Hi,
Is it possible instead of writing manually the .htpasswd file, let a php script read the database ?
I allready have a database with users and passwords which I could use for authentication.
If you could give me an example of code, would be great !
Thanks
Fill .htpasswrd from db ??
Moderator: General Moderators
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
I believe there's a mysql module for apache that might be a good approach.
Failing that, have your .htpasswd file writable to the www user (usually "nobody", or "www"), then:
Failing that, have your .htpasswd file writable to the www user (usually "nobody", or "www"), then:
Code: Select all
$query = "select username, password from table"; //Pull data from DB
$result = mysql_query($query) or die (mysql_error());
$handle = fopen('/path/to/.htpasswd', 'w+'); //Open file for writing
$text = '';
while ($row = mysql_fetch_assoc($result)) //Loop through all data
{
$text .= $row['username'].':'.$row['password']."\n"; //Use \r\n on windows
}
if (fwrite($handle, $text)) echo "Success"; //Try writing the list to the file
else echo "Failed";
fclose($handle);- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
With correct htpassword format you mean like username:passwordMake sure that the passwords are stored in the correct htpasswd format.
Convert them if not.... if they're already md5'ed then you may struggle
I take it you probably know a script to md5 the password ?
Can I combine the read/write action with converting the pw's ?
Sorry for all these questions..
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Well, technically you should *never* store plain text passwords in your databse, but in this case, if you have done that you may be in luckpookie62 wrote:With correct htpassword format you mean like username:passwordMake sure that the passwords are stored in the correct htpasswd format.
Convert them if not.... if they're already md5'ed then you may struggle
I take it you probably know a script to md5 the password ?
Can I combine the read/write action with converting the pw's ?
Sorry for all these questions..
Normally you would store the MD5('password') -- using mysql's built in md5() function or php's version. You then take the md5() hash of the password sent from a HTML form and compare that against the md5 hash in the database.... it's just more secure.
There's SHA1 and SHA256 (see snippets) too.
The passwords which .htpasswd uses are not md5 however. They are not plain text neither. htpasswd uses a special format that you'd usually create using a command called htpasswd.
There are scripts out there to convert plain text to htpasswd format though if you have a google around
If you are storing your passwords in the database as plain text I'd suggest hashing them and then using the same hashing algorithm at the login side also