htpasswd problems from php

Trilomictu

Hi!

When I use the following command line from ssh/telnet it works fine.

/usr/local/bin/htpasswd -b /home/m/minfilof/www/test/p1/.htp1 -b 'David Lidstrom' 'test'

But I'd like to do this from php... I've tried

$cmd = "/usr/local/bin/htpasswd -b /home/m/minfilof/www/test/p1/.htp1 " . escapeshellarg("David Lidstrom") . " " . escapeshellarg("test");
$a = system ($cmd);

and various versions including exec() and shell_exec() - but nothing works! And I recieve no array-output at all frpm exec()!!

The "return_var" in exec() however, returns 1 - I don't know if that is important or not 🙂

Thank you.
/ David

jerdo

It's likely that the user that runs the php script doesn't have persmission to use the htpasswd command. Most php scripts run as user www so they don't have access to do much damage (in theory). One way to workaround this is to call a script done in another language, like perl, to run htpasswd

shadowbq

You can run something like this...

$newuser = "/dir_of_htpasswd/htpasswd -b /securitydirectory/access_file $username $password 2>&1";
system($newuser);

This will dump the output of htpasswd write onto your webpage.

Remember 2>&1 is the redirect sub command for Output from your LINUX box. This is so you can have verification of change.

Make sure you incorporate some type of Encrypted Password check You do not want someone spoofing and overwriting your administrators password!.. Also a good idea is to force MD5, also force a password and verification password script.

Something along the lines of this for NULL usernames as well..

If ((!is_null($username)) && (!$username==""))
{
If ($password==$vpassword)
{

😉 - Shadowbq