.htpasswd

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Labbat
Forum Newbie
Posts: 15
Joined: Mon Jan 26, 2004 9:10 pm

.htpasswd

Post by Labbat »

Hey,

' .htaccess ' to work....
http://142.59.59.29/www/admin/

However, this is what my htpasswd file looks like

admin:wLhGEkTk9tqkA << Thats it

Now thats not my password....I used this thing I found off a website it said "Ecrypt Your Files here" Or something like that
so it said, enter your user name and pass word, so I entered
admin and k7YuHeFv

And it encrypted it too
admin:wLhGEkTk9tqkA

So it said to use that for my htpasswd file, so I did

Now I go to my URL, and enter that as my Password, and it doesn't let me login, because , I assume its thinking wrong password.... So should I just changed the encrypted B.s.
Too the password I want, or how does this work?
User avatar
Michael 01
Forum Commoner
Posts: 87
Joined: Wed Feb 04, 2004 12:26 am

Post by Michael 01 »

If you have the password saved into a DB or even a flat file, you have to have a function to call out the password from its stored base, unencrypt the stored password and compare it to the user input password.

You should use MD5 encryption, and the reverse function to call on the password, rather than some of the <HTML encryption scripts :roll:> that are floating on the net. They will cause you more headaches than just using a MD5 encryption method with microtime randomness. :)
Labbat
Forum Newbie
Posts: 15
Joined: Mon Jan 26, 2004 9:10 pm

htpasswd

Post by Labbat »

Ok, I got it to where you get prompt
for a username, and password....

You say use MD5 To get .htaccess to call out for the password...
Now, Im new to this whole thing, so Im assuming
Iam storing the login info, in a flat file, because, I have it on my HD
(Hard Drive) and I can open it using notepad (Note* It is not a txt File)
I was told it shouldn't be....

Now, disregarding all that....MD5, if this is the easist way to make the login work, ..... How does MD5 work, how do I get it to call out for the pw?

Thanks :)
User avatar
Michael 01
Forum Commoner
Posts: 87
Joined: Wed Feb 04, 2004 12:26 am

Post by Michael 01 »

Well, it all depends on what version of PHP you are running. I am all to used to 4.0 and below, but as I read more on PHP 5.0, there are some rather nice encryption methods that are a tad better than MD5.

At any rate, Im not sure on how you have, or where you have your info stored. Is it stored on the apache end of things (highly recommended), flat file in your dir. tree (not good) or in your Mysql DB (very good)??

First and foremost, trash that damned HTML encryption script and start from where you were before you added that in.
Labbat
Forum Newbie
Posts: 15
Joined: Mon Jan 26, 2004 9:10 pm

Re:

Post by Labbat »

Alls I did, is:
Found Directions on the net, that said do this this and this, and that consisted of:

Make your htaccess file...
and save it as ".htaccess"
(Which I did) Then it said make a htpasswd file
and that had just
admin:wLhGEkTk9tqkA As the directions implied...
then save it as .htpasswd

Then, I go to the directory ( http://142.59.59.29/www/admin/ )
And enter the username/pw and it doesn't work?

Should I delete that, and start again?
User avatar
Michael 01
Forum Commoner
Posts: 87
Joined: Wed Feb 04, 2004 12:26 am

In a few quick words....

Post by Michael 01 »

If its the same program that I think it is, yes start over where you were before with your passwords unencrypted and do the process correctly.

There are many reasons for this, and one of those reasons is just the same problems you are having now. When you use a program such as the one you decribed, all it is really used to do, is take HTML source and encrypt it. The browser than automatically deciphers the garbled up mess to the user end.

With Authentication such as you are using, the encryption is not being deciphered because you are in a process that is long before the browser knows what is going on or what the browser knows to decipher, because in short, you are at the beginning of the process with Apache .htaccess files, and not at the "middleware" point of loading a page up. That is why you never see a page load while the pop up authentication is in process. It hangs there wanting info first.
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

You're using .htaccess to get a password prompt before accessing the directory, right?

So say your password was "dog" and it encrypted to "487ad38vn", then enter "dog", NOT "487ad38vn".
User avatar
Michael 01
Forum Commoner
Posts: 87
Joined: Wed Feb 04, 2004 12:26 am

Post by Michael 01 »

LiLpunkSkateR wrote:You're using .htaccess to get a password prompt before accessing the directory, right?

So say your password was "dog" and it encrypted to "487ad38vn", then enter "dog", NOT "487ad38vn".
He is using (i think...) that famous html scrambler that takes Html code, encrypts it, and than you can add it into your page encrypted. The browser than interprets the code as normaly written, however if you view the source, it shows encrypted text.

That type of encryption will not work for what he is trying to do. If it does, than he better smack his server admin.
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

Refer (no, not reefer :P) to his earlier post, he said he saved this:
admin:wLhGEkTk9tqkA
into his .htpasswd file, meaning he's using the built in login prompt stuff (don't know the name for it, heh)

the HTML scrambler:
a) is stupid and
b) uses javascript, which he didnt mention
User avatar
Michael 01
Forum Commoner
Posts: 87
Joined: Wed Feb 04, 2004 12:26 am

Post by Michael 01 »

Hmm..I thought he had the normal .ht Authentication pop up going...oh well...either way, each point you stated on the wonderful world of encryption via the HTML scrambler is, and shoud be taken by all, as word!

Amen, pass the plate.
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

There's no point for it.

"Oh no, someones gonna steal my hard coded HTML!!!"

whoopty do! it's just html!

Thats one of the best ways i learned html, by example. right click > view source was my best friend. :P
User avatar
Michael 01
Forum Commoner
Posts: 87
Joined: Wed Feb 04, 2004 12:26 am

Post by Michael 01 »

LOL!!! yeh...the one I always loved was that sneaky 'right click' blocker.

"Oh gosh...I guess since they disabled the right click on my mouse, I cant see the code...what shall I do?"

They never did seem to figure out, that there was a browser option under "view" that did the same job.

I remember going to a few Java forums a long time ago, and the common complaint that most of them had was "people can see my source code..and gosh..I dont want it ripped off..."

Than, some person who coded with PHP would come in and say "Use PhP" and that of course received a round of boo hisses.

Java..you have to love it.
Post Reply