Php Authentication...without database

Anon

I have the next code in a Php file to make user

authentication...

<?php
if(!isset($PHP_AUTH_USER)) {
Header("WWW-Authenticate: Basic realm=\"My
Realm\""); Header("HTTP/1.0 401 Unauthorized");
echo "Text to send if user hits Cancel button\n";
exit;
} else {
echo "Hello $PHP_AUTH_USER.<P>";
echo "You entered $PHP_AUTH_PW as your
password.<P>"; }
?>

Its not exactly this code, this sample came with php
documentacion. My question is how can i open my
httpd.pass (or any other file created with passwords,
with -s option that crypt the file with SHA algorith
at 130 bits),file to autenthicate a user with this
block code, NOT USING A DATABASE???
This code don´t autenthicate nothing because don´t
compares the
variable $PHP_AUTH_USER and $PHP_AUTH_PW with
nothing....I think i need to compare this variables
with the users and passwords that httpd.conf
have...??? something like that...

<?php
if(!isset($PHP_AUTH_USER)) {
Header("WWW-Authenticate: Basic realm=\"My
Realm\""); Header("HTTP/1.0 401 Unauthorized");
echo "Text to send if user hits Cancel button\n";
exit;
} else {
if($PHP_AUTH_USER!=user_variable_returned_from_httpd.pass
&&
$PHP_AUTH_PW!=$password_variable_returned_from_httpd.pass){
exit;
}
else {
echo "Hello $PHP_AUTH_USER.<P>";
}
?>
NOT USING DATABASE.
It´s possible??
It´s a second good one protection since first its
ht.access???(it´s working good ht.access)
It´s easy to pass by???

Please help me,i´m newbie in php and security....

Thanks in advance for all.

P.S.

Anon

Why not just use .htaccess the way it's supposed to be used. Why are you trying to bypass it, but then use it in your script?

---John Holmes..

Anon

Ok, sorry to not explain my self cleary.
I´m trying to do this to (learn) protect to an eventual "atack" that remove the file .htaccess and then the PHP page´s of my website have protection too. They make autenthication using the files that .htaccess use to validate a user.I think it was two protections....
But i don´t know how to open the password files to compare passwords written by the user and that inside .htpassword (Ex.).
Sorry if i don´t explain myself clear again, please make me questions.........

P.S.

Anon

If a hacker can get in far enough to fool with the .htaccess file, then any "secondary" protection implemented in your files won't be of much use, either.

I would recomend you just stick with .htaccess. It'll make your life a lot easier....

---John Holmes...

Anon

Thank you for your help.
You have reason, but a simple think that´s open a passwd -s file in PHP i think it was easy???
It isn´t?

Thanks in advance

P.S.

Anon

Sure it's easy to open a file and read it in. PHP has plenty of file functions. You can read in the password file, parse it to seperate the username vs. password. You'll have to figure out some way to encrypt $password to match how it's stored in the passwd file, I don't know about that.

Once you figure it out and get it working, all you've done is recreate htaccess, though. You haven't gained anything and caused yourself some headaches along the way more than likely.

---John Holmes...

Anon

Thank´s John for your colaboration......
I know you have reason....

If you need anything ring........

P.S.

Anon

Here is the code you are most likely looking for.