On Wed, 17 Mar 2004 09:44:25 +0100, "Christian Meisinger"
<c.meisinger@livingliquid.com> wrote:
[color=blue]
>has anyone tryed to check .htpasswd passwords with php?
>everythink works fine as long as they are encrypted with
>the default CRYPT mode of apaches htpasswd.
>
> crypt($pass, $htpass) === $htpass
>
>but how to check MD5?
>if you use ./htpasswd -m .htpasswd user
>the password will be md5 encrypted.
>php manual says that crypt supports md5 if the "salt" starts with $1$.
>
> CRYPT_MD5 - MD5 encryption with a twelve character
> salt starting with $1$
>
>then i read the htpasswd manual:
>
> -m Use Apache's modified MD5 algorithm for passwords.
> The MD5 algorithm used by htpasswd is specific to the Apache
> software; passwords encrypted using it will not be usable
> with other Web servers.
>
>great.
>does anyone know if a apache md5 algorithm exists for php?[/color]
Well - Apache is open source, so you can have a look at the code they use.
In the Apache source, have a look at apr_md5_encode in
srclib/apr-util/crypto/apr_md5.c .
It contains such gems of comments as:
/*
* Then something really weird...
*/
I don't know how much experience you have with C; you may be able to work
through the source and link against APR to get a small executable that does the
same as htpasswd. Or if you're particularly competent with C you could
translate the relevant parts to PHP; C and PHP share a fair amount of syntax.
Perhaps you could run htpasswd using exec(), getting it to write to a
temporary file of your choice, then read that file? I haven't traced it far
enough into what it actually writes to the file to say whether this will be a
workable approach, though.
--
Andy Hassall <andy@andyh.co.uk> / Space: disk usage analysis tool
<http://www.andyh.co.uk> / <http://www.andyhsoftware.co.uk/space>
