Solved

how can i make a simple php script that checks the .htpasswd file and then lets the user enter? 500points

Posted on 2004-09-10
13
299 Views
Last Modified: 2010-04-17
I need to make a simple php script that checks the .htpasswd file and then lets the user enter?
from a page that has a space for username and password..
i will tell it the location of the .htpasswd file in the settings
0
Comment
Question by:Caiapfas
  • 6
  • 6
13 Comments
 
LVL 4

Expert Comment

by:llcooljayce
ID: 12031054
Hi Caiapfas,

Is there any reason you don't want to use a MySQL database?  If you want to use the .htpasswd file, you need to parse a bunch of crap out ... its really much easier with a database;

Cheers!
0
 
LVL 2

Expert Comment

by:mishagale
ID: 12034926
I'm leaving out the form input handling code, which is trivial, and I assume you are able to whip up yourself, if not, we'll see what can be done. Assume that $given_user and $given_pass are the values supplied by the user.
I haven't tested the code, but in essence, this is what you are looking for.

<?php

$htpasswd = '~/.htpasswd';
$lines = file($htpasswd);

$login_good = false;

foreach ($lines as $line) {
  list($user, $pass) = preg_split(":", $line);
  if ($given_user == $user) {
    if (crypt($given_pass, $pass) == $pass) {
      $login_good = true;
      break;
    }
  }
}

if ($login_good) {
  echo "Username/password correct\n";
} else {
  echo "Invalid username/password\n";
}

0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12046572
mishagale ,


2 questions.


1. do i put the

$htpasswd = 'pathto/.htpasswd';  < there


2. yes, please can you help me make the simple page that passes the values
and this is basic auth.?

0
 
LVL 2

Expert Comment

by:mishagale
ID: 12046999
1. Yes, this is where you put the path.

2. Note that the code I have provided has nothing to do with basic authentication - if you are looking for basic authentication, which is part of the HTTP protocol, then it is far better to let Apache (or IIS, or whatever) handle it. What I have given you uses ordinary CGI parameter passing to check a password. For a fully self-contained script, try the following:

<!-- Code begins -->
<html>
<head><title>Login</title></head>
<body>
<?php

if ($_POST['user']) {

  $given_user = $_POST['user'];
  $given_pass = $_POST['pass'];

  $htpasswd = '~/.htpasswd';
  $lines = file($htpasswd);
 
  $login_good = false;
 
  foreach ($lines as $line) {
    list($user, $pass) = preg_split(":", $line);
    if ($given_user == $user) {
      if (crypt($given_pass, $pass) == $pass) {
        $login_good = true;
        break;
      }
    }
  }
 
  if ($login_good) {
    //You'll want to put something more useful here
    echo "Username/password correct\n";
  } else {
    echo "Invalid username/password\n";
  }
} else {
?>
<form action="<? echo $PHP_SELF; ?>" method=post>
Enter User Name: <input name=user><br />
Enter Password: <input name=pass>
<input type=submit>
</form>

<?php
}
?>
</body>
</html>
<!-- Code ends -->

I haven't tested this code, and obviously it's just a minimal implementation - you'll need to tweak it a bit to get it to do something useful. Also, you should certainly run this over https, as the password is otherwise transmitted in cleartext.
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12068121
i get



Warning: No ending delimiter ':' found in login.php on line 17

Warning: No ending delimiter ':' found in login.php on line 17

Warning: No ending delimiter ':' found in login.php on line 17
Invalid username/password

and the password and username is encrypted
basic..lpease advise
0
 
LVL 2

Expert Comment

by:mishagale
ID: 12069541
Apologies, like I said, I never tried running the script. Here is the debugged version:

<!-- Code begins -->
<html>
<head><title>Login</title></head>
<body>
<?php

if ($_POST['user']) {

  $given_user = $_POST['user'];
  $given_pass = $_POST['pass'];

  $htpasswd = '.htpasswd';
  $lines = file($htpasswd);

  $login_good = false;

  foreach ($lines as $line) {
    list($user, $pass) = preg_split("/\:/", $line);
    $pass = trim($pass);
    if ($given_user == $user) {
      if (crypt($given_pass, $pass) == $pass) {
        $login_good = true;
        break;
      }
    }
  }

  if ($login_good) {
    //You will want to put something more useful here
    echo "Username/password correct\n";
  } else {
    echo "Invalid username/password\n";
  }
} else {
?>
<form action="<? echo $PHP_SELF; ?>" method=post>
Enter User Name: <input name=user><br />
Enter Password: <input name=pass>
<input type=submit>
</form>

<?php
}
?>
</body>
</html>
<!-- Code ends -->
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 2

