Hi Harvey,
I found this function somewhere on the net some time ago when I was
having the same issue as you and it worked like a charm:
/**
* Authenticate a user against a password file generated by Apache's
httpasswd
* using PHP rather than Apache itself.
*
* @param string $user The submitted user name
* @param string $pass The submitted password
* @param string $pass_file='.htpasswd' The system path to the
htpasswd file
* @param string $crypt_type='DES' The crypt type used to create the
htpasswd file
* @return bool
*/
function http_authenticate($user,$pass,$pass_file='.htpasswd',
$crypt_type='DES'){
// the stuff below is just an example useage that restricts
// user names and passwords to only alpha-numeric characters.
if(!ctype_alnum($user)){
// invalid user name
return FALSE;
}
if(!ctype_alnum($pass)){
// invalid password
return FALSE;
}
// get the information from the htpasswd file
if(file_exists($pass_file) && is_readable($pass_file)){
// the password file exists, open it
if($fp=fopen($pass_file,'r')){
while($line=fgets($fp)){
// for each line in the file remove
line endings
$line=preg_replace('`[\r\n]$`','',$line);
list($fuser,$fpass)=explode(':',$line);
if($fuser==$user){
// the submitted user name
matches this line
// in the file
switch($crypt_type){
case 'DES':
// the salt is
the first 2
// characters
for DES encryption
$salt=substr($fpass,0,2);
// use the salt
to encode the
// submitted
password
$test_pw=crypt($pass,$salt);
break;
case 'PLAIN':
$test_pw=$pass;
break;
case 'SHA':
case 'MD5':
default:
// unsupported
crypt type
fclose($fp);
return FALSE;
}
if($test_pw == $fpass){
// authentication
success.
fclose($fp);
return TRUE;
}else{
return FALSE;
}
}
}
fclose($fp);
}else{
// could not open the password file
return FALSE;
}
}else{
return FALSE;
}
}On 28/11/2008, at 12:18 AM, Harvey Kane wrote: Julian Melville wrote: > For standard DES crypt the salt is stored in the first two chars of > the > crypted password. I guess those web tools aren't letting you specify > the > salt, but you can with PHP's crypt() function. > OK, that makes sense. Thanks. --~--~---------~--~----~------------~-------~--~----~ NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
