Solved

how can i make a simple php script that checks the .htpasswd file and then lets the user enter? 500points

Posted on 2004-09-10
13
324 Views
Last Modified: 2010-04-17
I need to make a simple php script that checks the .htpasswd file and then lets the user enter?
from a page that has a space for username and password..
i will tell it the location of the .htpasswd file in the settings
0
Comment
Question by:Caiapfas
  • 6
  • 6
13 Comments
 
LVL 4

Expert Comment

by:llcooljayce
ID: 12031054
Hi Caiapfas,

Is there any reason you don't want to use a MySQL database?  If you want to use the .htpasswd file, you need to parse a bunch of crap out ... its really much easier with a database;

Cheers!
0
 
LVL 2

Expert Comment

by:mishagale
ID: 12034926
I'm leaving out the form input handling code, which is trivial, and I assume you are able to whip up yourself, if not, we'll see what can be done. Assume that $given_user and $given_pass are the values supplied by the user.
I haven't tested the code, but in essence, this is what you are looking for.

<?php

$htpasswd = '~/.htpasswd';
$lines = file($htpasswd);

$login_good = false;

foreach ($lines as $line) {
  list($user, $pass) = preg_split(":", $line);
  if ($given_user == $user) {
    if (crypt($given_pass, $pass) == $pass) {
      $login_good = true;
      break;
    }
  }
}

if ($login_good) {
  echo "Username/password correct\n";
} else {
  echo "Invalid username/password\n";
}

0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12046572
mishagale ,


2 questions.


1. do i put the

$htpasswd = 'pathto/.htpasswd';  < there


2. yes, please can you help me make the simple page that passes the values
and this is basic auth.?

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:mishagale
ID: 12046999
1. Yes, this is where you put the path.

2. Note that the code I have provided has nothing to do with basic authentication - if you are looking for basic authentication, which is part of the HTTP protocol, then it is far better to let Apache (or IIS, or whatever) handle it. What I have given you uses ordinary CGI parameter passing to check a password. For a fully self-contained script, try the following:

<!-- Code begins -->
<html>
<head><title>Login</title></head>
<body>
<?php

if ($_POST['user']) {

  $given_user = $_POST['user'];
  $given_pass = $_POST['pass'];

  $htpasswd = '~/.htpasswd';
  $lines = file($htpasswd);
 
  $login_good = false;
 
  foreach ($lines as $line) {
    list($user, $pass) = preg_split(":", $line);
    if ($given_user == $user) {
      if (crypt($given_pass, $pass) == $pass) {
        $login_good = true;
        break;
      }
    }
  }
 
  if ($login_good) {
    //You'll want to put something more useful here
    echo "Username/password correct\n";
  } else {
    echo "Invalid username/password\n";
  }
} else {
?>
<form action="<? echo $PHP_SELF; ?>" method=post>
Enter User Name: <input name=user><br />
Enter Password: <input name=pass>
<input type=submit>
</form>

<?php
}
?>
</body>
</html>
<!-- Code ends -->

I haven't tested this code, and obviously it's just a minimal implementation - you'll need to tweak it a bit to get it to do something useful. Also, you should certainly run this over https, as the password is otherwise transmitted in cleartext.
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12068121
i get



Warning: No ending delimiter ':' found in login.php on line 17

Warning: No ending delimiter ':' found in login.php on line 17

Warning: No ending delimiter ':' found in login.php on line 17
Invalid username/password

and the password and username is encrypted
basic..lpease advise
0
 
LVL 2

Expert Comment

by:mishagale
ID: 12069541
Apologies, like I said, I never tried running the script. Here is the debugged version:

<!-- Code begins -->
<html>
<head><title>Login</title></head>
<body>
<?php

if ($_POST['user']) {

  $given_user = $_POST['user'];
  $given_pass = $_POST['pass'];

  $htpasswd = '.htpasswd';
  $lines = file($htpasswd);

  $login_good = false;

  foreach ($lines as $line) {
    list($user, $pass) = preg_split("/\:/", $line);
    $pass = trim($pass);
    if ($given_user == $user) {
      if (crypt($given_pass, $pass) == $pass) {
        $login_good = true;
        break;
      }
    }
  }

  if ($login_good) {
    //You will want to put something more useful here
    echo "Username/password correct\n";
  } else {
    echo "Invalid username/password\n";
  }
} else {
?>
<form action="<? echo $PHP_SELF; ?>" method=post>
Enter User Name: <input name=user><br />
Enter Password: <input name=pass>
<input type=submit>
</form>

<?php
}
?>
</body>
</html>
<!-- Code ends -->
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12069980
ok last 2 things


