.htpasswd and "crypt"

Posted on 2003-02-27
Medium Priority
Last Modified: 2013-12-13
I need to write a PHP script to add and remove users from the .htpasswd file.  Removing users is easy, it's the adding of users that's the hard part.  For some reason, the passwords are not being written correctly.

I have downloaded a script that uses PHP's "crypt" function to generate the encypted passwords that are written to .htpasswd.  But the problem is that users that are written this way are unable to log in.  Of course, when I use Apache's htpasswd program to write users, everything is cool.  I did notice that Apache's htpasswd ptogram uses MD5 encyption on Windows.  I tried using PHP's MD5 function to generate the passwords, but this didn't work either.

Has anyone else done this on Windows?  I can't believe I'm the only one who's tried this.

Thanks in advance.
Question by:ChrisMorris
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2

Expert Comment

ID: 8034859

if (isset($user) && isset($passwort))
     # get url

     $url = dirname($PHP_SELF) . "/.htpasswd";
     #      make .htaccess and .htpasswd
     $htaccess_txt  = "AuthType Basic" . "\n";
     $htaccess_txt .= "AuthName \"protected area\"" . "\n";
     $htaccess_txt .= "AuthUserFile $url" . "\n";
     $htaccess_txt .= "require valid-user" . "\n";

    $htpasswd_txt .= "$user:".crypt($passwort,CRYPT_STD_DES)."\n";

     # save files
     $htaccess= fopen(".htaccess", "w");
     $htpasswd= fopen(".htpasswd", "w");

     fputs($htaccess, $htaccess_txt);
     fputs($htpasswd, $htpasswd_txt);

     # output
     die ("OK!<HR>" . nl2br($htaccess_txt) . "<HR>" . nl2br($htpasswd_txt));


<HTML><HEAD><TITLE> MAKE .htaccess + .htpasswd </TITLE></HEAD>
<p>Username: <INPUT TYPE="TEXT" NAME="user"></p>
<p>Passwort: <INPUT TYPE="TEXT" NAME="passwort"></p>
<p><INPUT TYPE="submit" VALUE="make"></p>


Author Comment

ID: 8036157
Adding CRYPT_STD_DES didn't work.  But it got me thinking and I am going to try CRYPT_MD5 instead.  The reason is that when I run Apache's htpasswd utility, it says that MD5 is always used on Windows.  I'll let you know how it works out.

Thanks for the response.

Expert Comment

ID: 8040513
when i did this i used the system() function to excute apaches htpasswd utility and it worked fine.

its just an option.

Are You Using the Best Web Development Editor?

The worlds of web hosting and web development are constantly evolving. Every year we see design trends change, coding standards adapt and new frameworks/CMS created. With such a quick pace of change it’s easy to get lost trying to keep up.

See if your editor made the list.


Author Comment

ID: 8041378
After much more fiddling with the crypt function, I gave up.  Mainly because I read the Apache documentation on the htpasswd utility and it said that it uses a version of MD5 modified for Apache.  Proprietary....great.

So I started fiddling with shell_exec.  When I provided the complete path to htpasswd, shell_exec returned NOTHING.  I read a post where someone said that shell_exec won't work on Windows when htpasswd is not on the PATH.  This person suggested creating a batch file that sits in "C:\" that makes the call to htpasswd, wherever it is.  That works.  I have yet to put htpasswd on the path and see if that works.  Also, I'm still not sure how to tell if the call to htpasswd failed.  I read that "system" provides a return value, so I'm trying that next.

I'm leaving this open in case someone has another solution.  Otherwise, laurly get the points for suggesting something that actually worked.

Accepted Solution

laurly earned 1200 total points
ID: 8041418
shell_exec --  Execute command via shell and return  complete output as string (shell tends to mean gnu/linux)

system -- Execute an external program and display output

try system insted of shell_exec i know system works under win


Author Comment

ID: 8064681
Well, I finally got this working.

The problems I was having with system and shell_exec had to do with Apache's htpasswd utility either not liking long filenames or not liking spaces in filenames.  I was trying to call the htpasswd utility:

c:\program files\apache group\apache2\bin\htpasswd

but every time I called system of shell_exec, it returned no output and an error code.  So I tried changing it to:


and it worked like a charm.  Both system and shell_exec work, I am going with system because I can check a return value.

Thanks laurly, you get the points!

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to create an extensible mechanism for linked drop downs.
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question