Verify that .htpasswd is in place or warn?

[Braet]

I know in perl it is a very easy thing to check to see if an .htaccess/.htpasswd is in place on (and used to access) the directory your script resides in - and then print a warning (ie: you lazy bum, add some pass protection to this will you?).  Seems I am at a loss on how to do this with php however.  I have tried various searches and have come to the conclusion I'm just not using the proper key words. 

I do not want to authenticate w/php - just want to remind the user that they haven't locked up their admin.

any code snips?  Links?  examples?  sympathies?
tia!

[Ifa]

[url=http://www.php.net/file_exists]file_exists[/url]?

[Braet]

that will only show if it exists, not that they exist in the proper places (the .htaccess would of course be an obvious check - it would need to be in the same directory - but the .htpasswd file should be in root (non-web-accessible) on most servers).

I should be able to check via the actual information sent via the login.  For the life of me I can not find my Perl script I did this in but want to say it was a check to see if $ENV('REMOTE_USER') or AUTH_USER (or something along those lines) was empty, give the warning - if it had info, they log'd in.

Such a lack of sleep the past week however, that may be a code snippet floating in my head from something completely different.

[Ifa]

Would file_exists($_SERVER['DOCUMENT_ROOT'].'.htpasswd'); help?

[Braet]

well.. yes & no.

Yes:  it would likely show me that the .htpasswd file is in root, and that there is an .htaccess in the proper directory. 

No:  It would not show me if that directory was password protected (as both files could be blank, or the .htpasswd could have auth info for a diff directory, etc).

still researching it and if I find the answer before someone comes up w/it here I'll post my results for any searching in the future.

[Ifa]

Well, I can honestly say that I know little about .hta and .htp files, and so this may seem very stupid, but how about using $array = file('.htaccess');
and then just
if(in_array('what ever needs to be there', $array)) echo 'Your all good!';
else echo 'Your not so good';
:-\

[Braet]

an .htpasswd file stores the username and (usually encrypted) password(s) for login to a specific directory.

an .htaccess file is basically a set of server instructions.  In this instance, it would provide the server w/the instruction that this directory is password protected, and you can look here (path to .htpasswd file) to find the user/pass information that is allowed (.htaccess can be used for so much more, this is just one use).

an .htaccess/.htpasswd can have various info in it - some things will always be different (username, encrypted password in the .htpasswd file - path to user root, log in comment, and other things depending if they will have only 1 user or multiples).

ie: lots of coding to strip, match, if/else, etc - when I know that perl can do it in 2 lines (if they didnt authenticate to get here, tell 'em they have a security issue).

If perl can do it, I know php can.

From what I have found so far, seems the methods would be different depending if you are running php in cgi mode (my host does).  I will find this, I will I will I will! ;)

[Ifa]

Ah, ok. I hope you find a solution. I only use .htaccess for denying access to a certain folder, I use php to make my authing stuff... :)

[Braet]

givinga little bump hoping someone today has an idea on this - still haven't found an answer.

tia