updating .htpasswd file

**Estella** · Aug 25, 2004 13:39

Hi

Can anyone spot the obvious mistake in the below??

exec("htpasswd -b ".$_POST['username']." ".$_POST['password_1'])
or die(".htpasswd file update has failed");

The .htpasswd file for the purpose of this test is in the same directory as the script running the above code.

Thanks for your help

Estella

**Gentoo** · Aug 27, 2004 03:09

are you allowed to use exec() with your hosting? some have it disabled

**boccio** · Sep 5, 2004 07:08

you didn't specify file name - .htpasswd

exec("htpasswd -b .htpasswd ".$_POST['username']." ".$_POST['password_1'])
or die(".htpasswd file update has failed");

**okrogius** · Sep 6, 2004 00:24

Actually the obvious mistake is lack of any validation/cleaning done on the _POST variables. Never trust user input untill you implicitly make sure it's safe. Plus making the htpasswd file world writable may not be the best idea either.

User Tag List

Thread: updating .htpasswd file

Thread Tools

Display

updating .htpasswd file

Bookmarks

Bookmarks

Posting Permissions