[RESOLVED] .htaccess, .htpasswd, php and mysql

sonicfusion

when password protecting a folder with .htaccess i think the .htpasswd file stores a list of usernames and passwords in this sort of format:

user:pass
user:pass
user:pass
user:pass
etc.

my question is, if i put php in the .htpasswd file which echos out usernames and passwords from a mysql table in that format will it work? how do i use php code in a non *.php file? is it even possible in .htpasswd files?

once again thanks everyone

lucasrd

If you are going to do something like this, I would write a separate PHP file that reads & writes to the file in question.

Embedding php in a .htpasswd file won't work, but writing a modifyHtpasswd.php file and running it from the command line will work (pending file permissions).

Of course, you'll need to make sure your usernames and passwords are encoded correctly in your database for this to work.

<?php
mysql_connect("yourserver","uname","pass");
mysql_select_db("db");

$userString = "";

$sql = "select username,pw from users";
$result = mysql_query($sql);
while($row = mysql_fetch_array($result)){
   $userString .= $row['username'] . ":" . $row['pw'] . "\n";
}

$fd = fopen("/path/to/.htpasswd","w+");
fwrite($fd,$userString);
fclose($fd);

?>

sonicfusion

so i would have to set up a cron job or something to keep it updated regularly?

lucasrd

Yes running a cron job is right...I'm not 100% sure on how the passwords are encoded, you'd have to look into that..

sonicfusion

thanks, im pretty sure i can do this now

sonicfusion

i found this...

function htpasswd($pass){
     $pass = crypt(trim($pass),base64_encode(CRYPT_STD_DES));
     return $pass;
}

havent had chance to check it yet but it looks like its probably correct

http://www.phpfreaks.com/quickcode/htpasswd-Generator/207.php