Connecting Tech Pros Worldwide Help | Site Map
bytes > topic > php > answers

problems with basic authentication .htpasswd called from php exec()

starlightjen
Guest
  
Posts: n/a
#1: Jul 17 '05
Hello,

I'm trying to use php to update my htpasswd file.

I have my permissions on .htpasswd set to 777, so it should be wide
open. From the command line (when logged into the server as "nobody",
my server's web user) I can get the htpasswd.exe to run without a
problem, but when passed through my php exec() function the .htpasswd
file does not change. I'm not getting any errors, but I'm not getting
any action either.

I'd really appreciate anything anyone could suggest - I feel like I'm
banging my head against a wall here.
Thanks,
Jen
Gordon Burditt
Guest
  
Posts: n/a
#2: Jul 17 '05

re: problems with basic authentication .htpasswd called from php exec()

>I'm trying to use php to update my htpasswd file.[color=blue]
>
>I have my permissions on .htpasswd set to 777, so it should be wide
>open.[/color]

Apache tends to react to excessive permissions on files (or on
directories containing them) by refusing to use them. Setting a
CGI or the directory it's in to mode 777 is a great way to make it
not work. I'm not sure what the situation would be with a
world-writable .htpasswd file.
[color=blue]
>From the command line (when logged into the server as "nobody",
>my server's web user) I can get the htpasswd.exe to run without a
>problem, but when passed through my php exec() function the .htpasswd
>file does not change. I'm not getting any errors, but I'm not getting
>any action either.[/color]

How did you invoke htpasswd? htpasswd on UNIX tends to prompt on
/dev/tty, *NOT* stdin, which means that if you tried sending in
the password on stdin, it won't work. Maybe Windows is trying
to get it from the console (and failing). Try putting all the info
needed on the command line (with the -b flag), if you aren't already.
[color=blue]
>I'd really appreciate anything anyone could suggest - I feel like I'm
>banging my head against a wall here.[/color]

Gordon L. Burditt
starlightjen
Guest
  
Posts: n/a
#3: Jul 17 '05

re: problems with basic authentication .htpasswd called from php exec()

Thanks Gordon,

I invoked htpasswd by using the exec() function in PHP like this:
exec("/usr/local/apache/current/bin/htpasswd -b .htpasswd $email
$password");

when the same thing is entered at the command line:
/usr/local/apache/current/bin/htpasswd -b .htpasswd my_email
my_password
it works!

Do you think my problem here is the 777 mod on the .htpasswd file? I
figured I'd open it all the way for testing purposes, and lock it down
after I get it running, but maybe I'm shooting myself in the foot.
any suggestions?
Gordon Burditt
Guest
  
Posts: n/a
#4: Jul 17 '05

re: problems with basic authentication .htpasswd called from php exec()

>I invoked htpasswd by using the exec() function in PHP like this:[color=blue]
>exec("/usr/local/apache/current/bin/htpasswd -b .htpasswd $email
>$password");[/color]

Some warnings here:

1) If safe mode is on, you only get to run stuff out of a specific
directory, and all of the args get quoted into one big arg, which
won't work. And I'm not sure how you can make it work without
some kind of wrapper script in the safe mode execution directory.

2) This command gets passed to the shell, and as such, wildcards
get expanded by the shell. Expect trouble here if $password contains
stuff like *, ?, &, spaces, parentheses, brackets, braces, quotes,
semicolons, etc. The same goes for $email, but that's less likely
to have problems. Also, a password like:
foo`rm -rf *`bar
could wreak havoc.

Try:
$emailquoted = shellescapearg($email);
$passwordquoted = shellescapearg($password);[color=blue]
>exec("/usr/local/apache/current/bin/htpasswd -b .htpasswd $emailquoted
>$passwordquoted");[/color]

3) What is the current working directory when htpasswd is executed?
Are you sure? ".htpasswd" is a relative path name. Maybe you should
pass an absolute path name.

4) Are you sure you have permissions on htpasswd (the command) and all
of the directories up to /?
[color=blue]
>when the same thing is entered at the command line:
>/usr/local/apache/current/bin/htpasswd -b .htpasswd my_email
>my_password
>it works![/color]

Are you running as the same user that Apache runs as? If not, try
it that way.
[color=blue]
>Do you think my problem here is the 777 mod on the .htpasswd file? I[/color]

No, the 777 is a reason why Apache might refuse to use it, not why
htpasswd would refuse to modify it. I think.
[color=blue]
>figured I'd open it all the way for testing purposes, and lock it down
>after I get it running, but maybe I'm shooting myself in the foot.
>any suggestions?[/color]

Gordon L. Burditt
Closed Thread

« previous question | next question »

Similar PHP bytes

/bytes/development

/bytes/it

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 226,272 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved