How to encrypt a password to compare with .htpasswd?

jasonok

I have used .htpasswd to protect a directory. I have added some user with cPanel for initialization and find the password "superman" of user "spotty" have been encrypted to "SwiwEaoYmIe/c" at first time added and been encrypted to "2uhyjTm/HBJFs" at second time added. And I have used the crypt() of PHP to encrypt the password and get the result as "$1$PtzoD4Vk$NOZlGnuHtWwAQzVEsMlNF/", used the MD5() of PHP and get the result as "d41d8cd98f00b204e9800998ecf8427e". None of them is fit with the string stored in .htpasswd file. I don't know how to encrypt the password that visitor inputed to compare with the string stored in .htpasswd. Could anyone give any suggest?

Thanks.

laserlight

You could read: htpasswd - Manage user files for basic authentication

jasonok

Dear Friend, thanks for reply.

But I have already readed those documents, and it just said the password using the MD5 algorithm. But as I said above, the result of MD5() is not equal with the string stored in .htpasswd. I found the string stored in .htpasswd is not exclusive. It would change each time added. So, how can I use a php function to encrypt a password that visitor inputed to compare it? Could you give me some advice?

Thanks.

NogDog

If you carefully read that page, you'll see:

The MD5 algorithm used by htpasswd is specific to the Apache software; passwords encrypted using it will not be usable with other Web servers.

Therefore, you will need to use the htpasswd options to used crypt or sha, instead (or locate some 3rd party script that emulates its custom md5 algorithm).

NogDog

PS: If the intent is to use the .htpasswd info for login control on other pages not in that directory, you can have your page use the httpd user authentication: http://www.php.net/manual/en/features.http-auth.php