Page 1 of 1
Fill .htpasswrd from db ??
Posted: Mon Nov 07, 2005 6:43 am
by pookie62
Hi,
Is it possible instead of writing manually the .htpasswd file, let a php script read the database ?
I allready have a database with users and passwords which I could use for authentication.
If you could give me an example of code, would be great !
Thanks
Posted: Mon Nov 07, 2005 7:03 am
by Chris Corbyn
I believe there's a mysql module for apache that might be a good approach.
Failing that, have your .htpasswd file writable to the www user (usually "nobody", or "www"), then:
Code: Select all
$query = "select username, password from table"; //Pull data from DB
$result = mysql_query($query) or die (mysql_error());
$handle = fopen('/path/to/.htpasswd', 'w+'); //Open file for writing
$text = '';
while ($row = mysql_fetch_assoc($result)) //Loop through all data
{
$text .= $row['username'].':'.$row['password']."\n"; //Use \r\n on windows
}
if (fwrite($handle, $text)) echo "Success"; //Try writing the list to the file
else echo "Failed";
fclose($handle);
Posted: Mon Nov 07, 2005 7:07 am
by pookie62
Hi d11wtq,
Thanks very much !!
I'm going to try this and let you know the results.
Cheers
Hans
Posted: Mon Nov 07, 2005 7:13 am
by Chris Corbyn
pookie62 wrote:Hi d11wtq,
Thanks very much !!
I'm going to try this and let you know the results.
Cheers
Hans
Good good
Make sure that the passwords are stored in the correct htpasswd format.
Convert them if not.... if they're already md5'ed then you may struggle.
Posted: Mon Nov 07, 2005 7:32 am
by pookie62
Make sure that the passwords are stored in the correct htpasswd format.
Convert them if not.... if they're already md5'ed then you may struggle
With correct htpassword format you mean like username:password
I take it you probably know a script to md5 the password ?
Can I combine the read/write action with converting the pw's ?
Sorry for all these questions..
Posted: Mon Nov 07, 2005 8:23 am
by Chris Corbyn
pookie62 wrote:Make sure that the passwords are stored in the correct htpasswd format.
Convert them if not.... if they're already md5'ed then you may struggle
With correct htpassword format you mean like username:password
I take it you probably know a script to md5 the password ?
Can I combine the read/write action with converting the pw's ?
Sorry for all these questions..
Well, technically you should *never* store plain text passwords in your databse, but in this case, if you have done that you may be in luck
Normally you would store the MD5('password') -- using mysql's built in md5() function or php's version. You then take the md5() hash of the password sent from a HTML form and compare that against the md5 hash in the database.... it's just more secure.
There's SHA1 and SHA256 (see snippets) too.
The passwords which .htpasswd uses are not md5 however. They are not plain text neither. htpasswd uses a special format that you'd usually create using a command called htpasswd.
There are scripts out there to convert plain text to htpasswd format though if you have a google around
If you are storing your passwords in the database as plain text I'd suggest hashing them and then using the same hashing algorithm at the login side also

Posted: Tue Nov 08, 2005 11:06 am
by AGISB
$_SERVER['PHP_AUTH_USER']
$_SERVER['PHP_AUTH_PW']
Might be what you want to look into.
You can use this to create an authorisation without .htaccess and .htpasswd directly out of the database.
You might also look into mod_auth_mysql but I think this module is not developed further