.htaccess suggestions?

zevious

We need to
1. To password protect a website
2. My first thought was to use .htpasswd
3. I want to generate a random passwd.
4. Expire that password after 48 hours

My question's are:
1. Does anyone know of some code that does this?
2. How would you approach this?

My thoughts was to write a script that deletes entries from the htaccecc file daily and run that from cron.

Ideas?

bdbush

This can get nasty, but you could use a database in conjunction with your .htaccess .htpasswd files.

The idea is that you store a username and timestamp in the database. Have your cron job query for usernames older than the specified 2 days, and delete those users from the .htpasswd flat file.

Randomly generating a password should be easy with php. I like to take things like the users IP address appended to milliseconds timestamp and crc32 then dechex the result.

This will give you a sufficiently random 8 character value every time.

Good Luck,
--brian

cheald

I'd use PHP's authentication features. You just send the proper headers if you're not logged in, and it gives you the standard login box. Like this:

<?
function authUser() {
global $PHP_AUTH_USER, $PHP_AUTH_PW
if(!isset($PHP_AUTH_USER)) {
Header("WWW-Authenticate: Basic realm=\"Web Accounting\"");
Header("HTTP/1.0 401 Unauthorized");
echo "You are not authorized for this security level!\n";
return false;
}
elseif ($PHP_AUTH_USER && $PHP_AUTH_PW) {
//do some authentication against the database
}
}
?>

Use a database that stores usernames, passwords, and a timestamp, and have the function return false if the timestamp is out of range.

To protect pages, just put this in the page you want to protect:

if(!$auth_user())
exit();