how can i make a simple php script that checks the .htpasswd file and then lets the user enter? 500points

I need to make a simple php script that checks the .htpasswd file and then lets the user enter?
from a page that has a space for username and password..
i will tell it the location of the .htpasswd file in the settings
LVL 2
CaiapfasAsked:
Who is Participating?
 
mishagaleConnect With a Mentor Commented:
*sigh* don't ask for much, do you? OK, here is the final, definitive edition of this script (ever heard the phrase 'scope creep'? I suspect you would make a fine technical manager :) )

I have cleaned it up a bit, so that it now uses an HTTP location header to redirect, rather than clumsy javascript, which is quicker and more reliable. I'm afraid I don't know anything about the use of .db files, but if you look, it's all in the PHP docs. You may just have to open another question (it would be only fair, since it is outside the original scope of this question). Change line 46 to your own URL, and feel free to insert your own pretty HTML formatting and verbiage.

<?php

$show_form = true;

if ($_POST['user']) {

  $given_user = $_POST['user'];
  $given_pass = $_POST['pass'];

  $htpasswd = '.htpasswd';
  $lines = file($htpasswd);

  $login_good = false;
  $login_untested = false; //This is the first visit to the page,
                           //no attempt has been made to login

  foreach ($lines as $line) {
    list($user, $pass) = preg_split("/\:/", $line);
    $pass = trim($pass);
    if ($given_user == $user) {
      if (crypt($given_pass, $pass) == $pass) {
        $login_good = true;
        $show_form = false;
        break;
      }
    }
  }
} else {
  $login_untested = true;
}

if ($show_form) {
  ?>
  <html>
  <head><title>Login</title></head>
  <body>
  <form action="<? echo $PHP_SELF; ?>" method=post>
  Enter User Name: <input name=user><br />
  Enter Password: <input type=password name=pass>
  <input type=submit>
  </form>

  <?php
}

if ($login_good) {
  header("Location: http://www.experts-exchange.com/"); //set this URL to where you wish to redirect
  exit;
} elseif (!$login_untested) {
  echo "<font color=red>Username or Password incorrect</font><br />";
}
?>
</body>
</html>
0
 
llcooljayceCommented:
Hi Caiapfas,

Is there any reason you don't want to use a MySQL database?  If you want to use the .htpasswd file, you need to parse a bunch of crap out ... its really much easier with a database;

Cheers!
0
 
mishagaleCommented:
I'm leaving out the form input handling code, which is trivial, and I assume you are able to whip up yourself, if not, we'll see what can be done. Assume that $given_user and $given_pass are the values supplied by the user.
I haven't tested the code, but in essence, this is what you are looking for.

<?php

$htpasswd = '~/.htpasswd';
$lines = file($htpasswd);

$login_good = false;

foreach ($lines as $line) {
  list($user, $pass) = preg_split(":", $line);
  if ($given_user == $user) {
    if (crypt($given_pass, $pass) == $pass) {
      $login_good = true;
      break;
    }
  }
}

if ($login_good) {
  echo "Username/password correct\n";
} else {
  echo "Invalid username/password\n";
}

0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

 
CaiapfasAuthor Commented:
mishagale ,


2 questions.


1. do i put the

$htpasswd = 'pathto/.htpasswd';  < there


2. yes, please can you help me make the simple page that passes the values
and this is basic auth.?

0
 
mishagaleCommented:
1. Yes, this is where you put the path.

2. Note that the code I have provided has nothing to do with basic authentication - if you are looking for basic authentication, which is part of the HTTP protocol, then it is far better to let Apache (or IIS, or whatever) handle it. What I have given you uses ordinary CGI parameter passing to check a password. For a fully self-contained script, try the following:

<!-- Code begins -->
<html>
<head><title>Login</title></head>
<body>
<?php

if ($_POST['user']) {

  $given_user = $_POST['user'];
  $given_pass = $_POST['pass'];

  $htpasswd = '~/.htpasswd';
  $lines = file($htpasswd);
 
  $login_good = false;
 
  foreach ($lines as $line) {
    list($user, $pass) = preg_split(":", $line);
    if ($given_user == $user) {
      if (crypt($given_pass, $pass) == $pass) {
        $login_good = true;
        break;
      }
    }
  }
 
  if ($login_good) {
    //You'll want to put something more useful here
    echo "Username/password correct\n";
  } else {
    echo "Invalid username/password\n";
  }
} else {
?>
<form action="<? echo $PHP_SELF; ?>" method=post>
Enter User Name: <input name=user><br />
Enter Password: <input name=pass>
<input type=submit>
</form>

