ChrisMorris
asked on
.htpasswd and "crypt"
I need to write a PHP script to add and remove users from the .htpasswd file. Removing users is easy, it's the adding of users that's the hard part. For some reason, the passwords are not being written correctly.
I have downloaded a script that uses PHP's "crypt" function to generate the encypted passwords that are written to .htpasswd. But the problem is that users that are written this way are unable to log in. Of course, when I use Apache's htpasswd program to write users, everything is cool. I did notice that Apache's htpasswd ptogram uses MD5 encyption on Windows. I tried using PHP's MD5 function to generate the passwords, but this didn't work either.
Has anyone else done this on Windows? I can't believe I'm the only one who's tried this.
Thanks in advance.
I have downloaded a script that uses PHP's "crypt" function to generate the encypted passwords that are written to .htpasswd. But the problem is that users that are written this way are unable to log in. Of course, when I use Apache's htpasswd program to write users, everything is cool. I did notice that Apache's htpasswd ptogram uses MD5 encyption on Windows. I tried using PHP's MD5 function to generate the passwords, but this didn't work either.
Has anyone else done this on Windows? I can't believe I'm the only one who's tried this.
Thanks in advance.
ASKER
Adding CRYPT_STD_DES didn't work. But it got me thinking and I am going to try CRYPT_MD5 instead. The reason is that when I run Apache's htpasswd utility, it says that MD5 is always used on Windows. I'll let you know how it works out.
Thanks for the response.
Thanks for the response.
when i did this i used the system() function to excute apaches htpasswd utility and it worked fine.
its just an option.
laurly
its just an option.
laurly
ASKER
After much more fiddling with the crypt function, I gave up. Mainly because I read the Apache documentation on the htpasswd utility and it said that it uses a version of MD5 modified for Apache. Proprietary....great.
So I started fiddling with shell_exec. When I provided the complete path to htpasswd, shell_exec returned NOTHING. I read a post where someone said that shell_exec won't work on Windows when htpasswd is not on the PATH. This person suggested creating a batch file that sits in "C:\" that makes the call to htpasswd, wherever it is. That works. I have yet to put htpasswd on the path and see if that works. Also, I'm still not sure how to tell if the call to htpasswd failed. I read that "system" provides a return value, so I'm trying that next.
I'm leaving this open in case someone has another solution. Otherwise, laurly get the points for suggesting something that actually worked.
So I started fiddling with shell_exec. When I provided the complete path to htpasswd, shell_exec returned NOTHING. I read a post where someone said that shell_exec won't work on Windows when htpasswd is not on the PATH. This person suggested creating a batch file that sits in "C:\" that makes the call to htpasswd, wherever it is. That works. I have yet to put htpasswd on the path and see if that works. Also, I'm still not sure how to tell if the call to htpasswd failed. I read that "system" provides a return value, so I'm trying that next.
I'm leaving this open in case someone has another solution. Otherwise, laurly get the points for suggesting something that actually worked.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well, I finally got this working.
The problems I was having with system and shell_exec had to do with Apache's htpasswd utility either not liking long filenames or not liking spaces in filenames. I was trying to call the htpasswd utility:
c:\program files\apache group\apache2\bin\htpasswd
but every time I called system of shell_exec, it returned no output and an error code. So I tried changing it to:
c:\progra~1\apache~1\apach e2\bin\htp asswd
and it worked like a charm. Both system and shell_exec work, I am going with system because I can check a return value.
Thanks laurly, you get the points!
The problems I was having with system and shell_exec had to do with Apache's htpasswd utility either not liking long filenames or not liking spaces in filenames. I was trying to call the htpasswd utility:
c:\program files\apache group\apache2\bin\htpasswd
but every time I called system of shell_exec, it returned no output and an error code. So I tried changing it to:
c:\progra~1\apache~1\apach
and it worked like a charm. Both system and shell_exec work, I am going with system because I can check a return value.
Thanks laurly, you get the points!
if (isset($user) && isset($passwort))
{
# get url
$url = dirname($PHP_SELF) . "/.htpasswd";
# make .htaccess and .htpasswd
$htaccess_txt = "AuthType Basic" . "\n";
$htaccess_txt .= "AuthName \"protected area\"" . "\n";
$htaccess_txt .= "AuthUserFile $url" . "\n";
$htaccess_txt .= "require valid-user" . "\n";
$htpasswd_txt .= "$user:".crypt($passwort,C
# save files
$htaccess= fopen(".htaccess", "w");
$htpasswd= fopen(".htpasswd", "w");
fputs($htaccess, $htaccess_txt);
fputs($htpasswd, $htpasswd_txt);
fclose($htaccess);
fclose($htpasswd);
# output
die ("OK!<HR>" . nl2br($htaccess_txt) . "<HR>" . nl2br($htpasswd_txt));
}
?>
<HTML><HEAD><TITLE> MAKE .htaccess + .htpasswd </TITLE></HEAD>
<BODY>
<FORM METHOD="POST" ACTION="<? echo $PHP_SELF; ?>">
<p>Username: <INPUT TYPE="TEXT" NAME="user"></p>
<p>Passwort: <INPUT TYPE="TEXT" NAME="passwort"></p>
<p><INPUT TYPE="submit" VALUE="make"></p>
</FORM>
</BODY></HTML>
regards