Page 1 of 1
.htpasswd
Posted: Wed Feb 04, 2004 12:45 pm
by Labbat
Hey,
' .htaccess ' to work....
http://142.59.59.29/www/admin/
However, this is what my htpasswd file looks like
admin:wLhGEkTk9tqkA << Thats it
Now thats not my password....I used this thing I found off a website it said "Ecrypt Your Files here" Or something like that
so it said, enter your user name and pass word, so I entered
admin and k7YuHeFv
And it encrypted it too
admin:wLhGEkTk9tqkA
So it said to use that for my htpasswd file, so I did
Now I go to my URL, and enter that as my Password, and it doesn't let me login, because , I assume its thinking wrong password.... So should I just changed the encrypted B.s.
Too the password I want, or how does this work?
Posted: Wed Feb 04, 2004 2:06 pm
by Michael 01
If you have the password saved into a DB or even a flat file, you have to have a function to call out the password from its stored base,
unencrypt the stored password and compare it to the user input password.
You should use MD5 encryption, and the reverse function to call on the password, rather than some of the <HTML encryption scripts

> that are floating on the net. They will cause you more headaches than just using a MD5 encryption method with microtime randomness.

htpasswd
Posted: Wed Feb 04, 2004 2:28 pm
by Labbat
Ok, I got it to where you get prompt
for a username, and password....
You say use MD5 To get .htaccess to call out for the password...
Now, Im new to this whole thing, so Im assuming
Iam storing the login info, in a flat file, because, I have it on my HD
(Hard Drive) and I can open it using notepad (Note* It is not a txt File)
I was told it shouldn't be....
Now, disregarding all that....MD5, if this is the easist way to make the login work, ..... How does MD5 work, how do I get it to call out for the pw?
Thanks

Posted: Wed Feb 04, 2004 2:32 pm
by Michael 01
Well, it all depends on what version of PHP you are running. I am all to used to 4.0 and below, but as I read more on PHP 5.0, there are some rather nice encryption methods that are a tad better than MD5.
At any rate, Im not sure on how you have, or where you have your info stored. Is it stored on the apache end of things (highly recommended), flat file in your dir. tree (not good) or in your Mysql DB (very good)??
First and foremost, trash that damned HTML encryption script and start from where you were before you added that in.
Re:
Posted: Wed Feb 04, 2004 3:04 pm
by Labbat
Alls I did, is:
Found Directions on the net, that said do this this and this, and that consisted of:
Make your htaccess file...
and save it as ".htaccess"
(Which I did) Then it said make a htpasswd file
and that had just
admin:wLhGEkTk9tqkA As the directions implied...
then save it as .htpasswd
Then, I go to the directory (
http://142.59.59.29/www/admin/ )
And enter the username/pw and it doesn't work?
Should I delete that, and start again?
In a few quick words....
Posted: Wed Feb 04, 2004 6:47 pm
by Michael 01
If its the same program that I think it is, yes start over where you were before with your passwords unencrypted and do the process correctly.
There are many reasons for this, and one of those reasons is just the same problems you are having now. When you use a program such as the one you decribed, all it is really used to do, is take HTML source and encrypt it. The browser than automatically deciphers the garbled up mess to the user end.
With Authentication such as you are using, the encryption is not being deciphered because you are in a process that is long before the browser knows what is going on or what the browser knows to decipher, because in short, you are at the beginning of the process with Apache .htaccess files, and not at the "middleware" point of loading a page up. That is why you never see a page load while the pop up authentication is in process. It hangs there wanting info first.
Posted: Wed Feb 04, 2004 7:01 pm
by d3ad1ysp0rk
You're using .htaccess to get a password prompt before accessing the directory, right?
So say your password was "dog" and it encrypted to "487ad38vn", then enter "dog", NOT "487ad38vn".
Posted: Wed Feb 04, 2004 7:12 pm
by Michael 01
LiLpunkSkateR wrote:You're using .htaccess to get a password prompt before accessing the directory, right?
So say your password was "dog" and it encrypted to "487ad38vn", then enter "dog", NOT "487ad38vn".
He is using (i think...) that famous html scrambler that takes Html code, encrypts it, and than you can add it into your page encrypted. The browser than interprets the code as normaly written, however if you view the source, it shows encrypted text.
That type of encryption will not work for what he is trying to do. If it does, than he better smack his server admin.
Posted: Wed Feb 04, 2004 7:22 pm
by d3ad1ysp0rk
Refer (no, not reefer

) to his earlier post, he said he saved this:
admin:wLhGEkTk9tqkA
into his .htpasswd file, meaning he's using the built in login prompt stuff (don't know the name for it, heh)
the HTML scrambler:
a) is stupid and
b) uses javascript, which he didnt mention
Posted: Wed Feb 04, 2004 8:05 pm
by Michael 01
Hmm..I thought he had the normal .ht Authentication pop up going...oh well...either way, each point you stated on the wonderful world of encryption via the HTML scrambler is, and shoud be taken by all, as word!
Amen, pass the plate.
Posted: Wed Feb 04, 2004 10:03 pm
by d3ad1ysp0rk
There's no point for it.
"Oh no, someones gonna steal my hard coded HTML!!!"
whoopty do! it's just html!
Thats one of the best ways i learned html, by example. right click > view source was my best friend.

Posted: Wed Feb 04, 2004 10:36 pm
by Michael 01
LOL!!! yeh...the one I always loved was that sneaky 'right click' blocker.
"Oh gosh...I guess since they disabled the right click on my mouse, I cant see the code...what shall I do?"
They never did seem to figure out, that there was a browser option under "view" that did the same job.
I remember going to a few Java forums a long time ago, and the common complaint that most of them had was "people can see my source code..and gosh..I dont want it ripped off..."
Than, some person who coded with PHP would come in and say "Use PhP" and that of course received a round of boo hisses.
Java..you have to love it.