Caiapfas
asked on
how can i make a simple php script that checks the .htpasswd file and then lets the user enter? 500points
I need to make a simple php script that checks the .htpasswd file and then lets the user enter?
from a page that has a space for username and password..
i will tell it the location of the .htpasswd file in the settings
from a page that has a space for username and password..
i will tell it the location of the .htpasswd file in the settings
I'm leaving out the form input handling code, which is trivial, and I assume you are able to whip up yourself, if not, we'll see what can be done. Assume that $given_user and $given_pass are the values supplied by the user.
I haven't tested the code, but in essence, this is what you are looking for.
<?php
$htpasswd = '~/.htpasswd';
$lines = file($htpasswd);
$login_good = false;
foreach ($lines as $line) {
list($user, $pass) = preg_split(":", $line);
if ($given_user == $user) {
if (crypt($given_pass, $pass) == $pass) {
$login_good = true;
break;
}
}
}
if ($login_good) {
echo "Username/password correct\n";
} else {
echo "Invalid username/password\n";
}
I haven't tested the code, but in essence, this is what you are looking for.
<?php
$htpasswd = '~/.htpasswd';
$lines = file($htpasswd);
$login_good = false;
foreach ($lines as $line) {
list($user, $pass) = preg_split(":", $line);
if ($given_user == $user) {
if (crypt($given_pass, $pass) == $pass) {
$login_good = true;
break;
}
}
}
if ($login_good) {
echo "Username/password correct\n";
} else {
echo "Invalid username/password\n";
}
ASKER
mishagale ,
2 questions.
1. do i put the
$htpasswd = 'pathto/.htpasswd'; < there
2. yes, please can you help me make the simple page that passes the values
and this is basic auth.?
2 questions.
1. do i put the
$htpasswd = 'pathto/.htpasswd'; < there
2. yes, please can you help me make the simple page that passes the values
and this is basic auth.?
1. Yes, this is where you put the path.
2. Note that the code I have provided has nothing to do with basic authentication - if you are looking for basic authentication, which is part of the HTTP protocol, then it is far better to let Apache (or IIS, or whatever) handle it. What I have given you uses ordinary CGI parameter passing to check a password. For a fully self-contained script, try the following:
<!-- Code begins -->
<html>
<head><title>Login</title>
<body>
<?php
if ($_POST['user']) {
$given_user = $_POST['user'];
$given_pass = $_POST['pass'];
$htpasswd = '~/.htpasswd';
$lines = file($htpasswd);
$login_good = false;
foreach ($lines as $line) {
list($user, $pass) = preg_split(":", $line);
if ($given_user == $user) {
if (crypt($given_pass, $pass) == $pass) {
$login_good = true;
break;
}
}
}
if ($login_good) {
//You'll want to put something more useful here
echo "Username/password correct\n";
} else {
echo "Invalid username/password\n";
}
} else {
?>
<form action="<? echo $PHP_SELF; ?>" method=post>
Enter User Name: <input name=user><br />
Enter Password: <input name=pass>
<input type=submit>
</form>
<?php
}
?>
</body>
</html>
<!-- Code ends -->
I haven't tested this code, and obviously it's just a minimal implementation - you'll need to tweak it a bit to get it to do something useful. Also, you should certainly run this over https, as the password is otherwise transmitted in cleartext.
2. Note that the code I have provided has nothing to do with basic authentication - if you are looking for basic authentication, which is part of the HTTP protocol, then it is far better to let Apache (or IIS, or whatever) handle it. What I have given you uses ordinary CGI parameter passing to check a password. For a fully self-contained script, try the following:
<!-- Code begins -->
<html>
<head><title>Login</title>
<body>
<?php
if ($_POST['user']) {
$given_user = $_POST['user'];
$given_pass = $_POST['pass'];
$htpasswd = '~/.htpasswd';
$lines = file($htpasswd);
$login_good = false;
foreach ($lines as $line) {
list($user, $pass) = preg_split(":", $line);
if ($given_user == $user) {
if (crypt($given_pass, $pass) == $pass) {
$login_good = true;
break;
}
}
}
if ($login_good) {
//You'll want to put something more useful here
echo "Username/password correct\n";
} else {
echo "Invalid username/password\n";
}
} else {
?>
<form action="<? echo $PHP_SELF; ?>" method=post>
Enter User Name: <input name=user><br />
Enter Password: <input name=pass>
<input type=submit>
</form>
<?php
}
?>
</body>
</html>
<!-- Code ends -->
I haven't tested this code, and obviously it's just a minimal implementation - you'll need to tweak it a bit to get it to do something useful. Also, you should certainly run this over https, as the password is otherwise transmitted in cleartext.
