On Fri, 6 Sep 2002 08:23:33 +0200
Tom� Proch�zka <[EMAIL PROTECTED]> wrote:
> Hello,
> I use own PerlAuthenHandler module to verify users' login and password from
> database.
>
> For comparsion of password user entered and password stored in database is
> crypt function used.
>
> Here is the code:
> my $real_pass = $d->[0][0]; # crypted password from database
> my $salt = substr $real_pass,0,2; # salt
> my $test_pass = crypt $sent_pw,$salt; # in $sent_pw is the password user entered
> if ($real_pass eq $test_pass) {
> $r->subprocess_env(REMOTE_USER => $user);
> return OK;
> } else {
> $r->note_basic_auth_failure;
> return AUTH_REQUIRED;
> }
>
> Problem: Sometimes, although user entered correct password, is authentication
> rejected. I tried logging values of $real_pass and $test_pass and they
> differed. When I add line
>
> $r->log_reason("User $user tested (".$real_pass."/".$test_pass.")...","");
>
> just before 'if' statement behavior is most of time correct.
>
> Can anybody help me? Thanks.
>
> Kacer
Hi,
It seems to be not a mod_perl related problem.
However, try with:
$test_pass = crypt $sent_pw,$real_pass;
Bye,
- Enrico
