CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Intermediate:
salt and password generation

 



newera
Novice

Sep 22, 2015, 5:59 AM

Post #1 of 5 (1458 views)
salt and password generation Can't Post

I have a PHP script that uses the following routine to generate a salt and password for new users. I also have a perl script for which I need the same routine. How do I write this for use in perl?


Code
        
$salt = substr(md5(uniqid(rand(), true)), 0, 9);
$password = escape(sha1($salt . sha1($salt . sha1($password)))


I'll be passing the $password to the routine.


FishMonger
Veteran / Moderator

Sep 22, 2015, 6:47 AM

Post #2 of 5 (1454 views)
Re: [newera] salt and password generation [In reply to] Can't Post

Start by reading the documentation for the corresponding perl functions and run a few tests. There's not always a direct one-to-one match between the results of php and perl functions, so you'll probably need to do some tweaking if you want both language routines to return the exact same password. This is especially true when writing your own custom encryption routines, like you're currently doing..

rand() - http://perldoc.perl.org/functions/rand.html
Digest::MD5 - http://search.cpan.org/~gaas/Digest-MD5-2.54/MD5.pm
Digest::SHA1 - http://search.cpan.org/~gaas/Digest-SHA1-2.13/SHA1.pm
Data::Uniqid - http://search.cpan.org/~mwx/Data-Uniqid-0.11/Uniqid.pm

I can't find an escape function on php.net, so I don't know what your escape function does and because of that, I can't provide a corresponding perl function.


(This post was edited by FishMonger on Sep 22, 2015, 6:48 AM)


newera
Novice

Sep 22, 2015, 1:11 PM

Post #3 of 5 (1443 views)
Re: [FishMonger] salt and password generation [In reply to] Can't Post

the escape should not be there.... sorry

It should read:


Code
$salt = substr(md5(uniqid(rand(), true)), 0, 9);  
$password = sha1($salt . sha1($salt . sha1($password)))


Would it be possible to call this PHP function from within my perl script? With an include maybe?


Laurent_R
Veteran / Moderator

Sep 23, 2015, 2:42 AM

Post #4 of 5 (1428 views)
Re: [newera] salt and password generation [In reply to] Can't Post

Although I don't like that too much, you could probably use the Perl backticks to call a PHP program, but probably not a specific function within a PHP program. Something like that (which should be adapted to the PHP calling conventions, which I have completely forgotten):

Code
my $password = `php php_script.php $salt`:

Then $password should contain any output provided by the PHP script.

But again, PHP is Web-oriented and a bit special in terms of calling and output conventions, there might be some additional tweaking involved, and I don't know enough about PHP to help on this side of the issue.


(This post was edited by Laurent_R on Sep 24, 2015, 5:42 AM)


FishMonger
Veteran / Moderator

Sep 23, 2015, 8:25 AM

Post #5 of 5 (1419 views)
Re: [newera] salt and password generation [In reply to] Can't Post

I am not suggesting you should do/use this; I'm just pointing you to a possible answer to your question. One which I would never use myself.

PHP::Interpreter - An embedded PHP5 interpreter
http://search.cpan.org/~aff/PHP-Interpreter-1.0.2/lib/PHP/Interpreter.pm

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives