The login script I am using works fine. All the clients whom I had listed before today, can still access their data.

However, I have tried for the last hour or so, using various MD5 encryptors online, to add a new client. The encryption code is much longer and won't permit access when it is used. In addition, when I check what the MD5 would be like for the existing clients, the code for them out of the encryptors is different. yet across all today's encryptors, they are the same.

What am I not getting about this - its drivin' me nuts.

bazz

You need to show us your code and possibly examples of the encrypted passwords.

OK; to explain a bit.

I have tried to use different online MD5 encryptors and none seems to work yet, those which I encrytped a couple of months ago, still work.

here is the login scirpt (its yours Fish and still works, even after OI have had my grubby paws all over it. :)


#!/usr/bin/perl

use CGI::Carp qw(fatalsToBrowser);
use strict;
use CGI qw(:all);
use CGI::Session;
use Crypt::PasswdMD5;
use DBI;

use lib '/var/www/vhosts/mydomain.net/cgi-bin/';
use lib '/var/www/vhosts/mydomain.com/subdomains/cms/cgi-bin/';

my $cgi = new CGI;
my $self = $cgi->url;
my %login = $cgi->Vars;
my $session = new CGI::Session($cgi);# or die CGI::Session->errstr;

if ( $login{'logout'} ) {
$session->clear;
print $cgi->redirect("mydomain/cgi-bin/EazyEdit/NewCustomerLogin.pl");
}
my ($authenticated, $StoredUserName, $Client_Full_Details) = authenticate_user() if $cgi->param('Login');

($authenticated || $session->param('logged_in') ) ? admin_page() : login();



#####################################################################

sub login {
require 'myheader.pm';
require 'headCloserForLogin.pm';

print $cgi->h3("Login & Administration").$/,
$cgi->start_form(-name=>'login'),
'<p>Username: ', $cgi->textfield('username'), "<br />\n",
'Password: ', $cgi->password_field('password', ''), "</p>\n",
'<p>', $cgi->submit('Login', 'Login'), "</p>\n";
#$cgi->end_form;
print qq(</form>);

print $login{'failed'} if defined $login{'failed'};
print $cgi->end_html;
}


sub authenticate_user {
if ( defined $login{'username'} && defined $login{'password'} ) {
my ($Customer_ID, $StoredUserName, $encrypted_pass, $Client_Full_Details) = queryDB($login{'username'});


if ($encrypted_pass && $login{'username'} eq "$StoredUserName") {
my $salt = substr($encrypted_pass, 3,8);
my $password = unix_md5_crypt( $login{'password'}, $salt );

if ( $password eq $encrypted_pass ) {
$session->param('logged_in', 1);
$session->param('admin', $StoredUserName);

return (1, $StoredUserName, $Client_Full_Details);
}
}
}
$login{'failed'} = 'Invalid username, or password...Please try again';

return 0;
} # end of sub



sub admin_page {

my ($baseBusinessName, $baseBusinessType, $baseBusinessSubType, $baseBusinessCat, $baseBusinessLocalRegion, $baseBusinessCounty, $baseBusinessGrid, $baseBusinessPostCode, $groupName, $TIC, $baseBusinessSubscriptionStatus, $parentBusinessType, $parentgroupBusinessName) = split /\_/, $Client_Full_Details, 14;
my $baseBusinessNameDeHyphenated = $baseBusinessName;
$baseBusinessNameDeHyphenated =~ s/-/ /g;

#my $search = 'search.pl';
#my $add = 'add.pl';
#my $delete = 'delete.pl';
#my $modify = "modify.pl?admin=$login{'username'}"; # change this to use a session param
#my $chgIMAPpass = 'chgIMAPpass.pl';
#################
print $session->header();
#print $session->id(); # print out to page, the session id.

require 'myHeaderForControlPanel.pm';
require 'headCloserForLogin.pm';


