I am trying to understand the use of MD5 as passwords for Apache, previously I have always used CRYPT:ed passwords in my .htpasswd file. Because Apache on Windows does not allow CRYPT:ed passwords (see earlier thread) I am investigating the MD5 possibility. The problem I have is that I need to let my code generate the hashes written to the .htpasswd file in such a way that Apache will be OK with them. When reading the PHP documentation I find that the output of the md5() function is a 32 byte hex string. But the hash generated by the Apache htpasswd command on Windows produces hashes like this: $apr1$44sXxXbW$ZUtMUVZGDp1wSR6dEFguq0 As you can see this is clearly NOT a hex string at all!!! So is it possible with PHP to generate the .htpasswd file in a format that comlies with what Apache needs? And can PHP check if a password hash matches the user supplied password after it has been hashed using MD5? -- Bo Berglund Developer in Sweden --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|