SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Member
    Join Date
    Aug 2004
    Location
    UK
    Posts
    16
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    .htpasswd (encrypted passwords?)

    Hi

    If I lock a directory using the lock directory function on my web host a .htpasswd file is created. This is good. The password in the .htpasswd file is stored in an encrypted format.

    I would like to be able to automatically add users and passwords to this file when users of my site register. The problem is that: Using the automatic function of my web host to lock the directory turns the password 'test'

    into 'vhlNxdW73MO9U'

    Using php crypt turns it into:

    '$1$EqTMQ8yb$ByeyycScxrohEC8xSPApg0'

    and using php md5 turns it into:

    '098f6bcd4621d373cade4e832627b4f6'

    So I'm not sure how to encrypt a password using my own script before I write it to the .htpasswd file???

    I do hope the above makes some sense coz I've had a few beers.

  2. #2
    SitePoint Enthusiast mrobinson's Avatar
    Join Date
    Aug 2004
    Location
    New York, NY, USA
    Posts
    50
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Estella,

    Your question intrigued me a little so I decided to look into it.

    First when you encrypt the password you need to use Standard DES-based encryption with a two character salt.

    PHP Code:
     $salt 'MR'/* This ideally would be randomly generated */
     
    $password 'thePassword';
     
    $hash crypt($password$salt);
     echo 
    $hash
    In the example above I set the salt to MR.
    This produces the $hash = MRxMiKl2Nkovw


    Now if you need to compare a password to the hashed version you need to use the same salt value (which is the first two characters of the hash result). This is what Apache does (I believe).

    PHP Code:
     $oldHash 'MRxMiKl2Nkovw';
     
    $salt substr($oldHash02); /* i.e. MR */
     
    $password 'thePassword';
     
    $hash crypt($password$salt);
     echo 
    $hash
    This will produce the same hashed value (hence the password matches).

    I'm still getting my head around this so I'm not sure if I've explained it clearly, but the code may help?

    Regards,
    Mark

  3. #3
    SitePoint Enthusiast mrobinson's Avatar
    Join Date
    Aug 2004
    Location
    New York, NY, USA
    Posts
    50
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Now that I've read my own post, try this...
    PHP Code:
     $salt 'vh';
     
    $password 'test';
     
    $hash crypt($password$salt);
     echo 
    $hash
    This should give vhlNxdW73MO9U

  4. #4
    SitePoint Member
    Join Date
    Aug 2004
    Location
    UK
    Posts
    16
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi mrobinson

    Thanks for the input

    I'm not sure I fully understand the below:

    $salt = substr($oldHash, 0, 2); /* i.e. MR */

    I assume the above is working out what the original $salt was which was used in the first place? Yeah? What does substr() do? And what does the 0, 2 do?

    Sorry if I'm being stupid. You help is really appreciated.

    Thanks

    Estella

  5. #5
    SitePoint Member
    Join Date
    Aug 2004
    Location
    UK
    Posts
    16
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey thanks I get it now

    I have go t process figured out and it makes sense

    I understand that the 'substr($oldhash, 0, 2);' is retrieving the original $salt. I suppose the substr is an e ncryption related command. However, I just need to understand what the 0, 2 bit means? Are there other numbers you can use here for diffent reasons?

    Thanks

    Estella

  6. #6
    SitePoint Enthusiast mrobinson's Avatar
    Join Date
    Aug 2004
    Location
    New York, NY, USA
    Posts
    50
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Estella,

    Sorry - I made an assumption.
    substr is used to retrieve part of a string.
    I was using substr in my example to get the first two characters.

    PHP Code:
     substr($oldhash02); 
    $oldhash is the source string.
    0 is the start point (0 = the very start)
    2 is how many characters to get

    Check out substr in the manual for more info.

  7. #7
    SitePoint Member
    Join Date
    Aug 2004
    Location
    UK
    Posts
    16
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Got ya :-)

    All makes sense now :-)

    Thanks very much!!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •