Ryan A wrote:
> Hey, I have a old htpasswd file with a lot of logins in this format:
>
> test:dGRkPurkuWmW2 (test:test) test1:dGlAW3zdxeAG2 (test1:test1)
>
> now I have a login form what takes a POST "user" and a POST "pw"...
> but if you look at my above first example login.. the username and
> pass are "test:test" but it gets encoded into "test:dGRkPurkuWmW2" so
> how do I try to match the data I get from the POST "pw" field when
> that will come in as normal text?
Hi, Ryan. I did some research on this. As I recollected, the .htpasswd
entries are saved using the hashing performed by PHP's crypt() function.
The function requires a salt, which appears to be the string 'dG' in
the .htpasswd data you provided.
Here's some example code to use this.
<?php
// represents the data saved in your .htpasswd file
$htpasswordData = array('test' => 'dGRkPurkuWmW2', 'test1' =>
'dGlAW3zdxeAG2');
// represents logins as they would be supplied by users
$logins = array(array('name' => 'test', 'password' => 'test'),
array('name' => 'test1', 'password' => 'test1'));
foreach ($logins as $login) {
if (isset($htpasswordData[$login['name']])) {
$salt = substr($htpasswordData[$login['name']], 0, 2);
$suppliedPasswordHash = crypt($login['password'], $salt);
if ($suppliedPasswordHash == $htpasswordData[$login['name']]) {
echo "<p>User {$login['name']} logged in.</p>";
} else {
echo "<p>Wrong password. Access denied.</p>";
}
} else {
echo "<p>No such user.</p>";
}
}
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
