[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Reading /etc/shadow from PHP
- Subject: [cobalt-users] Reading /etc/shadow from PHP
- From: "Adam Knowles" <adam@xxxxxxxxxxxxxxx>
- Date: Wed Apr 24 07:46:01 2002
- Organization: A C Design
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
== RESENT == Can any1 with help please email me on adam@xxxxxxxxxxxxxxx
since I'm having probs getting list msgs at the mo :-( ?
==========================
Hi,
Can anyone help me with a user login system? This is 60% PHP question I
guess but it does relate to Raqs also and I know it?s been asked on this
list before but without any definitive answer.
I?m looking to authenticate users to a website from a PHP page,
referenced against the main Raq user info.
I know this info is stored in /etc/shadow but I also know that file is
only readable by ?root?. PHP runs as ?nobody? so it couldn?t access the
passwords directly to compare them with what the user enters..
Could PHP call a little prog that could check if the password is
correct? Is there an easy way for PHP to find out if what the user
enters in a standard HTML form matches the user/pass stored on the
system?
I think there may be two other options to achieve this:
1) Use PHP?s IMAP functions to attempt an IMAP login (even though my
app has nothing to do with IMAP, this will check the user/pass on the
system). I could nick the code from SquirrelMail.
2) Get into detail with HTTP headers in PHP, manually sending and
reading the ?Authentication required? ones i.e. using basic
authentication but with a PHP receiving end. I say this since it?s dead
easy to make a .htaccess that can allow access based on the Raq user
list.. if I could move the ?user/pass? dialog from a standard IE popup
window to a properly designed webpage, this would be the best option.
Has any1 any thoughts on this or pointers as to how I might achieve it?
Much appreciated!
---
Adam Knowles
Multimedia Developer
Connectpoint New Media Ltd.
E-mail: adam@xxxxxxxxxxxxxxxxxx
This e-mail is sent in the strictest confidence and should
only be read by the intended recipients. Distribution or
use of the above information by others is prohibited and
may be illegal.
Please notify adam@xxxxxxxxxxxxxxxxxx immediately
if you receive this message in error.