$session->param('user', "$StoredUserName");

print qq(<iframe id="taskbarIframe" name='taskbar' frameborder="0" src='newtaskbar/$Client_Full_Details' width='100%' height='25'></iframe>);

print qq(
<div id="loginWelcome">
<p>
<strong>Welcome : </strong>$StoredUserName [
<a href="http://webmail.mydomain.com" target="new">My Webmail</a> <a href="?logout=Logout">Log Out</a> ]
</p>
</div>
);

print qq(
<iframe id="mainIframe" name='main' frameborder="0" src='index/$Client_Full_Details'></iframe>);
print $cgi->end_html;
}


sub queryDB {
my $mydb = 'centralDb';
my $mysrv = 'localhost';
my $myuser= '********';
my $mypass= '***********';
my $port = '3306';
my $user = shift;


my $dbh = DBI->connect("DBI:mysql:$mydb:$mysrv", $myuser, $mypass,
{'RaiseError' => 1, 'PrintError' => 0 })
or die "Connection Failed: $mydb DB on $mysrv\n\t$DBI::errstr\n";

my $sth = $dbh->prepare("SELECT LoginID, UserName, StoredPassword, Client_Full_Details
FROM tbl_Login
WHERE UserName = '$user' ")
or die "prepare statement failed: $DBI::errstr\n";


$sth->execute;
my ($Customer_ID, $StoredUserName, $StoredPassword, $Client_Full_Details ) = $sth->fetchrow_array;
$sth->finish;
$dbh->disconnect;
return ($Customer_ID, $StoredUserName, $StoredPassword, $Client_Full_Details);
}



here is my encryptor.pl file, which creates the following hash from these passwords

PWD 07714700295 gives $1$12345678$lB1lm7IYtlkbCVgrmdyeC0 - doesn't work

From last time, when I got MD5 online (Page now gone), it gave me this for that PWD - lB1lm7IYtlkbCVgrmdyeC0 and it still works with my(Fish's), script using an MD5 comparison with the entered PWD.
PWD 91470774 gives $1$skaGKMoH$1Rz3ShVVoPp1s6bC/2EH4/. - doesn't work
PWD 91470774 then gives $1$7GBXnPYG$pLFr2YrzhvcxEnVAza0Yq1.
and the next encryption is $1$B7Q3vLZx$2EqEqWnhQNysT7Q9Qm23B1.

I suspect something is wrong here coz it gives a different hash each time I do it but I can;t find anywhere which gives me a hash which works.


#!/usr/bin/perl

use CGI::Carp qw(fatalsToBrowser);
use strict;
use CGI qw(:all);
use CGI::Session;
use Crypt::PasswdMD5;
use DBI;

use lib '/var/www/vhosts/mrtourism.net/cgi-bin/';
use lib '/var/www/vhosts/thechrissystem.com/subdomains/cms/cgi-bin/';

my $cgi = new CGI;



print cgi->header();
my $passwordForEncryption = $cgi->param('passwordForEncryption');
if (!$passwordForEncryption) {
&form;
} else{
&encryptor;
}
sub form{

print qq(
<div id="form">
<div id="text_header">
<h5>MD5 Encryptor</h5>
</div>

<!-- START OF FORM DETAILS-->
<form method="post" action="/cgi-bin/EazyEdit/MD5Encryptor.pl" name="myForm">
<p><label for="password">Password for encryption:</label></p>
<p><input id="password" class="textbox" type="text" title="enter your password for encryption" name="passwordForEncryption" size="25"
value="" /></p>
<div id="buttons">
<input class="submitbutton" type="submit" value="encrypt" />
</div>
</form>
);
}

sub encryptor {

print qq(
raw password = $passwordForEncryption
);
my $encryptedPassword = unix_md5_crypt( $passwordForEncryption);
print qq(
Encrypted Password = $encryptedPassword.
);
}


my Db field is set as a varchar with a limit of 64.
I'm off to find a tute on cpan perhaps to find out why it gives me a different hash each time.

bazz

Part of the problem, and possibly the entire problem, is that you're not suppling a salt value when encrypting. So, the module supplies a random salt which is why you're receiving a different encryption value for the same password each time you encrypt it.

Here's a short example script that demonstrates this issue.

use Crypt::PasswdMD5;

$password = 'password';
$salt = '0gg34534';

for (1..4) {
$cryptedpassword = unix_md5_crypt($password);
print $cryptedpassword, $/;
}
print $/;

for (1..4) {
$cryptedpassword = unix_md5_crypt($password, $salt);
print $cryptedpassword, $/;
}

You may need to show us the code you're using to insert the encrypted password into the database. I assume you're using a modified version the code I gave you (I can't remember, did I give it to you?), but depending on the adjustments that you made, your main problem may be due to that portion of the code.

You may need to show us the code you're using to insert the encrypted password into the database. I assume you're using a modified version the code I gave you (I can't remember, did I give it to you?)....

Nope :) but you did however, very kindly, give me the login script. (That's why I know it works fine :thumbsup: )

bazz