Javier, On 7/5/05, Javier <xavierleyba@xxxxxxxxxxxx> wrote: > I ve a little script to validate a user using an Apache htpasswd file. I'm assuming you want to be able to use the hashes in the htpasswd file to validate your user logins in PHP. > I want to know how could/should I generate a crypted hash (with crypt or > md5) with the entered password to match the password in the htpasswd file.. > > I know how to use md5 or crypt functions but passing them entered password > as a parameter, returned result dont match with the one in htpasswd file. customized from the PHP documention usage of crypt() http://www.php.net/manual/en/function.crypt.php With CRYPT passwords, there is a salt that mixes with the actual password before it's hashed. To be able to create the same hash everytime, do the following... 1) You create your password and insert it into the htpasswd file htpasswd -b .htpasswd username password 2) In your .htpasswd file, you see a line like this: username:PQyFAAHPD3vKs 3) Your script gets the $username and $password from somewhere... 4) Search the .htpasswd file for the existence of $username and retrieve the crypt hash ($crypthash='PQyFAAHPD3vKs' in this example) 5) Verify the password: if (crypt($password, $crypthash) == $crypthash) { echo 'GOOD!'; } For MD5 passwords though, it's a little different and not documented as thoroughly... 1) First check your constant CRYPT_MD5... if you don't have it in your PHP, this won't work... if (CRYPT_MD5 == 1) { echo 'PHP supports MD5-crypt'; } 2) Assuming it works out, do steps #2,#3,#4 above, so you now have your $username, $password, $crypthash (for ex: $crypthash='$apr1$jZ1.....$1Md.1a88zkKIPCY0b42Cw/') 3) Extract crypt salt from the $crypthash .... $cryptsalt = '$'.substr($crypthash,4,11); 4) Verify the password: if (crypt($password, $cryptsalt) == $crypthash) { echo 'GOOD!'; } In step #4 you'll have to see the output from your crypt() function that supports MD5. I don't have my built with it just yet and can't verify this, but use the steps as a guide to building your implementation. Post some code if you're still having trouble, /sylikc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
