RE: [PHP] .htpasswd login
Your looking for this: $_SERVER['PHP_AUTH_USER'] When running under Apache as module doing HTTP authentication this variable is set to the username provided by the user. See Reserved Variables: http://www.php.net/reserved.variables Jami Moore LightSPARK Digital Designs http://www.lightsparkdigital.com/ -Original Message- From: Daniel Baughman [mailto:[EMAIL PROTECTED] Sent: Friday, May 28, 2004 12:56 AM To: [EMAIL PROTECTED] Subject: [PHP] .htpasswd login I have some sites that I would like to view the user name that someone provided to the basic authentication mechanism in apache. Does php/apache provide a means for this? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] .htpasswd and PayPal generated passwords
Check out : Authenticating against .htpasswd style files. http://www.weberdev.com/index.php3?GoTo=get_example.php3?count=109 Sincerely berber Visit http://www.weberdev.com/ Today!!! To see where PHP might take you tomorrow. -Original Message- From: Rob Packer [mailto:[EMAIL PROTECTED] Sent: Saturday, February 15, 2003 6:06 PM To: [EMAIL PROTECTED] Subject: [PHP] .htpasswd and PayPal generated passwords I use PayPal to generate a username and password and then write them to the .htpasswd file. If I were to switch to using a database (because .htaccess seems to always prompt twice!) how would I perform the comparison for the passwords? It would seem that everytime you generate an encrypted password it's different. So how would you compare them? Also, does anyone know what the encryption method used by PayPal is? Thanks for any help... Robert Packer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htpasswd
Don't run the htpasswd program at all, just write the .htpasswd file with PHP. The format is very simple, it's just username:crypted_password So, you can just write those lines to the file, using the crypt function to create the crypted password. Of course the same file permission issues exist that Evan pointed out (unless you're not in a shred environment, or are running PHP as cgi with Apache SuExe.), but those issues are for anything you do in PHP. HTH, Peter Janett New Media One Web Services New Upgrades Are Now Live!!! Windows 2000 accounts - Cold Fusion 5.0 and Imail 7.1 Sun Solaris (UNIX) accounts - PHP 4.1.2, mod_perl/1.25, Stronghold/3.0 (Apache/1.3.22), MySQL 3.23.43 PostgreSQL coming soon! http://www.newmediaone.net [EMAIL PROTECTED] (303)828-9882 - Original Message - From: Evan Nemerson [EMAIL PROTECTED] To: Kris [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, January 23, 2003 12:37 AM Subject: Re: [PHP] htpasswd Don't chmod .htpasswd- _huge_ security risk... Will your server allow you to have suid scripts??? If so, you can just write a little wrapper and make it suid. If you do that, I'd also reccomend using an extension other than PHP, and/or placing it outside your web root. Wouldn't want people adding themselves... I'd reccomend not using .htaccess at all, and just whip up a system using a real database, wth the real work done in PHP. htaccess just isn't designed to be dynamic. On Wednesday 22 January 2003 06:56 pm, Kris wrote: Hi I've built a secure site. After the user has chosen a valid username and password I want my script to run htpasswd on the .htpasswd file in the directory. The script can run htpasswd as it doesn't have permission. What is the safest way to do this? Should I chmod htpasswd or is there a better option for this whole thing?? Thanks Kris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htpasswd
Don't chmod .htpasswd- _huge_ security risk... Will your server allow you to have suid scripts??? If so, you can just write a little wrapper and make it suid. If you do that, I'd also reccomend using an extension other than PHP, and/or placing it outside your web root. Wouldn't want people adding themselves... I'd reccomend not using .htaccess at all, and just whip up a system using a real database, wth the real work done in PHP. htaccess just isn't designed to be dynamic. On Wednesday 22 January 2003 06:56 pm, Kris wrote: Hi I've built a secure site. After the user has chosen a valid username and password I want my script to run htpasswd on the .htpasswd file in the directory. The script can run htpasswd as it doesn't have permission. What is the safest way to do this? Should I chmod htpasswd or is there a better option for this whole thing?? Thanks Kris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] .htpasswd
%htpasswd --help Usage: htpasswd [-cmdps] passwordfile username htpasswd -b[cmdps] passwordfile username password htpasswd -n[mdps] username htpasswd -nb[mdps] username password -c Create a new file. -n Don't update file; display results on stdout. -m Force MD5 encryption of the password. -d Force CRYPT encryption of the password (default). -p Do not encrypt the password (plaintext). -s Force SHA encryption of the password. -b Use the password from the command line rather than promp On Windows, TPF and NetWare systems the '-m' flag is used by default. On all other systems, the '-p' flag will probably not work. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] htpasswd
go to http://www.php.net/manual/en/ref.filesystem.php and read up on things like fopen, fclose, etc. This will explain how to write to any kind of file including htpasswd files if necessary. Good Luck Derek - Original Message - From: Gary [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 25, 2001 3:59 PM Subject: [PHP] htpasswd Can php write to a htpasswd file? If it can will someone point me in the right direction. TIA Gary -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] ** This e-mail (and any attachment) is intended only for the attention of the addressee(s). Its unauthorised use, disclosure, storage or copying is not permitted. If you are not the intended recipient, please destroy all copies and inform the sender by return e-mail. This e-mail (whether you are the sender or the recipient) may be monitored, recorded and retained by Business Information Publications Limited (BiP). E-mail monitoring/ blocking software may be used, and e-mail content may be read at any time.You have a responsibility to ensure laws are not broken when composing or forwarding e-mails and their contents. ** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] .htpasswd encryption
Brandon Orther wrote: Hello, I am trying to make a script that creates .htpasswd files. Does anyone know what encryption is used? Thanks Brandon It can be crypt() or MD5 or SHA, you could call htpasswd. See man htpasswd under *nix. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] .htpasswd encryption
At 04:39 PM 4/9/2001, Brandon Orther wrote: i believe that the scheme is md5 ~kurth Hello, I am trying to make a script that creates .htpasswd files. Does anyone know what encryption is used? Thanks Brandon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] .htpasswd encryption
It can really depend on your system. On mine, for instance, it uses regular crypt() with a 2 character salt So, you can generate a random 2 character string to pass as the salt argument in php, and create it that way. IF that is the method used by your system Wanna test it? Peek inside etc/passwd and copy out the encrypted string that represents your password. Take the first two characters of that string and use that as the salt on your test page. (say for instance the salt is xT) In your test page, use the following code ? Echo crypt("your unencrypted password"."xT"); ? That's all you need. Call it from your browser. Is the encrypted value the same as in etc/passwd? If so, then crypt is what you use for .htpasswd file You can also check against an existing .htpqsswd entry, if you exist in an .htpasswd file on your system. On 4/9/01 1:39 PM, "Kurth Bemis" [EMAIL PROTECTED] wrote: At 04:39 PM 4/9/2001, Brandon Orther wrote: i believe that the scheme is md5 ~kurth Hello, I am trying to make a script that creates .htpasswd files. Does anyone know what encryption is used? Thanks Brandon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] .htpasswd?
Yes, you can, just write a script to call "htpasswd -b yourUserFile userID passwd". :) David From: James Smith [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: [PHP] .htpasswd? Date: Wed, 31 Jan 2001 13:21:35 -0800 (PST) Is there a way that when a user signs up for a user/pass on a site, to automatically update the .htpasswd on the site? Right now I'm running a Win2k Pro, with Apache installed and MySQL/PHP. Thanks, James __ Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]