Page 1 of 1
How to encrypt a password to compare with .htpasswd?
Posted: Wed Mar 05, 2008 10:44 pm
by jasonok
I have used .htpasswd to protect a directory. I have added some user with cPanel for initialization and find the password "superman" of user "spotty" have been encrypted to "SwiwEaoYmIe/c" at first time added and been encrypted to "2uhyjTm/HBJFs" at second time added. And I have used the crypt() of PHP to encrypt the password and get the result as "$1$PtzoD4Vk$NOZlGnuHtWwAQzVEsMlNF/", used the MD5() of PHP and get the result as "d41d8cd98f00b204e9800998ecf8427e". None of them is fit with the string stored in .htpasswd file. I don't know how to encrypt the password that visitor inputed to compare with the string stored in .htpasswd. Could anyone give any suggest?
Thanks.
Re: How to encrypt a password to compare with .htpasswd?
Posted: Wed Mar 05, 2008 10:47 pm
by Ambush Commander
Use the htpasswd command line utility.
If security is not an issue,
http://home.flash.net/cgi-bin/pw.pl should do the trick
Re: How to encrypt a password to compare with .htpasswd?
Posted: Wed Mar 05, 2008 11:00 pm
by jasonok
Thanks for advise.
I could not use the command line for the website hosted in a virtual server. And the encrypted string from the page you given is "spotty:WYtLt67uJmvtY". It still is not equal with the string stored in .htpasswd.
I found the encrypted string of the password "superman" in changed every time I added. So, how can I encrypt a string to compare with it? It's really a problem. Any suggestion, thanks.
Re: How to encrypt a password to compare with .htpasswd?
Posted: Fri May 02, 2008 1:34 am
by geethalakshmi
Here is the code to display encrypted password
http://hiox.org/index.php?id=278
Re: How to encrypt a password to compare with .htpasswd?
Posted: Fri May 02, 2008 2:32 am
by onion2k
Firstly, that code doesn't display encrypted passwords at all, it only displays an MD5 hash. Hashing is not encryption.
Second, it assumes that the password is stored as plain text in the database (or it MD5s the database hash giving the wrong result).
Thirdly, there are numerous problems with the script like you're not checking the query actually returned any results, and you're accessing an array value without quoting the key (eg $row[password] should be $row['password']).
And lastly, and most importantly, you're just linking to some post on another site without good reason which in my opinion is bordering on spamming. Do it again and I'll remove your post.