.htpasswd
Moderator: General Moderators
.htpasswd
Hey,
' .htaccess ' to work....
http://142.59.59.29/www/admin/
However, this is what my htpasswd file looks like
admin:wLhGEkTk9tqkA << Thats it
Now thats not my password....I used this thing I found off a website it said "Ecrypt Your Files here" Or something like that
so it said, enter your user name and pass word, so I entered
admin and k7YuHeFv
And it encrypted it too
admin:wLhGEkTk9tqkA
So it said to use that for my htpasswd file, so I did
Now I go to my URL, and enter that as my Password, and it doesn't let me login, because , I assume its thinking wrong password.... So should I just changed the encrypted B.s.
Too the password I want, or how does this work?
' .htaccess ' to work....
http://142.59.59.29/www/admin/
However, this is what my htpasswd file looks like
admin:wLhGEkTk9tqkA << Thats it
Now thats not my password....I used this thing I found off a website it said "Ecrypt Your Files here" Or something like that
so it said, enter your user name and pass word, so I entered
admin and k7YuHeFv
And it encrypted it too
admin:wLhGEkTk9tqkA
So it said to use that for my htpasswd file, so I did
Now I go to my URL, and enter that as my Password, and it doesn't let me login, because , I assume its thinking wrong password.... So should I just changed the encrypted B.s.
Too the password I want, or how does this work?
- Michael 01
- Forum Commoner
- Posts: 87
- Joined: Wed Feb 04, 2004 12:26 am
If you have the password saved into a DB or even a flat file, you have to have a function to call out the password from its stored base, unencrypt the stored password and compare it to the user input password.
You should use MD5 encryption, and the reverse function to call on the password, rather than some of the <HTML encryption scripts
> that are floating on the net. They will cause you more headaches than just using a MD5 encryption method with microtime randomness. 
You should use MD5 encryption, and the reverse function to call on the password, rather than some of the <HTML encryption scripts
htpasswd
Ok, I got it to where you get prompt
for a username, and password....
You say use MD5 To get .htaccess to call out for the password...
Now, Im new to this whole thing, so Im assuming
Iam storing the login info, in a flat file, because, I have it on my HD
(Hard Drive) and I can open it using notepad (Note* It is not a txt File)
I was told it shouldn't be....
Now, disregarding all that....MD5, if this is the easist way to make the login work, ..... How does MD5 work, how do I get it to call out for the pw?
Thanks
for a username, and password....
You say use MD5 To get .htaccess to call out for the password...
Now, Im new to this whole thing, so Im assuming
Iam storing the login info, in a flat file, because, I have it on my HD
(Hard Drive) and I can open it using notepad (Note* It is not a txt File)
I was told it shouldn't be....
Now, disregarding all that....MD5, if this is the easist way to make the login work, ..... How does MD5 work, how do I get it to call out for the pw?
Thanks
- Michael 01
- Forum Commoner
- Posts: 87
- Joined: Wed Feb 04, 2004 12:26 am
Well, it all depends on what version of PHP you are running. I am all to used to 4.0 and below, but as I read more on PHP 5.0, there are some rather nice encryption methods that are a tad better than MD5.
At any rate, Im not sure on how you have, or where you have your info stored. Is it stored on the apache end of things (highly recommended), flat file in your dir. tree (not good) or in your Mysql DB (very good)??
First and foremost, trash that damned HTML encryption script and start from where you were before you added that in.
At any rate, Im not sure on how you have, or where you have your info stored. Is it stored on the apache end of things (highly recommended), flat file in your dir. tree (not good) or in your Mysql DB (very good)??
First and foremost, trash that damned HTML encryption script and start from where you were before you added that in.
Re:
Alls I did, is:
Found Directions on the net, that said do this this and this, and that consisted of:
Make your htaccess file...
and save it as ".htaccess"
(Which I did) Then it said make a htpasswd file
and that had just
admin:wLhGEkTk9tqkA As the directions implied...
then save it as .htpasswd
Then, I go to the directory ( http://142.59.59.29/www/admin/ )
And enter the username/pw and it doesn't work?
