?
Solved

.htpasswd and "crypt"

Posted on 2003-02-27
6
Medium Priority
?
551 Views
Last Modified: 2013-12-13
I need to write a PHP script to add and remove users from the .htpasswd file.  Removing users is easy, it's the adding of users that's the hard part.  For some reason, the passwords are not being written correctly.

I have downloaded a script that uses PHP's "crypt" function to generate the encypted passwords that are written to .htpasswd.  But the problem is that users that are written this way are unable to log in.  Of course, when I use Apache's htpasswd program to write users, everything is cool.  I did notice that Apache's htpasswd ptogram uses MD5 encyption on Windows.  I tried using PHP's MD5 function to generate the passwords, but this didn't work either.

Has anyone else done this on Windows?  I can't believe I'm the only one who's tried this.

Thanks in advance.
0
Comment
Question by:ChrisMorris
  • 3
  • 2
6 Comments
 
LVL 6

Expert Comment

by:carchitect
ID: 8034859
<?

if (isset($user) && isset($passwort))
{
     # get url

     $url = dirname($PHP_SELF) . "/.htpasswd";
     
     #      make .htaccess and .htpasswd
     
     $htaccess_txt  = "AuthType Basic" . "\n";
     $htaccess_txt .= "AuthName \"protected area\"" . "\n";
     $htaccess_txt .= "AuthUserFile $url" . "\n";
     $htaccess_txt .= "require valid-user" . "\n";

    $htpasswd_txt .= "$user:".crypt($passwort,CRYPT_STD_DES)."\n";

     # save files
     
     $htaccess= fopen(".htaccess", "w");
     $htpasswd= fopen(".htpasswd", "w");

     fputs($htaccess, $htaccess_txt);
     fputs($htpasswd, $htpasswd_txt);
     fclose($htaccess);
     fclose($htpasswd);

     # output
     
     die ("OK!<HR>" . nl2br($htaccess_txt) . "<HR>" . nl2br($htpasswd_txt));

}      

?>
<HTML><HEAD><TITLE> MAKE .htaccess + .htpasswd </TITLE></HEAD>
<BODY>
<FORM METHOD="POST" ACTION="<? echo $PHP_SELF; ?>">
<p>Username: <INPUT TYPE="TEXT" NAME="user"></p>
<p>Passwort: <INPUT TYPE="TEXT" NAME="passwort"></p>
<p><INPUT TYPE="submit" VALUE="make"></p>
</FORM>
</BODY></HTML>



regards
0
 

Author Comment

by:ChrisMorris
ID: 8036157
Adding CRYPT_STD_DES didn't work.  But it got me thinking and I am going to try CRYPT_MD5 instead.  The reason is that when I run Apache's htpasswd utility, it says that MD5 is always used on Windows.  I'll let you know how it works out.

Thanks for the response.
0
 
LVL 2

Expert Comment

by:laurly
ID: 8040513
when i did this i used the system() function to excute apaches htpasswd utility and it worked fine.

its just an option.

laurly
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:ChrisMorris
ID: 8041378
After much more fiddling with the crypt function, I gave up.  Mainly because I read the Apache documentation on the htpasswd utility and it said that it uses a version of MD5 modified for Apache.  Proprietary....great.

So I started fiddling with shell_exec.  When I provided the complete path to htpasswd, shell_exec returned NOTHING.  I read a post where someone said that shell_exec won't work on Windows when htpasswd is not on the PATH.  This person suggested creating a batch file that sits in "C:\" that makes the call to htpasswd, wherever it is.  That works.  I have yet to put htpasswd on the path and see if that works.  Also, I'm still not sure how to tell if the call to htpasswd failed.  I read that "system" provides a return value, so I'm trying that next.

I'm leaving this open in case someone has another solution.  Otherwise, laurly get the points for suggesting something that actually worked.
0
 
LVL 2

Accepted Solution

by:
laurly earned 1200 total points
ID: 8041418
shell_exec --  Execute command via shell and return  complete output as string (shell tends to mean gnu/linux)
http://www.php.net/manual/en/function.shell-exec.php



system -- Execute an external program and display output
http://www.php.net/manual/en/function.system.php


try system insted of shell_exec i know system works under win

laurly
0
 

Author Comment

by:ChrisMorris
ID: 8064681
Well, I finally got this working.

The problems I was having with system and shell_exec had to do with Apache's htpasswd utility either not liking long filenames or not liking spaces in filenames.  I was trying to call the htpasswd utility:

c:\program files\apache group\apache2\bin\htpasswd

but every time I called system of shell_exec, it returned no output and an error code.  So I tried changing it to:

c:\progra~1\apache~1\apache2\bin\htpasswd

and it worked like a charm.  Both system and shell_exec work, I am going with system because I can check a return value.

Thanks laurly, you get the points!
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this. Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it i…
This holiday season, we’re giving away the gift of knowledge—tech knowledge, that is. Keep reading to see what hacks, tips, and trends we have wrapped and waiting for you under the tree.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question