(This cgi-bin form generates password hashes which are \n"; echo "understood by the Apache web server in directory access files and also by \n"; echo "the CVS version control system when such entries are placed in the \n"; echo "CVSROOT/passwd file. The algorithm used is the standard DES algorithm with \n"; echo "randomly selected two-character salt. To use this password hash generator, \n"; echo "you must normally paste the output into an Apache directory access file or into \n"; echo "the CVSROOT/passwd file of a CVS repository.)
\n"; $style->hrule_std(); echo "WARNING: The username and "; echo "password you choose are "; echo "transmitted over the network to the server unencrypted and can be intercepted. "; echo "Use this utility "; echo "at your own risk.
\n"; $style->hrule_std(); } function do_footer(&$style) { $style->footer_std(); } function do_form($Buttontext) { echo "\n"; } function do_err_msg($Err_msg) { echo ""; echo $Err_msg; echo "
\n"; } function random_salt() { //There are 64 possible values for each salt character, a-z, A-Z, 0-9, ., and /. //Can easily generate a suitably random value. $Matchstring = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./"; $Rand1 = rand(0,63); $Rand2 = rand(0,63); return(Substr($Matchstring, $Rand1, 1) . Substr($Matchstring, $Rand2, 1)); } //Main script begins here. // // $style = new Stdnwpstyle; //Assign the current style in force. Also, starts the CPU //usage clock. //Do the header unconditionally. The header is always used on this page. do_header($style); // //Load up a few variables based on what username and password values were supplied. if (isset($Username) && isset($Password)) { $Usernamelen = strlen($Username); $Usernamevalid = 1; for ($i=0; $i<$Usernamelen; $i++) { $Curchar = Substr($Username, $i, 1); $Ord = ord($Curchar); if (! ( ($Ord >= ord("A") && $Ord <= ord("Z")) || ($Ord >= ord("a") && $Ord <= ord("z")) || ($Ord >= ord("0") && $Ord <= ord("9")) ) ) { $Usernamevalid = 0; } } $Passwordlen = strlen($Password); $Passwordvalid = 1; for ($i=0; $i<$Passwordlen; $i++) { $Curchar = Substr($Password, $i, 1); $Ord = ord($Curchar); if (! ( ($Ord >= ord("A") && $Ord <= ord("Z")) || ($Ord >= ord("a") && $Ord <= ord("z")) || ($Ord >= ord("0") && $Ord <= ord("9")) || ($Ord == ord("/")) || ($Ord == ord(".")) ) ) { $Passwordvalid = 0; } } } // //There are a few cases to break into here, and this affects the overall layout of the page. //The header and footer are fixed, but the "guts" will change. if (!isset($Username) || !isset($Password)) { //In this case, we are probably visiting the form for the first time, and have not done a submit. //Just display the form itself. do_form("Click To Generate Hashed Password"); } elseif ($Usernamelen < 1 || !$Usernamevalid) { //The user name is suspicious. Must flag it. do_err_msg("The Username you supplied is not valid. User names must contain at least one character and may consist only of lower-case and upper-case letters and digits. Please try again."); $style->hrule_std(); do_form("Click To Generate Hashed Password"); } elseif ($Passwordlen < 2 || !$Passwordvalid) { //The password is suspicious. Must flag it. do_err_msg("The Password you supplied is not valid. Passwords must contain at least two characters and may consist only of lower-case and upper-case letters and digits and the \"/\" and \".\" characters. Please try again."); $style->hrule_std(); do_form("Click To Generate Hashed Password"); } else { //Username and password seem within minimums. Should be clear to generate hashed password. $Hashedpwd = crypt($Password, random_salt()); echo "The hashed username/password is:
\n"; echo ""; echo $Username; echo ":"; echo $Hashedpwd; echo "
\n"; echo "You may paste this value directly into an Apache directory \n"; echo "access file or CVS CVSROOT/passwd file. Note that if the period (\".\") \n"; echo "character or other punctuation appears as the last character(s) of the hash above, \n"; echo "it is part of the hash and \n"; echo "must be included when copying and pasting.
\n"; $style->hrule_std(); do_form("Click To Generate Another Hashed Password"); } //Now do the footer unconditionally. The footer is always used on this web page. do_footer($style); ?>