How would I make it report an error
"Username or Password incorrect" in red under it..

and if they get it right then it redirects them to X page


after this many thanks
0
 
LVL 2

Expert Comment

by:mishagale
ID: 12070154
To change the message output for an invalid username/password, change line 32

echo "Invalid username/password\n";

to output whatever HTML code you want displayed, i.e.

echo "<font color=red>Username or Password incorrect</font><br />";

Note that since your output is already in double-quotes ("), if you use these as part of your HTML, you need to escape them, that is, type \" instead of "

If you prefer, instead of the echo statement, you can inline the HTML, by putting it in between ?> and <? tags, like so:

  if ($login_good) {
    ?>
    <font color=red>Username or Password correct</font><br />
    <?
  } else {
    ?>
    <font color=red>Username or Password incorrect</font><br />
    <?
  }

To redirect to a new page, you could use a little javascript, like so:

  if ($login_good) {
    ?>
    <script language="JavaScript">
      <!--
      window.location.href="http://www.someurl.com/some_page.html";
      -->
      </script>
    <?
  } else {
    ?>
    <font color=red>Username or Password incorrect</font><br />
    <?
  }

Hope this helps.
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12088648
how can i make

<font color=red>Username or Password incorrect</font><br />

appear under the logon feild so the page doesnt appear to chage...just these msg
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12088709
and lastly I SWEAR...how can i make it keep a simple database or logins successful and not...and thier ips
if a user trys more that X amount of trys in X amount of time...blocked for X amount of time...
the database being a simple .db file

I can open another question ..if ya want
0
 
LVL 2

Accepted Solution

by:
mishagale earned 500 total points
ID: 12089900
*sigh* don't ask for much, do you? OK, here is the final, definitive edition of this script (ever heard the phrase 'scope creep'? I suspect you would make a fine technical manager :) )

I have cleaned it up a bit, so that it now uses an HTTP location header to redirect, rather than clumsy javascript, which is quicker and more reliable. I'm afraid I don't know anything about the use of .db files, but if you look, it's all in the PHP docs. You may just have to open another question (it would be only fair, since it is outside the original scope of this question). Change line 46 to your own URL, and feel free to insert your own pretty HTML formatting and verbiage.

<?php

$show_form = true;

if ($_POST['user']) {

  $given_user = $_POST['user'];
  $given_pass = $_POST['pass'];

  $htpasswd = '.htpasswd';
  $lines = file($htpasswd);

  $login_good = false;
  $login_untested = false; //This is the first visit to the page,
                           //no attempt has been made to login

  foreach ($lines as $line) {
    list($user, $pass) = preg_split("/\:/", $line);
    $pass = trim($pass);
    if ($given_user == $user) {
      if (crypt($given_pass, $pass) == $pass) {
        $login_good = true;
        $show_form = false;
        break;
      }
    }
  }
} else {
  $login_untested = true;
}

if ($show_form) {
  ?>
  <html>
  <head><title>Login</title></head>
  <body>
  <form action="<? echo $PHP_SELF; ?>" method=post>
  Enter User Name: <input name=user><br />
  Enter Password: <input type=password name=pass>
  <input type=submit>
  </form>

  <?php
}

if ($login_good) {
  header("Location: http://www.experts-exchange.com/"); //set this URL to where you wish to redirect
  exit;
} elseif (!$login_untested) {
  echo "<font color=red>Username or Password incorrect</font><br />";
}
?>
</body>
</html>
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12103441
ok last simple question...

1. how can i make the error msg appear on top of the logon boxes?
0
 
LVL 2

Expert Comment

by:mishagale
ID: 12103537
move the:

if ($login_good) {
  header("Location: http://www.experts-exchange.com/"); //set this URL to where you wish to redirect
  exit;
} elseif (!$login_untested) {
  echo "<font color=red>Username or Password incorrect</font><br />";
}

code to above the

if ($show_form) {
  ?>
  <html>
  <head><title>Login</title></head>
  <body>
  <form action="<? echo $PHP_SELF; ?>" method=post>
  Enter User Name: <input name=user><br />
  Enter Password: <input type=password name=pass>
  <input type=submit>
  </form>

  <?php
}

code. I.e. move lines 46-51 inclusive to line 31.


0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Delphi: barcode reading on android platform 1 76
maven disable workspace resolution 1 42
BATCH to EXE Converter 2 71
BatchFile-Disk Detection 23 31
This article will show, step by step, how to integrate R code into a R Sweave document
A short article about problems I had with the new location API and permissions in Marshmallow

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question