SitePoint Sponsor

User Tag List

Results 1 to 13 of 13
  1. #1
    SitePoint Evangelist dmsuperman's Avatar
    Join Date
    Feb 2005
    Location
    A box
    Posts
    516
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    htpasswd in Windows XP

    I have Apache2 running on Windows XP. It all works fine, just how I want, but htpasswd does not work how I want. I read that Windows XP uses non-encrypted users and passwords, so I tried john:doe as my .htpasswd file, that didn't work, I tried md5, I tried crypt, I tried using the htpasswd.exe file and that didn't work, the only time I was able to get it to create it, it still didn't work (it said automatically using md5, but when I go to the .htpasswd, it's not in md5 form, it looks more like crypt).

    How do I encrypt passwords to work with Windows XP? The box pops up to login but using my username and password does not work. How do I do it?
    <(^.^<) \(^.^\) (^.^) (/^.^)/ (>^.^)>
    Core 2 Duo E8400 clocked @ 3.375GHz, 2x2GB 800MHz DDR2 RAM
    5x SATA drives totalling 2.5TB, 7900GS KO, 6600GT

  2. #2
    SitePoint Wizard Dean C's Avatar
    Join Date
    Mar 2003
    Location
    England, UK
    Posts
    2,906
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've never had a problem like this before. I can always put it unencrypted and it'll work :s

  3. #3
    SitePoint Evangelist dmsuperman's Avatar
    Join Date
    Feb 2005
    Location
    A box
    Posts
    516
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think it worked a little while ago, but ever since I reinstalled Apache it doesn't work. I don't use .htpasswd or .htaccess, I changed it to htaccess.txt (and updated httpd.conf) and it almost works, but the htpasswd.txt has:
    user: pass
    directly in it, that's it, and it doesn't work. I put in the user and pass, it pops up 3 times, (after I put it in each time) then goes to 401 page.
    <(^.^<) \(^.^\) (^.^) (/^.^)/ (>^.^)>
    Core 2 Duo E8400 clocked @ 3.375GHz, 2x2GB 800MHz DDR2 RAM
    5x SATA drives totalling 2.5TB, 7900GS KO, 6600GT

  4. #4
    SitePoint Evangelist dmsuperman's Avatar
    Join Date
    Feb 2005
    Location
    A box
    Posts
    516
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok, using phpMyAdmin's http option for loggin in, that works, I just have no idea how they do it. Do you know what they do to do this?
    <(^.^<) \(^.^\) (^.^) (/^.^)/ (>^.^)>
    Core 2 Duo E8400 clocked @ 3.375GHz, 2x2GB 800MHz DDR2 RAM
    5x SATA drives totalling 2.5TB, 7900GS KO, 6600GT

  5. #5
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,692
    Mentioned
    20 Post(s)
    Tagged
    3 Thread(s)
    dm,

    I read something a short while ago about WinDze preventing encryption of the password - that's why you just can't do that on a WinDze boz (yeah, I'm using XP).

    That said, I HAVE implimented the same type of hashing (one way "encryption") via MySQL for a SESSIONS login so you can do what you want but NOT via Apache.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  6. #6
    SitePoint Evangelist dmsuperman's Avatar
    Join Date
    Feb 2005
    Location
    A box
    Posts
    516
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Could I have a look at that?
    <(^.^<) \(^.^\) (^.^) (/^.^)/ (>^.^)>
    Core 2 Duo E8400 clocked @ 3.375GHz, 2x2GB 800MHz DDR2 RAM
    5x SATA drives totalling 2.5TB, 7900GS KO, 6600GT

  7. #7
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,692
    Mentioned
    20 Post(s)
    Tagged
    3 Thread(s)
    dm,

    Certainly not all of it! Anyway, the operative part is where the hashed password is retrieved from the db with
    Code:
    $results = mysql_query("SELECT password FROM table WHERE password=PASSWORD('$password')");
    That hashed password is updated and stored using:
    Code:
    $updated = mysql_query("UPDATE table SET password = PASSWORD('$password') WHERE ... LIMIT 1");
    That way, MySQL's PASSWORD function creates the hash of the plain text $password.

    If that didn't give you the answer you're looking for, it'll point you in the right direction.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  8. #8
    SitePoint Evangelist dmsuperman's Avatar
    Join Date
    Feb 2005
    Location
    A box
    Posts
    516
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Oh I can do passwords and such fine, I'm in need of replicating the login box or using the real one
    <(^.^<) \(^.^\) (^.^) (/^.^)/ (>^.^)>
    Core 2 Duo E8400 clocked @ 3.375GHz, 2x2GB 800MHz DDR2 RAM
    5x SATA drives totalling 2.5TB, 7900GS KO, 6600GT

  9. #9
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,692
    Mentioned
    20 Post(s)
    Tagged
    3 Thread(s)
    dm,

    Two suggestions:

    http://httpd.apache.org/docs/programs/htpasswd.html

    and

    http://www.euronet.nl/~arnow/htpassw...mentation.html - unfortunately, this script's link to an encryption page doesn't seem to work any more.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  10. #10
    SitePoint Evangelist dmsuperman's Avatar
    Join Date
    Feb 2005
    Location
    A box
    Posts
    516
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have tried htpasswd and that does not work correctly either.
    <(^.^<) \(^.^\) (^.^) (/^.^)/ (>^.^)>
    Core 2 Duo E8400 clocked @ 3.375GHz, 2x2GB 800MHz DDR2 RAM
    5x SATA drives totalling 2.5TB, 7900GS KO, 6600GT

  11. #11
    SitePoint Evangelist dmsuperman's Avatar
    Join Date
    Feb 2005
    Location
    A box
    Posts
    516
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Holy. Crap.

    I was never aware you needed another blank line after your username and password, that's what my problem was every time. It works now, with unencrypted passwords.
    <(^.^<) \(^.^\) (^.^) (/^.^)/ (>^.^)>
    Core 2 Duo E8400 clocked @ 3.375GHz, 2x2GB 800MHz DDR2 RAM
    5x SATA drives totalling 2.5TB, 7900GS KO, 6600GT

  12. #12
    Apache Expert i_like_php's Avatar
    Join Date
    Nov 2001
    Location
    Dallas, Texas
    Posts
    1,342
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dklynn
    dm,

    Certainly not all of it! Anyway, the operative part is where the hashed password is retrieved from the db with
    Code:
    $results = mysql_query("SELECT password FROM table WHERE password=PASSWORD('$password')");
    That hashed password is updated and stored using:
    Code:
    $updated = mysql_query("UPDATE table SET password = PASSWORD('$password') WHERE ... LIMIT 1");
    That way, MySQL's PASSWORD function creates the hash of the plain text $password.

    If that didn't give you the answer you're looking for, it'll point you in the right direction.

    Regards,

    DK
    with the mysql part, how is this accomplished. i mean i've seen this setup before but never actually tried it for my own site.
    i love php

  13. #13
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,692
    Mentioned
    20 Post(s)
    Tagged
    3 Thread(s)
    i_like_php,
    Quote Originally Posted by i_like_php
    with the mysql part, how is this accomplished.
    I think it's done with smoke and mirrors!

    Seriously, MySQL has several VERY useful functions built into its engine with PASSWORD() being the one in use here. It certainly gets around the lack of cryptography on WinDze boxes.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •