Linux User authentication using PHP
Hi,
in one of my last post i try to define how linux store its password. Today I will be putting Complete PHP code for it.
Just run it on your local server(mind it your Http server must be running as root user in order to use this script )
Its a raw way of doing password matching and shouldn't be used for commerical application or servers. its purely Learning script
So here goes the script
//Script to test the Linux Password matching
function ReadUser($user)
{
$fuser=file("/etc/passwd"); //Read passwd file to match user
$UserFound = false;
while(list($index,$value) = each($fuser))
{
$userlist = explode(":",$value);
if ($userlist[0] == $user && $userlist[1] != '!!')
{
$UserFound=true;
break;
}
}
return $UserFound;
}
function MatchPassword($user,$password)
{
$fuser = file("/etc/shadow");
$UserMatch = false;
while(list($index,$value) = each ($fuser))
{
$userlist = explode(":",$value);
if ($userlist[0] == $user) {
if (strlen($userlist[1]) > 6 && CRYPT_MD5 == 1) {
$salts = explode("$","$userlist[1]");
$salt = "\$1\$".$salts[2]."\$";
$gen_password= crypt($password,$salt);
if ($gen_password == $userlist[1]) {
$UserMatch = true;
}
else
{
$UserMatch = false;
}
}
else {
$UserMatch = false;
}
break;
}
}
return $UserMatch ;
}
if (ReadUser("sumit") == true)
{
if (MatchPassword("sumit","sumit") == true )
{
echo "Login successful";
}
else
{
echo "Login unsuccessful";
}
}
?>
Hope that helps learn understanding linux passwd and shadow usage.
Sumit Gupta
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home