using php to create .htaccess

Forum Moderators: coopster

Message Too Old, No Replies

using php to create .htaccess

pass proctection

WhosAWhata

10:28 pm on Apr 3, 2004 (gmt 0)

if you have a form with two variables, USER and PASS, how do you encode them to the format for a .htaccess password protection file?

jetboy_70

11:28 pm on Apr 3, 2004 (gmt 0)

You're mixing up two different methods of user authentication here, and to the best of my knowledge they're not compatible.

.htaccess/.htpasswd user authentication is handled entirely by the Apache server and doesn't interact with PHP (although you can pull the username into PHP after they have logged in by accessing the appropriate server variable).

If you are authenticating users using an HTML form and PHP you will need to start a PHP session for the user when they log in, and check for a valid user on a page by page basis. This is a big subject, but PHPBuilder has a few articles on session management here:

[phpbuilder.com...]

WhosAWhata

11:37 pm on Apr 3, 2004 (gmt 0)

sorry for not being clear, what i meant is that i would like to use a php form to create the .htacess files

ex: html form
<input type=text name=USER><input type=text name=PASS>

ex: php script
$htp = fopen(".htpasswd",w);
fputs($htp,$file); // $file being the .htpasswd file

ex: created .htpasswd file
user:4j.tBVk51Uhjg

jetboy_70

12:01 am on Apr 4, 2004 (gmt 0)

Which would allow you to mix the two methods ... nice :) Not something I've ever thought of doing. I've stickied you with a URL that I think may be useful. If you come up with a simple solution please post it in this thread.

WhosAWhata

12:06 am on Apr 4, 2004 (gmt 0)

basically all i'm wondering is how do you use php to encode the password corectly?

WhosAWhata

1:23 am on Apr 4, 2004 (gmt 0)

i found a perl version, but i'm not too great with perl
[xentrik.net ]
any ideas on a similar PHP script?

ergophobe

2:39 am on Apr 4, 2004 (gmt 0)

Aren't the .htaccess passwords just md5 hashes? Not sure about that

$pass = md5($password);

WhosAWhata

2:58 am on Apr 4, 2004 (gmt 0)

i tried copying the result of this script

echo "user:";
echo md5('pass');

into a .htpasswd file, but it was unsuccessful, so i guess md5 isn't correct...thanks for the thought though

WhosAWhata

3:08 am on Apr 4, 2004 (gmt 0)

i found and quickly modified a script to do it

<?
echo "user:";
$chars = array_merge(range('a','z'),range('A','Z'),range(0,9));
$newpass = 'pass';
for($i=0;$i<2;$i++) { $salt .= $chars[mt_rand(0,count($chars)-1)]; }
echo crypt($newpass,$salt);
?>

i know it is really igly, but i just wanted to show how its done...thanks guys

BTW i found it with this search in google
"htpasswd site:php.net" it was the first one

coopster

12:16 pm on Apr 4, 2004 (gmt 0)

htpasswd [httpd.apache.org] encrypts passwords using either a version of MD5 modified for Apache, or the system's

crypt()

routine. Files managed by

htpasswd

may contain both types of passwords; some user records may have MD5-encrypted passwords while others in the same file may have passwords encrypted with

crypt()