Re: Reading from the htpasswd file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hey!

(Forgive me for top posting but in this case I think it makes more sense)

Thanks for the tips, you've given me some excellent starting points so will start experimenting from there and come back when I start running into problems (which I am sure I will as I still dont know RegEx so preg_* statements leave me pretty much clueless... I know, I should learn)

If you (or anybody) wants to chip in any additional advise snippets, please go ahead.

Cheers!
R

Richard Lynch <ceo@xxxxxxxxx> wrote: On Fri, February 2, 2007 8:17 am, Ryan A wrote:
> I have a pal who uses a htpasswd file for access to his site..
>
> rather than using basic_auth he wants to change it to form based
> _without_ a DB (ie user comes to his site and enters the username and
> password into a form, then submits it to the php script, the php
> script reads the htpasswd file and accordingly grants access or denies
> access if the login does not match)
>
> Am not so sure about this but before i can make an arguement against
> this, I should know something myself so my questions to you more
> knowledgeable guys are:
> 1. Is it such a good idea switching?

If he thinks the Basic Auth popup is "icky" then go ahead and get rid
of it.  No biggie.

There's no great advantage to Basic Auth, and, actually, having the
authentication done in PHP can be beneficial if you want to start
doing some custom logging and user profile modeling of logins.

It's certainly possible to get access to that, or to integrate that
after the HTTP Basic Auth has been done, but it can be "cleaner" code
to have it all as one conceptual mess in PHP, instead of a mess in
HTTP Auth Apache and another in PHP.

> 2.Wont the basic_auth pop up anyway even after entering these values
> into the form?

Not unless you send the headers out, either with PHP, or with
.htaccess (or httpd.conf) settings to do HTTP Basic Authentication

> 3. If having a hundreds (or even thousands) of user:pass combinations
> in the htpasswd file.... wont it make logging in longer and more
> processor intensive to search all of the combinations till you find
> (or not find) the login?

Not really.
$file = file_get_contents('/full/path/to/htpasswd');
preg_match_all('/(.*):(.*)$/msU', $file, $htpassd);
//play games with array_flip or array_slice here to get
//an associative array of $users['username'] = 'password';
//Your login check is then a simple array reference

> Did some small code experiments before coming here asking for
> advise...
> can send you the code I have written if need be...but what i have
> found out is with small amounts of data i see no difference in speed
> of loggin in using the htpasswd file as the "login database"..

Whether reading the file or the DB is faster depends totally and your
hardware and network topology between web server and db server, or
lack thereof.

Nothing anybody else can say on this matter has any real meaning.

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




------
- The faulty interface lies between the chair and the keyboard.
- Creativity is great, but plagiarism is faster!
- Smile, everyone loves a moron. :-)
 
---------------------------------
Any questions?  Get answers on any topic at Yahoo! Answers. Try it now.

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux