Hi All, Can someone shed some light on how .htpasswd authentication actually works?
If I enter username 'foo' and pass 'bar', I seem to get different results depending on which web tool I use... eg http://www.htaccesstools.com/htpasswd-generator/ foo:YmdhCq7DnGdig http://home.flash.net/cgi-bin/pw.pl foo:XIa3Vih23RDUE My data source: foo:tluwgk1W.MflY More importantly, I'm trying to authenticate in PHP against a .htpasswd format user:password pair generated by a 3rd party, and I'm struggling. Am I right in assuming that these password generators are salting the password using a different salt? If so, how am I supposed to authenticate without knowing the salt? How does your apache server do it? I'm encrypting the clear text password using this function... function htpasswd($pass){ return crypt(trim($pass),base64_encode(CRYPT_STD_DES)); } But on my server, this function returns 'MQ9SD0UBYJ1Jg' when 'bar' is the pass. Any ideas how I might test against the encrypted password without knowing the salt? Any help appreciated. Thanks, Harvey. -- Harvey Kane Phone. +649 950 4133 Mobile. +6421 811 951 Email. [EMAIL PROTECTED] --~--~---------~--~----~------------~-------~--~----~ NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
