Password created using htpasswd but cannot authenticate using php

Hi,

Password was created using:
htpasswd -nb 111-111-111 testtest
got response
111-111-111:edgwvdl4yy1DM
and place response into passwordlst file in the same folder as auth.php, but I cannot authenticate using username 111-111-111 and password testtest and below auth.php

Any help would be greatly appreciated

Best,
RockBob

<?
function check_pass($login, $password, $mode) {
global $password_file;
if(!$fh = fopen($password_file, "r")) { die("<P>Could Not Open Password File"); }
$match = 0;
while(!feof($fh)) {
$line = fgets($fh, 4096);
$from_file = explode(":", $line);
if($from_file[0] == $login) {
if($mode == "crypt"){
$salt = substr($from_file[1],0,2);
$user_pass = crypt($password,$salt);
} elseif ($mode == "md5") {
$user_pass = md5($password);
}
if(rtrim($from_file[1]) == $user_pass) {
$match = 1;
break;
}
     }
   }
   if($match) {
     return 1;
   } else {
     return 0;
   }
   fclose($fh);
  }
  function authenticate() {
    Header("WWW-Authenticate: Basic realm=\"RESTRICTED ACCESS\"");
    Header("HTTP/1.0 401 Unauthorized");
    echo ("<h1>INVALID USERNAME OR PASSWORD. ACCESS DENIED<h1>");
    exit;
  }
  /*** MAIN ***/
  //select md5 or crypt for $mode. md5 is for md5 encoded passwords, crypt is for passwords encoded using apache's httpasswd
  $mode = "crypt";
  $password_file = "passwordlst";
  if (!isset($PHP_AUTH_USER)) {
    authenticate();
  } else {
    if(check_pass($PHP_AUTH_USER, $PHP_AUTH_PW, $mode)) {
      ?>
      <h1>ACCEPTED</h1>
      <?
    } else {
    authenticate();
    }
  }
  ?>


 
RockBobAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

EnclavetCommented:
Hi you need to change your $PHP_AUTH_USER, $PHP_AUTH_PW to $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']

This works:

 function authenticate() {
    Header("WWW-Authenticate: Basic realm=\"RESTRICTED ACCESS\"");
    Header("HTTP/1.0 401 Unauthorized");
    echo ("<h1>INVALID USERNAME OR PASSWORD. ACCESS DENIED<h1>");
    exit;
  }

  /*** MAIN ***/
  //select md5 or crypt for $mode. md5 is for md5 encoded passwords, crypt is for passwords encoded using apache's httpasswd
  $mode = "crypt";
  if (!isset($_SERVER['PHP_AUTH_USER'])) {
    authenticate();
  } else {
    if(check_pass($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'], $mode)) {
      ?>
      <h1>ACCEPTED</h1>
      <?
    } else {
    authenticate();
    }
  }
0
RockBobAuthor Commented:
Thanks Enclavet, just test that but still not working, seems something related to using - i.e.
passwords generated for usernames with - arent correct
so this doesn't works:
htpasswd -nb passwordlst 111-111-111 testest
but this works
htpasswd -nb 111111111 testtest

- doesn't seems to bother apache during authentication but php just doesn't want to authenticate it

Any insight, how to approach this, I have hundrends of passwords created with - in usernames

REgards,
RockBob
0
EnclavetCommented:
Have you tried setting the passwordlst file to .htpasswd?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RockBobAuthor Commented:
Same thing, something with - and how php is processing them
Not sure how apache php module is doing authentication i.e. processing usernames with – correctly and above php code is failing.
There should be no difference
0
RockBobAuthor Commented:
found the issue :) I had this peace of code in auth.php
if(!ctype_alnum($user)){
// invalid user name
return FALSE;

anyway thanks Enclavet for $_SERVER['PHP_AUTH_USER'] that was really helpfull, I'm assigning points to you
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.