Author Comment

by:Caiapfas
ID: 12069980
ok last 2 things


How would I make it report an error
"Username or Password incorrect" in red under it..

and if they get it right then it redirects them to X page


after this many thanks
0
 
LVL 2

Expert Comment

by:mishagale
ID: 12070154
To change the message output for an invalid username/password, change line 32

echo "Invalid username/password\n";

to output whatever HTML code you want displayed, i.e.

echo "<font color=red>Username or Password incorrect</font><br />";

Note that since your output is already in double-quotes ("), if you use these as part of your HTML, you need to escape them, that is, type \" instead of "

If you prefer, instead of the echo statement, you can inline the HTML, by putting it in between ?> and <? tags, like so:

  if ($login_good) {
    ?>
    <font color=red>Username or Password correct</font><br />
    <?
  } else {
    ?>
    <font color=red>Username or Password incorrect</font><br />
    <?
  }

To redirect to a new page, you could use a little javascript, like so:

  if ($login_good) {
    ?>
    <script language="JavaScript">
      <!--
      window.location.href="http://www.someurl.com/some_page.html";
      -->
      </script>
    <?
  } else {
    ?>
    <font color=red>Username or Password incorrect</font><br />
    <?
  }

Hope this helps.
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12088648
how can i make

<font color=red>Username or Password incorrect</font><br />

appear under the logon feild so the page doesnt appear to chage...just these msg
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12088709
and lastly I SWEAR...how can i make it keep a simple database or logins successful and not...and thier ips
if a user trys more that X amount of trys in X amount of time...blocked for X amount of time...
the database being a simple .db file

I can open another question ..if ya want
0
 
LVL 2

Accepted Solution

by:
mishagale earned 500 total points
ID: 12089900
*sigh* don't ask for much, do you? OK, here is the final, definitive edition of this script (ever heard the phrase 'scope creep'? I suspect you would make a fine technical manager :) )

I have cleaned it up a bit, so that it now uses an HTTP location header to redirect, rather than clumsy javascript, which is quicker and more reliable. I'm afraid I don't know anything about the use of .db files, but if you look, it's all in the PHP docs. You may just have to open another question (it would be only fair, since it is outside the original scope of this question). Change line 46 to your own URL, and feel free to insert your own pretty HTML formatting and verbiage.

<?php

$show_form = true;

if ($_POST['user']) {

  $given_user = $_POST['user'];
  $given_pass = $_POST['pass'];

  $htpasswd = '.htpasswd';
  $lines = file($htpasswd);

  $login_good = false;
  $login_untested = false; //This is the first visit to the page,
                           //no attempt has been made to login

  foreach ($lines as $line) {
    list($user, $pass) = preg_split("/\:/", $line);
    $pass = trim($pass);
    if ($given_user == $user) {
      if (crypt($given_pass, $pass) == $pass) {
        $login_good = true;
        $show_form = false;
        break;
      }
    }
  }
} else {
  $login_untested = true;
}

if ($show_form) {
  ?>
  <html>
  <head><title>Login</title></head>
  <body>
  <form action="<? echo $PHP_SELF; ?>" method=post>
  Enter User Name: <input name=user><br />
  Enter Password: <input type=password name=pass>
  <input type=submit>
  </form>

  <?php
}

if ($login_good) {
  header("Location: http://www.experts-exchange.com/"); //set this URL to where you wish to redirect
  exit;
} elseif (!$login_untested) {
  echo "<font color=red>Username or Password incorrect</font><br />";
}
?>
</body>
</html>
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12103441
ok last simple question...

1. how can i make the error msg appear on top of the logon boxes?
0
 
LVL 2

Expert Comment

by:mishagale
ID: 12103537
move the:

if ($login_good) {
  header("Location: http://www.experts-exchange.com/"); //set this URL to where you wish to redirect
  exit;
} elseif (!$login_untested) {
  echo "<font color=red>Username or Password incorrect</font><br />";
}

code to above the

if ($show_form) {
  ?>
  <html>
  <head><title>Login</title></head>
  <body>
  <form action="<? echo $PHP_SELF; ?>" method=post>
  Enter User Name: <input name=user><br />
  Enter Password: <input type=password name=pass>
  <input type=submit>
  </form>

  <?php
}

code. I.e. move lines 46-51 inclusive to line 31.


0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

A short article about problems I had with the new location API and permissions in Marshmallow
Whether you’re a college noob or a soon-to-be pro, these tips are sure to help you in your journey to becoming a programming ninja and stand out from the crowd.
An introduction to basic programming syntax in Java by creating a simple program. Viewers can follow the tutorial as they create their first class in Java. Definitions and explanations about each element are given to help prepare viewers for future …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now