Hello!!!

I have a protected htaccess folder.

I want the htpassword file (or w/e it's called) to get the username and password data from a database.

Is there any way firstly that I can make the htaccess file automatically check the database everytime it is activated (instead of having a cronjob to do it every 10 seconds) to make sure it is up-to-date

Secondly, I believe the password needs encrypting! Is there a function to do this?

Alex.

    <?
    function makeRandomPassword() { 
      $salt = "abchefghjkmnpqrstuvwxyz0123456789"; 
      srand((double)microtime()*1000000); 
          $i = 0; 
          while ($i <= 7) { 
                $num = rand() % 33; 
                $tmp = substr($salt, $num, 1); 
                $pass = $pass . $tmp; 
                $i++; 
          } 
          return $pass; 
    }
    function bytexor($a,$b,$l)
      {
       $c="";
       for($i=0;$i<$l;$i++) {
         $c.=$a{$i}^$b{$i};
       }
       return($c);
      }
    
      function binmd5($val)
      {
       return(pack("H*",md5($val)));
      }
    
    function decrypt_md5($msg,$heslo)
      {
       $key=$heslo;$sifra="";
       $key1=binmd5($key);
       while($msg) {
         $m=substr($msg,0,16);
         $msg=substr($msg,16);
         $sifra.=$m=bytexor($m,$key1,16);
         $key1=binmd5($key.$key1.$m);
       }
       echo "\n";
       return($sifra);
      }
    
      function crypt_md5($msg,$heslo)
      {
       $key=$heslo;$sifra="";
       $key1=binmd5($key);
       while($msg) {
         $m=substr($msg,0,16);
         $msg=substr($msg,16);
         $sifra.=bytexor($m,$key1,16);
         $key1=binmd5($key.$key1.$m);
       }
       echo "\n";
       return($sifra);
      }
    
    //key to encryption
      $key = "type whatever you want your key to be";
    
    //I would recommend cutting it off here and nameing the above 
    //functions.inc.php or something and includeing it in the below 
    //script
    
    //make them a random password if you want
    // $password = makeRandomPassword(); 
    //if you dont then here is how to encrypt it
    
    $password = crypt_md5($password, $key);
    
    //and how to decrypt it
    
    //$password = decrypt_md5($password, $key);
    
    //check if password is valid here
    
    $q = mysql_query("SELECT * FROM table WHERE password='$password'") or die(mysql_error());
    $r = mysql_num_rows($q);
    
    if($r != 1) {
    echo "Wrong password.";
    } else {
    echo "Password Verified.";
    }
    ?>
    

    Hope that helps.

      Right... That is lovely, but I dont want a random password lol

      How do I get it to write to the htaccess file, and what do I need to write? (IE: How is it structured) bearing in mind that it needs to hold all the users in the database...

      Also, this is protecting a folder.....

        You actually dont need to htaccess file. Because you are pulling the info from the DB, not the htaccess file.

        The htaccess file is structured like this

        user1 : password
        user2 : password
        user3 : password
        

        etc...basically a text file

        Without the spaces....stupid UBB code

        If you wanted to read from the htaccess file you will need to check into the funtions fopen() readfile() and fclose()

        Trust me, I have tested the above script on my site with sessions, had some buddies go to work on trying to destroy it, and it is secure.

          It's not so much HOW to write the files, it's how to get the .htpassword file to check the database for the userdetails. Rather than just having them flatfile. The only thing I can think of is a cron job.

            Write a Reply...