<?php
}
?>
</body>
</html>
<!-- Code ends -->

I haven't tested this code, and obviously it's just a minimal implementation - you'll need to tweak it a bit to get it to do something useful. Also, you should certainly run this over https, as the password is otherwise transmitted in cleartext.
0
 
CaiapfasAuthor Commented:
i get



Warning: No ending delimiter ':' found in login.php on line 17

Warning: No ending delimiter ':' found in login.php on line 17

Warning: No ending delimiter ':' found in login.php on line 17
Invalid username/password

and the password and username is encrypted
basic..lpease advise
0
 
mishagaleCommented:
Apologies, like I said, I never tried running the script. Here is the debugged version:

<!-- Code begins -->
<html>
<head><title>Login</title></head>
<body>
<?php

if ($_POST['user']) {

  $given_user = $_POST['user'];
  $given_pass = $_POST['pass'];

  $htpasswd = '.htpasswd';
  $lines = file($htpasswd);

  $login_good = false;

  foreach ($lines as $line) {
    list($user, $pass) = preg_split("/\:/", $line);
    $pass = trim($pass);
    if ($given_user == $user) {
      if (crypt($given_pass, $pass) == $pass) {
        $login_good = true;
        break;
      }
    }
  }

  if ($login_good) {
    //You will want to put something more useful here
    echo "Username/password correct\n";
  } else {
    echo "Invalid username/password\n";
  }
} else {
?>
<form action="<? echo $PHP_SELF; ?>" method=post>
Enter User Name: <input name=user><br />
Enter Password: <input name=pass>
<input type=submit>
</form>

<?php
}
?>
</body>
</html>
<!-- Code ends -->
0
 
CaiapfasAuthor Commented:
ok last 2 things


How would I make it report an error
"Username or Password incorrect" in red under it..

and if they get it right then it redirects them to X page


after this many thanks
0
 
mishagaleCommented:
To change the message output for an invalid username/password, change line 32

echo "Invalid username/password\n";

to output whatever HTML code you want displayed, i.e.

echo "<font color=red>Username or Password incorrect</font><br />";

Note that since your output is already in double-quotes ("), if you use these as part of your HTML, you need to escape them, that is, type \" instead of "

If you prefer, instead of the echo statement, you can inline the HTML, by putting it in between ?> and <? tags, like so:

  if ($login_good) {
    ?>
    <font color=red>Username or Password correct</font><br />
    <?
  } else {
    ?>
    <font color=red>Username or Password incorrect</font><br />
    <?
  }

To redirect to a new page, you could use a little javascript, like so:

  if ($login_good) {
    ?>
    <script language="JavaScript">
      <!--
      window.location.href="http://www.someurl.com/some_page.html";
      -->
      </script>
    <?
  } else {
    ?>
    <font color=red>Username or Password incorrect</font><br />
    <?
  }

Hope this helps.
0
 
CaiapfasAuthor Commented:
how can i make

<font color=red>Username or Password incorrect</font><br />

appear under the logon feild so the page doesnt appear to chage...just these msg
0
 
CaiapfasAuthor Commented:
and lastly I SWEAR...how can i make it keep a simple database or logins successful and not...and thier ips
if a user trys more that X amount of trys in X amount of time...blocked for X amount of time...
the database being a simple .db file

I can open another question ..if ya want
0
 
CaiapfasAuthor Commented:
ok last simple question...

1. how can i make the error msg appear on top of the logon boxes?
0
 
mishagaleCommented:
move the:

if ($login_good) {
  header("Location: http://www.experts-exchange.com/"); //set this URL to where you wish to redirect
  exit;
} elseif (!$login_untested) {
  echo "<font color=red>Username or Password incorrect</font><br />";
}

code to above the

if ($show_form) {
  ?>
  <html>
  <head><title>Login</title></head>
  <body>
  <form action="<? echo $PHP_SELF; ?>" method=post>
  Enter User Name: <input name=user><br />
  Enter Password: <input type=password name=pass>
  <input type=submit>
  </form>

  <?php
}

code. I.e. move lines 46-51 inclusive to line 31.


0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.