[quote http://www.edevcafe.com/viewdoc.php?eid=97]
If you wanted to write a CGI script to help you add/delete users from the .htpasswd file, then you need to know something about the format of this file. Each line of the .htpasswd file contains one username/password combination that looks something like this:
Username:w8G2g305KxNd2
Note that the first 2 characters of the encrypted password represent the SALT used by the 2-char DES encryption algorithm that produced the encrypted string you see above. The command ?crypt(?password?, ?w8?)? in PHP4 will produce ?w8G2g305KxNd2?. Since DES encryption is a one-way encryption algorithm, this provides us with a way to encrypt the suspect password so it can be compared to the known password.
[/quote]
There is no need to use decrypt since that is not how the htaccess authorization works (unless you write a custom page to check the values (and since you can encrypt before checking) decrypt is not used)
hth
bastien
From: php_user <php@xxxxxxxxxxxx> To: Han <han@xxxxxxxxxxxxx>, php-db@xxxxxxxxxxxxx Subject: Re: password encryption Date: Fri, 19 Nov 2004 07:21:53 -0500
Han,
You can try installing mcrypt, it gives you encryption/decryption capabilities in PHP. It's fairly easy to install in you're running a Windows system; I think you have to recompile php if your on a Linux system, and I have never been able to successfully do that. You might look into it though, I don't quite understand why it can't be included with the default PHP installation, or be made easier to install.
http://us2.php.net/mcrypt
-JD
Han wrote:
Hello,
I'm having a real problem and wondering if anyone can help.
I need to set up htaccess ans htpasswd files to authenticate users on my system.
I need to do it with PHP, but can't find a way of encrypting the password so it works.
I've used an online encrypter for testing the system, and I've got the .htaccess and .htpasswd files correct, but I need to programmatically encrypt the password in my script then write it to the 2 files.
Han.
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php