2
# MySQL-auth version 1.0
3
# Anders Nordby <anders@fix.no>, 2002-01-20
4
# This script is usable for authenticating users against a MySQL database with
5
# the Apache module mod_auth_external or mod_authnz_external. See
6
# http://unixpapa.com/mod_auth_external/ for mod_auth_external.
8
# Updates to this script will be made available on:
9
# http://anders.fix.no/software/#unix
11
my $dbhost="localhost";
12
my $dbuser="validator";
13
my $dbpw="whatagoodpassword";
16
my $mychars="01234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_,.";
18
# Below this, only the SQL query should be interesting to modify for users.
24
# 0: string 1: valid characters
29
while ($ok && $i < length($_[0])) {
30
if (index($_[1], substr($_[0],$i,1)) == -1) {
38
# Get the name of this program
39
$prog= join ' ',$0,@ARGV;
40
$logprefix='[' . scalar localtime . '] ' . $prog;
46
# Get the password name
50
# check for valid characters
51
if (!validchars($user, $mychars) || !validchars($pass, $mychars)) {
52
print STDERR "$logprefix: invalid characters used in login/password - Rejected\n";
56
# check for password in mysql database
58
my $dbh = DBI->connect("DBI:mysql:database=$dbname:host=$dbhost:port=$dbport",$dbuser,$dbpw,{PrintError=>0});
61
print STDERR "$logprefix: could not connect to database - Rejected\n";
65
my $dbq = $dbh->prepare("select username as username, password as password from users where username=?;");
66
$dbq->bind_param(1, $user);
68
my $row = $dbq->fetchrow_hashref();
70
if ($row->{username} eq "") {
71
print STDERR "$logprefix: could not find user $user - Rejected\n";
74
if ($row->{password} eq "") {
75
print STDERR "$logprefix: empty password for user $user - Rejected\n";
79
if ($row->{password} eq crypt($pass,substr($row->{password},0,2))) {
80
print STDERR "$logprefix: password for user $user matches - Accepted\n";
83
print STDERR "$logprefix: password for user $user does not match - Rejected\n";