Is there a programmatic way to build htpasswd files, without depending on OS specific functions (i.e. exec(), passthru())?
A:
Trac ships with a Python replacement for htpasswd, which I'm sure you could port to your language of choice: htpasswd.py.
Jordi Bunster
2008-09-02 16:20:51
that imports the crypt module and that is implemented in c
hop
2009-01-24 15:52:40
+1
A:
First, create this form:
<FORM METHOD="POST" ACTION="<? echo $_SERVER['PHP_SELF']; ?>" onSubmit='return ValidateForm()'>
Username<br /><INPUT TYPE="TEXT" NAME="user[]"><br /><br />
Password<br /><INPUT TYPE="PASSWORD" NAME="password1[]"><br />
<INPUT TYPE="PASSWORD" NAME="password2[]"><br /><br />
<INPUT type=submit name="submit" VALUE="Create .htpasswd entry" onclick="document.all.submit.style.visibility='hidden'">
</FORM>
Then, this PHP-code will create the password for you:
if ( isset($_POST['user']) && isset($_POST['password1'])) {
if( $_POST['password1'] == $_POST['password2'] ) {
$user = $_POST['user'];
$password1 = $_POST['password1'];
$htpasswd_text = "";
for ($i = 0; $i < count ($user); $i++) {
$htpasswd_text .= "$user[$i]:".crypt($password1[$i],CRYPT_STD_DES)."";
}
echo "<br />Copy this line to your .htpasswd file:";
echo "<pre style=\"border-bottom-width:1px;border-bottom-style:solid;\">";
echo nl2br($htpasswd_text);
echo "</pre><br />";
} else {
echo "<pre style=\"border-bottom-width:1px;border-bottom-style:solid;\">Passwords do not match !</pre><br />";
}
}
The actual text to append to you htpasswd file is in the $htpasswd_text variable.
Espo
2008-09-02 16:21:47
+8
A:
.httpasswd files are just text files with a specific format depending on the hash function specified. If you are using MD5 they look like this:
foo:$apr1$y1cXxW5l$3vapv2yyCXaYz8zGoXj241
That's the login, a colon, ,$apr1$, the salt and 1000 times md5 encoded as base64. If you select SHA1 they look like this:
foo:{SHA}BW6v589SIg3i3zaEW47RcMZ+I+M=
That's the login, a colon, the string {SHA1} and the SHA1 hash encoded with base64.
If your language has an implementation of either MD5 or SHA1 and base64 you can just create the file like this:
<?php
$login = 'foo';
$pass = 'pass';
$hash = base64_encode(sha1($pass, true));
$contents = $login . ':{SHA1}' . $hash;
file_set_contents('.htpasswd', $contents);
?>
Here's more information on the format:
http://httpd.apache.org/docs/2.2/misc/password_encryptions.html
Greg Roberts
2008-09-02 16:29:51
A:
From what it says on the PHP website, you can use crypt() in the following method:
<?php
// Set the password & username
$username = 'user';
$password = 'mypassword';
// Get the hash, letting the salt be automatically generated
$hash = crypt($password);
// write to a file
file_set_contents('.htpasswd', $username ':' . $contents);
?>
Part of this example can be found: http://ca3.php.net/crypt
This will of course overwrite the entire existing file, so you'll want to do some kind of concatination.
I'm not 100% sure this will work, but I'm pretty sure.
Darryl Hein
2008-09-09 22:00:38