Watch, Follow, &
Connect with Us

Please visit our new home
community.embarcadero.com.


Welcome, Guest
Guest Settings
Help

Thread: How to check if user entered password is the same as the Linux htpasswd has


This question is not answered. Helpful answers available: 2. Correct answers available: 1.


Permlink Replies: 3 - Last Post: Apr 5, 2016 2:55 PM Last Post By: Alf Christopher...
Alf Christopher...

Posts: 25
Registered: 10/10/98
How to check if user entered password is the same as the Linux htpasswd has  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Apr 5, 2016 6:52 AM
I'm working on a Delphi XE10 REST server using a Linux-based MySQL database as storage.
In a table usernames and hlpasswd-generated passwords are stored (I know it is not a good idea, but changing is another topic for future :-)

I can using a query ask for the dataset and now I need a hash-procedure that could do the crypt using the stored password as seed.

I assumpted LockBox 3 could have been used, but find no way to enter the correct seed and having only Lockbox 2 documentation, the method given to fetch result of hash is not any longer correct.

In php, this works ok:

if (crypt ( $passord, $passordet ['crypt'] ) == $passordet ['crypt']) { $okuser = true; } else { $okuser = false; }

So how to do the same in Delphi ?
Kim Madsen

Posts: 362
Registered: 12/13/99
Re: How to check if user entered password is the same as the Linux htpasswd has  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Apr 5, 2016 7:33 AM   in response to: Alf Christopher... in response to: Alf Christopher...
Den 4/5/2016 kl. 15:52 skrev Alf Christophersen:
I'm working on a Delphi XE10 REST server using a Linux-based MySQL database as storage.
In a table usernames and hlpasswd-generated passwords are stored (I know it is not a good idea, but changing is another topic for future :-)

I can using a query ask for the dataset and now I need a hash-procedure that could do the crypt using the stored password as seed.

I assumpted LockBox 3 could have been used, but find no way to enter the correct seed and having only Lockbox 2 documentation, the method given to fetch result of hash is not any longer correct.

In php, this works ok:

if (crypt ( $passord, $passordet ['crypt'] ) == $passordet ['crypt']) { $okuser = true; } else { $okuser = false; }

So how to do the same in Delphi ?

Linux uses either MD5 and/or SHA512 hashes. MD5 is deprecated and should
not be used anylonger.

So the task is to find a MD5 and/or SHA512 hash algorithm.
Coincidentally there are such in kbmMW Professional Edition, but you may
also find them elsewhere.

Check www.components4developers.com

best regards
Kim/C4D

Angus Robertson

Posts: 205
Registered: 3/17/00
Re: How to check if user entered password is the same as the Linux htpasswd  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Apr 5, 2016 10:32 AM   in response to: Alf Christopher... in response to: Alf Christopher...
I can using a query ask for the dataset and now I need a
hash-procedure that could do the crypt using the stored password
as seed.

If this is the ancient crypt.c Unix GNU Library version, this very
simple component will do it, but it does not do anything newer from the
last 15 years.

http://www.magsys.co.uk/delphi/unixcrypt.asp

Angus
Alf Christopher...

Posts: 25
Registered: 10/10/98
Re: How to check if user entered password is the same as the Linux htpasswd  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Apr 5, 2016 2:55 PM   in response to: Angus Robertson in response to: Angus Robertson
Angus Robertson wrote:
I can using a query ask for the dataset and now I need a
hash-procedure that could do the crypt using the stored password
as seed.

If this is the ancient crypt.c Unix GNU Library version, this very
simple component will do it, but it does not do anything newer from the
last 15 years.

http://www.magsys.co.uk/delphi/unixcrypt.asp

Thx for pointer to magsys which I use in other projects for wmi usage.
Will try it tomorrow (too late in evening just now :-) )

Otherwise it seems that writing a new php script on server also will do the trick. But some work to implement.

Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02