Should I delete that, and start again?
Found Directions on the net, that said do this this and this, and that consisted of:
Make your htaccess file...
and save it as ".htaccess"
(Which I did) Then it said make a htpasswd file
and that had just
admin:wLhGEkTk9tqkA As the directions implied...
then save it as .htpasswd
Then, I go to the directory ( http://142.59.59.29/www/admin/ )
And enter the username/pw and it doesn't work?
Should I delete that, and start again?
- Michael 01
- Forum Commoner
- Posts: 87
- Joined: Wed Feb 04, 2004 12:26 am
In a few quick words....
If its the same program that I think it is, yes start over where you were before with your passwords unencrypted and do the process correctly.
There are many reasons for this, and one of those reasons is just the same problems you are having now. When you use a program such as the one you decribed, all it is really used to do, is take HTML source and encrypt it. The browser than automatically deciphers the garbled up mess to the user end.
With Authentication such as you are using, the encryption is not being deciphered because you are in a process that is long before the browser knows what is going on or what the browser knows to decipher, because in short, you are at the beginning of the process with Apache .htaccess files, and not at the "middleware" point of loading a page up. That is why you never see a page load while the pop up authentication is in process. It hangs there wanting info first.
There are many reasons for this, and one of those reasons is just the same problems you are having now. When you use a program such as the one you decribed, all it is really used to do, is take HTML source and encrypt it. The browser than automatically deciphers the garbled up mess to the user end.
With Authentication such as you are using, the encryption is not being deciphered because you are in a process that is long before the browser knows what is going on or what the browser knows to decipher, because in short, you are at the beginning of the process with Apache .htaccess files, and not at the "middleware" point of loading a page up. That is why you never see a page load while the pop up authentication is in process. It hangs there wanting info first.
-
d3ad1ysp0rk
- Forum Donator
- Posts: 1661
- Joined: Mon Oct 20, 2003 8:31 pm
- Location: Maine, USA
- Michael 01
- Forum Commoner
- Posts: 87
- Joined: Wed Feb 04, 2004 12:26 am
He is using (i think...) that famous html scrambler that takes Html code, encrypts it, and than you can add it into your page encrypted. The browser than interprets the code as normaly written, however if you view the source, it shows encrypted text.LiLpunkSkateR wrote:You're using .htaccess to get a password prompt before accessing the directory, right?
So say your password was "dog" and it encrypted to "487ad38vn", then enter "dog", NOT "487ad38vn".
That type of encryption will not work for what he is trying to do. If it does, than he better smack his server admin.
-
d3ad1ysp0rk
- Forum Donator
- Posts: 1661
- Joined: Mon Oct 20, 2003 8:31 pm
- Location: Maine, USA
- Michael 01
- Forum Commoner
- Posts: 87
- Joined: Wed Feb 04, 2004 12:26 am
-
d3ad1ysp0rk
- Forum Donator
- Posts: 1661
- Joined: Mon Oct 20, 2003 8:31 pm
- Location: Maine, USA
- Michael 01
- Forum Commoner
- Posts: 87
- Joined: Wed Feb 04, 2004 12:26 am
LOL!!! yeh...the one I always loved was that sneaky 'right click' blocker.
"Oh gosh...I guess since they disabled the right click on my mouse, I cant see the code...what shall I do?"
They never did seem to figure out, that there was a browser option under "view" that did the same job.
I remember going to a few Java forums a long time ago, and the common complaint that most of them had was "people can see my source code..and gosh..I dont want it ripped off..."
Than, some person who coded with PHP would come in and say "Use PhP" and that of course received a round of boo hisses.
Java..you have to love it.
"Oh gosh...I guess since they disabled the right click on my mouse, I cant see the code...what shall I do?"
They never did seem to figure out, that there was a browser option under "view" that did the same job.
I remember going to a few Java forums a long time ago, and the common complaint that most of them had was "people can see my source code..and gosh..I dont want it ripped off..."
Than, some person who coded with PHP would come in and say "Use PhP" and that of course received a round of boo hisses.
Java..you have to love it.