) = @_;

##  You might want to perturb the salt a little better than this.
##  But, this is good enough for most tasks.

$salt = time % $$;
$string = crypt($ARGV[0],$salt);

##  Here, of course, you'd write to the locked file instead of STDOUT

print "$user:$string\n";

__END__

Hope this helps.

Robert Muhlestein
Teleport Creative Services
CGI/Java Guy
cgi@teleport.com