Htaccess md5

Ok, this has been driving me mad for a while so as a last resort I’m asking for help here as I’m going round in circles…

I have a members area that works fine, when the user registers, the script generates a random 7 digit password, emails it out and then saves it into the database as md5 encryption.

My script creates a folder from a user form and copies folders and files from a source into the newly made folder.
In that folder there is a Admin folder that will contain a CMS for content to be written to the user made folder.

Now i want only the registered user to access that admin dir so i need something more that just the membership verification as that will let anybody in to any bodys folder who has registered.

I have chosen to go down the .htaccess route, so in the user registration process, php writes a .htpasswd$username file and saves it outside the public_html, when the user creates his Dir, php also writes the .htaccess

Php makes the files ok although when i open the admin/index in my browser i get a error 500…

Here be some class’s
make password and store in md5

function makeRandomPassword() {
  $salt = "abchefghjkmnpqrstuvwxyz0123456789";
  	$i = 0;
  	while ($i <= 7) {
    		$num = rand() % 33;
    		$tmp = substr($salt, $num, 1);
    		$pass = $pass . $tmp;
  	return $pass;

$random_password = makeRandomPassword();

$db_password = md5($random_password);

and store in db.
send activation email to user,
on activation from url make .htpasswd

// Create variables from URL.

$userid = $_REQUEST['id'];
$code = $_REQUEST['code'];
$username = $_REQUEST['username'];

$sql = mysql_query("UPDATE users SET activated='1' WHERE userid='$userid' AND password='$code'");

$sql_doublecheck = mysql_query("SELECT * FROM users WHERE userid='$userid' AND password='$code' AND activated='1'");
$doublecheck = mysql_num_rows($sql_doublecheck);

//make .ht
$query  = "SELECT username, password FROM users";
$result = mysql_query($query);

while($row = mysql_fetch_array($result, MYSQL_ASSOC))
$username =$row['username'];
$password =$row['password'];
$filename = ".htpasswd".$username."";
$fp = fopen("/home/monsmegm/sec/".$filename."", "w");

when the user makes his directory it include the following file

AuthDigestFile /home/public_html/website/members/newdir/admin/.htpasswd
AuthType Digest
AuthName "Member Page"
AuthDigestDomain /admin/
AuthDigestNonceLifetime 300
require user userguy

Using the AuthType Basic method works fine when i use a online htaccess generator thing so i dont think its anything to do with the .httpd file that i cant edit anyway as im working on a shared server.

I have a feeling i’m on some goose chase… any help will be greatly appreciated


What you’re doing should work (for 5 minutes).

I think I’d use PHP and a MySQL db to control the access to each (admin) directory, though.



Thanks DK, yeah it should work but its not happening, So i hit the bottle finally last night :slight_smile:
What do you mean for only 5 mins tho?
The members area function uses the db to check details, i suppose i could edit that to control access to admin dirs like you said…
Any suggestiongs on how to do that? im thinking by checking users ID?
much thanks


:beer: I don’t think so well after a few of those! However, I do my BEST thinking away from the computer (a shower works wonders but a long walk also works).

AuthDigestNonceLifetime 300 says it’s good for 5 minutes (300 seconds).

I use $_SESSION with logins that are matched to a hash in a db table. You can control the sessions timeout easily - it looked like you knew PHP well enough for this to be a snap!