On Mon, 3 Nov 2003 10:09:46 +0800, Franklin Lee <pengtaoli@hotmail.com> wrote:
> Now I want to write one CGI(Perl) program.
>
> User will login to a web page, and have to enter a user id and
> password(Inlcuding registering). And submit to Server.
>
> Then I need encrypt the UID and password. In server, I get the encrypted msg
> and then decode the msg to get
> UID and password.
>
> How should I do? Is there some document for this?

Typically for Unix system passwords, or apache auth, the unique username
is stored in plain text and the initial plain text password is crypted for
storage (using the system crypt function, which should use random salt
within the specified character range). This is a one way crypt, so
there is no decoding. See 'perldoc crypt' and 'man crypt'. The fields
are colon separated as follows for apache auth (second colon or anything
after it optional).

username:crypted_passwd:optional_ignored_comment

To tell if a user supplied password is valid, the user supplied plaintext
password used for authentication is crypted using the crypted password for
salt, and if the result matches the crypted password, it is good. If not,
it is bad. Or if you configure apache to use that file for web
authentication, that is handled by apache automatically.

See HTTPD::UserAdmin at http://search.cpan.org/modlist/World_Wide_Web

--
David Efflandt - All spam ignored http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/