php authentication via /etc/passwd

New Member Joined: Jan 19, 2005 Posts: 1

I'm trying to create a script using the files /etc/passwd and /etc/shadow to give system users access.

To not give all users access and to protect the files I'm using a perl script to generate a file with the passwords and usernames:

Perl Script:

#!/usr/bin/perl
#

open(PASSWD,"/etc/passwd");
open(SHADOW,"/etc/shadow");
open(FLATFILE,">/etc/passwd.httpd");
while(<SHADOW>){
chop;
($uname,$temppass)=split(/:/);
$pass{$uname}=$temppass;
}
while(<PASSWD>){
chop;
($uname,$temppass,$uid,$gid,$fn,$homedir,$shell)=split(/:/);
if ($temppass ne 'x'){ $pass{$uname}=$temppass; }
if ($uid>=500) {
print FLATFILE
"$uname:$pass{$uname}:$uid:$gid:$fn:$homedir:$shell\n";
}
}

close(PASSWD);
close(SHADOW);
close(FLATFILE);
chmod(0400,"/etc/passwd.httpd");
chown(65534,65534,"/etc/passwd.httpd");

Below is the php script which should give users access. The output of the password should match the password hash in the perl generated file:

<?php

$user = ($_POST['username']);
$password = ($_POST['password']);
$autharray = file("/home/httpd/vhosts/domein.nl/httpdocs/passwd.httpd");

for ($x = 0; $x < count($autharray); $x++)
{
if (eregi("^$user:", $autharray[$x]))
{
$passwd = explode(":", $autharray[$x]);
$salt = substr($passwd[1],0,2);
$cryptpw = crypt($pass,$salt);
if ($cryptpw == $passwd[1]) {
print "succes";
} else {
print "fout";
}
}
}
?>

I tried the script as posted but this gives me random hashes like:

$1$dc.cNxen$B7xUcH/RxAvJkBw5BABuz/
$1$rICJiYRz$frLxNIiD3ue7YP9BN2Wdr1
$1$FkqAPyXv$wue8h8D2B.vButyL/krXR0

does anyone of you know what could be wrong?