ASKER
i get
Warning: No ending delimiter ':' found in login.php on line 17
Warning: No ending delimiter ':' found in login.php on line 17
Warning: No ending delimiter ':' found in login.php on line 17
Invalid username/password
and the password and username is encrypted
basic..lpease advise
Warning: No ending delimiter ':' found in login.php on line 17
Warning: No ending delimiter ':' found in login.php on line 17
Warning: No ending delimiter ':' found in login.php on line 17
Invalid username/password
and the password and username is encrypted
basic..lpease advise
Apologies, like I said, I never tried running the script. Here is the debugged version:
<!-- Code begins -->
<html>
<head><title>Login</title>
<body>
<?php
if ($_POST['user']) {
$given_user = $_POST['user'];
$given_pass = $_POST['pass'];
$htpasswd = '.htpasswd';
$lines = file($htpasswd);
$login_good = false;
foreach ($lines as $line) {
list($user, $pass) = preg_split("/\:/", $line);
$pass = trim($pass);
if ($given_user == $user) {
if (crypt($given_pass, $pass) == $pass) {
$login_good = true;
break;
}
}
}
if ($login_good) {
//You will want to put something more useful here
echo "Username/password correct\n";
} else {
echo "Invalid username/password\n";
}
} else {
?>
<form action="<? echo $PHP_SELF; ?>" method=post>
Enter User Name: <input name=user><br />
Enter Password: <input name=pass>
<input type=submit>
</form>
<?php
}
?>
</body>
</html>
<!-- Code ends -->
<!-- Code begins -->
<html>
<head><title>Login</title>
<body>
<?php
if ($_POST['user']) {
$given_user = $_POST['user'];
$given_pass = $_POST['pass'];
$htpasswd = '.htpasswd';
$lines = file($htpasswd);
$login_good = false;
foreach ($lines as $line) {
list($user, $pass) = preg_split("/\:/", $line);
$pass = trim($pass);
if ($given_user == $user) {
if (crypt($given_pass, $pass) == $pass) {
$login_good = true;
break;
}
}
}
if ($login_good) {
//You will want to put something more useful here
echo "Username/password correct\n";
} else {
echo "Invalid username/password\n";
}
} else {
?>
<form action="<? echo $PHP_SELF; ?>" method=post>
Enter User Name: <input name=user><br />
Enter Password: <input name=pass>
<input type=submit>
</form>
<?php
}
?>
</body>
</html>
<!-- Code ends -->
ASKER
ok last 2 things
How would I make it report an error
"Username or Password incorrect" in red under it..
and if they get it right then it redirects them to X page
after this many thanks
How would I make it report an error
"Username or Password incorrect" in red under it..
and if they get it right then it redirects them to X page
after this many thanks
To change the message output for an invalid username/password, change line 32
echo "Invalid username/password\n";
to output whatever HTML code you want displayed, i.e.
echo "<font color=red>Username or Password incorrect</font><br />";
Note that since your output is already in double-quotes ("), if you use these as part of your HTML, you need to escape them, that is, type \" instead of "
If you prefer, instead of the echo statement, you can inline the HTML, by putting it in between ?> and <? tags, like so:
if ($login_good) {
?>
<font color=red>Username or Password correct</font><br />
<?
} else {
?>
<font color=red>Username or Password incorrect</font><br />
<?
}
To redirect to a new page, you could use a little javascript, like so:
if ($login_good) {
?>
<script language="JavaScript">
<!--
window.location.href="http://www.someurl.com/some_page.html";
-->
</script>
<?
} else {
?>
<font color=red>Username or Password incorrect</font><br />
<?
}
Hope this helps.
echo "Invalid username/password\n";
to output whatever HTML code you want displayed, i.e.
echo "<font color=red>Username or Password incorrect</font><br />";
Note that since your output is already in double-quotes ("), if you use these as part of your HTML, you need to escape them, that is, type \" instead of "
If you prefer, instead of the echo statement, you can inline the HTML, by putting it in between ?> and <? tags, like so:
if ($login_good) {
?>
<font color=red>Username or Password correct</font><br />
<?
} else {
?>
<font color=red>Username or Password incorrect</font><br />
<?
}
To redirect to a new page, you could use a little javascript, like so:
if ($login_good) {
?>
<script language="JavaScript">
<!--
window.location.href="http://www.someurl.com/some_page.html";
-->
</script>
<?
} else {
?>
<font color=red>Username or Password incorrect</font><br />
<?
}
Hope this helps.
ASKER
how can i make
<font color=red>Username or Password incorrect</font><br />
appear under the logon feild so the page doesnt appear to chage...just these msg
<font color=red>Username or Password incorrect</font><br />
appear under the logon feild so the page doesnt appear to chage...just these msg
ASKER
and lastly I SWEAR...how can i make it keep a simple database or logins successful and not...and thier ips
if a user trys more that X amount of trys in X amount of time...blocked for X amount of time...
the database being a simple .db file
I can open another question ..if ya want
if a user trys more that X amount of trys in X amount of time...blocked for X amount of time...
the database being a simple .db file
I can open another question ..if ya want
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok last simple question...
1. how can i make the error msg appear on top of the logon boxes?
1. how can i make the error msg appear on top of the logon boxes?
move the:
if ($login_good) {
header("Location: https://www.experts-exchange.com/"); //set this URL to where you wish to redirect
exit;
} elseif (!$login_untested) {
echo "<font color=red>Username or Password incorrect</font><br />";
}
code to above the
if ($show_form) {
?>
<html>
<head><title>Login</title>
<body>
<form action="<? echo $PHP_SELF; ?>" method=post>
Enter User Name: <input name=user><br />
Enter Password: <input type=password name=pass>
<input type=submit>
</form>
<?php
}
code. I.e. move lines 46-51 inclusive to line 31.
if ($login_good) {
header("Location: https://www.experts-exchange.com/"); //set this URL to where you wish to redirect
exit;
} elseif (!$login_untested) {
echo "<font color=red>Username or Password incorrect</font><br />";
}
code to above the
if ($show_form) {
?>
<html>
<head><title>Login</title>
<body>
<form action="<? echo $PHP_SELF; ?>" method=post>
Enter User Name: <input name=user><br />
Enter Password: <input type=password name=pass>
<input type=submit>
</form>
<?php
}
code. I.e. move lines 46-51 inclusive to line 31.
Is there any reason you don't want to use a MySQL database? If you want to use the .htpasswd file, you need to parse a bunch of crap out ... its really much easier with a database;
Cheers!