Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Still going nuts with .htaccess |
|
| Author |
|
Bob B.
Joined: 06 Jul 2006
Posts: 10
|
 Posted: Mon 31 Jul '06 5:44 Post subject: Still going nuts with .htaccess |
 |
|
You folks were kind enough to tell me to use MD5 for password encryption since I couldn't get htaccess to recognize crypt ( ) encryption on Windows/Apache 2.2 server.
Well, here is what I did:
Installed Digest::Perl::MD5 on the server to see if I could get htaccess to finally work.
Changed all the crypt ( ) statements to md5_hex ( ) statements
Added "use Digest::Perl::MD5 'md5_hex';" to the script.
Encrypted current user passwords and updated .htpassword. Everything worked fine as far as the subscription program I am using. I could get into the members area by typing in users text passwords and could register new members so all the encryption was working.
Now, I copied the .htaccess and .htpassword files from the cgi-bin into my members directory and updated the location of the protected directory in the scripts. Again, when logging on, I could get into the members page. If I clicked on one of my page links which is in the protected directory, I get the htaccess password request on the screen.
Same problem as before..wouldn't accept the password.
If I entered the MD5 encrypted code in the password field, I get right in, but not entering the text password!!!
I can post my Apache config file if anyone thinks the problem is in there.
Here is my .htaccess file:
AuthUserFile "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs/members/.htpassword"
AuthGroupFile /dev/null
AuthName "Only approved member access to this directory"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
Order allow,deny
Satisfy any
I don't know where to go from here!!! 
Thanks,
Bob B |
|
| Back to top |
|
Jorge
Joined: 12 Mar 2006
Posts: 376
Location: Belgium
|
| Posted: Mon 31 Jul '06 11:13 Post subject: |
|
|
using crypt() in htpasswd files is a very bad idea.
Since crypt only works on linux/unix... and not on all systems
I had the same problem so i made a class build on some snips i found on the internet:
| Code: | <?php
/*************************************\
| htpasswd class |
| By Jorge Schrauwen 2006 |
| http://www.blackdot.be |
\*************************************/
class htpasswd{
function htpasswd(){
$this->pwdata = "";
}
function load($file){
if(file_exists($file)){
$data = Array();
$fcontents = file($file);;
while(list($line_num, $line) = each($fcontents)){
$arraydata = explode(':',$line);
$user = $arraydata[0];
$data[$user] = chop($arraydata[1]);
}
$this->pwdata = $data;
return true;
}else return false;
}
function save($file){
$fcontents = "";
foreach(array_keys($this->pwdata) as $user){
$fcontents .= $user.":".$this->pwdata[$user]."\n";
}
if(file_put_contents($file, $fcontents)){
return true;
}else{
return false;
}
}
function create($user, $passwd, $update=false){
if(isset($this->pwdata[$user])){
if($update == false) return false;
}
$this->pwdata[$user] = $this->non_salted_sha1($passwd);
return true;
}
function remove($user){
$rval = false;
if(isset($this->pwdata[$user])){
$oldarray = $this->pwdata;
$this->pwdata = "";
foreach(array_keys($oldarray) as $uid){
if($uid !== $user){
$this->pwdata[$uid] = $oldarray[$uid];
}else{
$rval = true;
}
}
}
return $rval;
}
function users(){
$rval = Array();
if(is_array($this->pwdata)){
foreach(array_keys($this->pwdata) as $uid){
$rval[count($rval)] = $uid;
}
}
return $rval;
}
function validate($user, $pass){
if(!isset($this->pwdata[$user])) return False;
$crypted = $this->pwdata[$user];
if(substr($crypted, 0, 6) == "{SSHA}"){
$ohash = base64_decode(substr($crypted, 6));
return substr($ohash, 0, 20) == pack("H*", sha1($pass . substr($ohash, 20)));
}elseif(substr($crypted, 0, 5) == "{SHA}"){
return ($this->non_salted_sha1($pass) == $crypted);
}else{
return ($pass == $crypted);
}
}
//encryption functions
function rand_salt_crypt($pass){
$salt = "";
mt_srand((double)microtime()*1000000);
for ($i=0; $i<CRYPT_SALT_LENGTH; $i++)
$salt .= substr("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./", mt_rand() & 63, 1);
return "$apr1$".crypt($pass, $salt);
}
function rand_salt_sha1($pass){
mt_srand((double)microtime()*1000000);
$salt = pack("CCCC", mt_rand(), mt_rand(), mt_rand(), mt_rand());
return "{SSHA}".base64_encode(pack("H*", sha1($pass . $salt)) . $salt);
}
function non_salted_sha1($pass){
return "{SHA}".base64_encode(pack("H*", sha1($pass)));
}
}
?> |
Hopefully this helps |
|
| Back to top |
|
|
|
|
|
|
