htpasswd escaping “$” in perl variable

Question

So we have a script that connects to a database and pulls down a list of usernames passwords. Then we have a subroutine that hits the login and password with /usr/local/apache2/bin/htpasswd -bc then dumps them in to a /tmp/file.

Some users were unalbe to log in

sub getUsers {
    $dbUser = shift; 
    $dbPass = shift;
    $dbSid  = shift;
    $dbh =  DBI->connect("dbi:Oracle:$dbSid","$dbUser","$dbPass") or die( "Couldn't connect: $!" );
    $sql = "SELECT user_name,passwd FROM login_tbl";
    $sth = $dbh->prepare($sql);
    $sth->execute();
    while ( ( $user_name,$passwd ) = $sth->fetchrow_array ) {
        $passwd = quotemeta($passwd);
        updatePasswdFile($user_name,$passwd); 
        }
        $dbh->disconnect();
}


sub updatePasswdFile {
    $file = "/tmp/tmpusers";
    $user = shift;
    $pass = shift;
    print "Adding user: $user\n";
    $cmd = "$prefs{htpasswd} -b $file $user $pass";
    system($cmd);
}

What i discovered is that the htpasswd was not processing logins or passwords with a "$" symbol in them.

bash-3.00$
bash-3.00$  /usr/local/apache2/bin/htpasswd -bc /tmp/error.htpasswd zions$lee test
Adding password for user zions
bash-3.00$
bash-3.00$ cat /tmp/error.htpasswd
zions:$apr1$2YZZsgEK$csp6L7vbO81YYNSaRCdZQ/
bash-3.00$

bash-3.00$  /usr/local/apache2/bin/htpasswd -bc /tmp/error.htpasswd "zions$lee" test
Adding password for user zions
bash-3.00$
bash-3.00$ cat /tmp/error.htpasswd
zions:$apr1$AQOnDHdP$xBdm0AB3WZN.1cIeNLXUw/
bash-3.00$
bash-3.00$  /usr/local/apache2/bin/htpasswd -bc /tmp/error.htpasswd "zions\$lee" test
Adding password for user zions$lee
bash-3.00$
bash-3.00$
bash-3.00$ cat /tmp/error.htpasswd
zions$lee:$apr1$kmnQqi6K$bNKp0Ly8Pn.dqk.gEPb2H.
bash-3.00$
bash-3.00$
bash-3.00$

I have a regex /^\\S+\\s\\S+$/ that can find when both words have dollars signs - I am having trouble alteranting the regex like in the cases where just the login has the '$" character, or vice-versa, just the password.

I am putting a if statement that escapes the "$" character, but i am having a hell of a time putting the " " (quotes) in the varaible. how do i get and alternating regex one, the other or boths, and how do I escape the username (or password or both) with a dollar sign in the $user (or $pass) variable?

This is waht i have so far:

#!/usr/bin/perl
$escaping_file = $ARGV[0];
open( $filehandle, "<" , "$escaping_file" ) || die "can't access the file : $!";
while (<$filehandle>) {
    chomp;
    if ($_ =~ /^\$?\w+\$+\w+\$?$/g) {
    s/\$/\\\$/g ;
    $escaped_wquotes = qq("$_") ;
    print "$escaped_wquotes\n";
    }
}



[casper@casper]$ ./check_escapes 2013Nov14.logins
"uho\$test2"
"uho\$test3"
"ishi\$jg"
"bs\$test"
"uho\$test"
"boa\$jb"
"ishi\$b2"
"fb\$test"
"boston\$ny"
"stp\$test"
"tec\$stp3"
"bc\$test"

Answer 1

You are forming an incorrect shell command.

use String::ShellQuote qw( shell_quote );
my $shell_cmd = shell_quote($prefs{htpasswd}, '-b', $file, $user, $pass);
system($shell_cmd);

But why are you invoking a shell at all?

system($prefs{htpasswd}, '-b', $file, $user, $pass);

Answer 2

尝试$cmd = "$prefs{htpasswd} -b '$file' '$user' '$pass'";