crypt in htaccess...

AdamBrill

Does anyone know how crypt works with htaccess? I have been trying to find out, but can't... 🙁 I found a place online that will generate a string(user:encrypted password) for htaccess, but if you send the same username and password through again, the results are different. How can this work?? If anyone knows or can point me in the right direction, I'd appreciate it. 🙂

drawmack

I know the unix function in cryptpw. Let me do a google quick

This page: http://www.busan.edu/~nic/networking/puis/ch08_06.htm says that the unix crypt command uses des encryption. However what it does is encrypt a string of 64 zeroes with the password as the key. The then encrypts the output of this 23 more times.

In pseudocode this is

start = 00000000
for i=0, i<24,i++
start = des(start,password)
end for

I hope this helps

AdamBrill

Hmm... thanks for replying, but I'm still not sure how to get that to work with htaccess. Basically, I'm want to be able to know if a password is legitimate without running it through htaccess.

Example:

Say I have this: test:60M4uv2iU.CpA(in a .htpasswd file, which I read with PHP)

I want a user to be able to enter their username and password and me to be able to know if that password is correct, thus knowing whether or not to allow that user access. I know there would be many ways of doing this without htaccess, but I want it to work with existing htpasswd files. If anyone can be of any help, I'd really appreciate it. 🙂

drawmack

you can see if the php crypt function works http://www.php.net/crypt