Re-4: des encryption with rev for .htaccess password

runrev260805 at m-r-d.de runrev260805 at m-r-d.de
Wed Oct 29 11:07:38 EDT 2008


Hi Mark,

maybe i was not clear enough.

I want to create and encrypt passwords with rev, which then can be used for http authentication on a webserver.

I want my rev app to create a folder on the webserver, create passwords,encrypt them, create the .httaccess and the .htpassword file and upload them to the newly created folder. 

My rev app is already doing so, with one exception: I am using a php file on the webserver to encrypt  the passwords. I am using the following code to get the encrypted password into rev.

put URL ("http://...../passwdcreate.php?pass=" & sPassword) into sOutput
if line 1 of sOutput is "Password created" 
then 
put line 2 of sOutput into sEncryptedPassword
and so on


My PHP code is like this

<?php
// Passwort setzen
echo "Password created";
echo"<br>"	;
echo crypt($pass , 'sa');
?> 


Regards,

Matthias

-------- Original Message --------
Subject: Re: Re-2: des encryption with rev for .htaccess password (29-Okt-2008 12:43)
From:    Mark Smith <lists at futilism.com>
To:      runrev260805 at m-r-d.de

> Mattias, there's a fairly clear description of how to use md5 one-way  
> encryption here:
> 
> http://www.pixel2life.com/publish/tutorials/118/ 
> understanding_md5_password_encryption/
> 
> This would be very easy to do in Revolution.
> 
> A function might look like:
> 
> function md5crypt pPassword
>     local tSalt = "h7%sz0jd63hK0db2$_=97&8!W`?&h%fg" -- just a string  
> of bytes
>     return md5digest(pPassword & tSalt)
> end md5crypt
> 
> so when your users first choose their password, you run it through  
> the md5crypt function, and store the output, and then, when you need  
> to check their password when they log in, you run the password they  
> give through the function and compare the output to the stored  
> (encrypted) password.
> 
> Hope this helps,
> 
> Mark
> 
> On 29 Oct 2008, at 09:58, runrev260805 at m-r-d.de wrote:
> 
> > Hi Mark,
> >
> > i have to admit, that i am not very familiar with php and its  
> > encryption.
> >
> > This is what i found at php.net about crypt. PHP uses a random key  
> > if none is provided.
> >
> > --
> > crypt() will return an encrypted string using the standard Unix DES- 
> > based encryption algorithm or alternative algorithms that may be  
> > available on the system.
> >
> > Some operating systems support more than one type of encryption. In  
> > fact, sometimes the standard DES-based encryption is replaced by an  
> > MD5-based encryption algorithm. The encryption type is triggered by  
> > the salt argument. At install time, PHP determines the capabilities  
> > of the crypt function and will accept salts for other encryption  
> > types. If no salt is provided, PHP will auto-generate a standard  
> > two character salt by default, unless the default encryption type  
> > on the system is MD5, in which case a random MD5-compatible salt is  
> > generated. PHP sets a constant named CRYPT_SALT_LENGTH which tells  
> > you whether a regular two character salt applies to your system or  
> > the longer twelve character salt is applicable.
> >
> > The standard DES-based encryption crypt() returns the salt as the  
> > first two characters of the output. It also only uses the first  
> > eight characters of str , so longer strings that start with the  
> > same eight characters will generate the same result (when the same  
> > salt is used).
> > --
> >
> > Regards,
> >
> > Matthias
> >
> >
> > -------- Original Message --------
> > Subject: Re: des encryption with rev for .htaccess password (28- 
> > Okt-2008 17:21)
> > From:    Mark Smith <lists at futilism.com>
> > To:      runrev260805 at m-r-d.de
> >
> >> Matthias, how does the PHP encryption work? Is it using some
> >> internally maintained key (password)?
> >>
> >> If so, I'm sure this would be possible in Rev.
> >>
> >> Best,
> >>
> >> Mark
> >>
> >> On 28 Oct 2008, at 14:03, runrev260805 at m-r-d.de wrote:
> >>
> >>> Hi,
> >>>
> >>> does no one know, if this is possible with revolution?
> >>>
> >>> Regards,
> >>>
> >>> Matthias
> >>>
> >>> -------- Original Message --------
> >>> Subject: des encryption with rev for .htaccess password (27-
> >>> Okt-2008 21:41)
> >>> From:    runrev260805 at m-r-d.de
> >>> To:      runrev260805 at m-r-d.de
> >>>
> >>>> Hi,
> >>>>
> >>>> i am working on an app, which creates .htaccess and .htpassword
> >>>> files for
> >>>> folder/file protection on a linux webserver.
> >>>> For this i have to encrypt passwords with standard php encryption.
> >>>> At the
> >>>> moment i am
> >>>> using a php script, which encrypts the password for me. But i want
> >>>> to do
> >>>> the encryption with rev, if possible.
> >>>>
> >>>> Does anyone know, if this is possible with Revolution? I looked at
> >>>> the
> >>>> encrypt command, but it seems,
> >>>> that i need to provide not only the password i want to encrypt,
> >>>> but also a "
> >>>> password" which is used for encryption.
> >>>>
> >>>> Could anyone help?
> >>>>
> >>>> Regards,
> >>>>
> >>>> Matthias
> >>>> _______________________________________________
> >>>> use-revolution mailing list
> >>>> use-revolution at lists.runrev.com
> >>>> Please visit this url to subscribe, unsubscribe and manage your
> >>>> subscription preferences:
> >>>> http://lists.runrev.com/mailman/listinfo/use-revolution
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> To: use-revolution at lists.runrev.com
> >>>
> >>>
> >>> _______________________________________________
> >>> use-revolution mailing list
> >>> use-revolution at lists.runrev.com
> >>> Please visit this url to subscribe, unsubscribe and manage your
> >>> subscription preferences:
> >>> http://lists.runrev.com/mailman/listinfo/use-revolution
> >>
> >> _______________________________________________
> >> use-revolution mailing list
> >> use-revolution at lists.runrev.com
> >> Please visit this url to subscribe, unsubscribe and manage your
> >> subscription preferences:
> >> http://lists.runrev.com/mailman/listinfo/use-revolution
> >>
> >>
> >>
> >>
> >> To: use-revolution at lists.runrev.com
> >
> >
> > _______________________________________________
> > use-revolution mailing list
> > use-revolution at lists.runrev.com
> > Please visit this url to subscribe, unsubscribe and manage your  
> > subscription preferences:
> > http://lists.runrev.com/mailman/listinfo/use-revolution
> 
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your 
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
> 
> 
> 
> 
> To: use-revolution at lists.runrev.com





More information about the use-livecode mailing list