Jump to content


Photo

Verify that .htpasswd is in place or warn?


  • Please log in to reply
8 replies to this topic

#1 Braet

Braet
  • Members
  • PipPip
  • Member
  • 12 posts

Posted 27 July 2006 - 06:03 AM

I know in perl it is a very easy thing to check to see if an .htaccess/.htpasswd is in place on (and used to access) the directory your script resides in - and then print a warning (ie: you lazy bum, add some pass protection to this will you?).  Seems I am at a loss on how to do this with php however.  I have tried various searches and have come to the conclusion I'm just not using the proper key words. 

I do not want to authenticate w/php - just want to remind the user that they haven't locked up their admin.

any code snips?  Links?  examples?  sympathies?
tia!

#2 Ifa

Ifa
  • Members
  • PipPipPip
  • Advanced Member
  • 88 posts
  • LocationRauma, Finland

Posted 27 July 2006 - 06:08 AM

file_exists?
I'm just a guy who likes to code for fun...

#3 Braet

Braet
  • Members
  • PipPip
  • Member
  • 12 posts

Posted 27 July 2006 - 06:32 AM

that will only show if it exists, not that they exist in the proper places (the .htaccess would of course be an obvious check - it would need to be in the same directory - but the .htpasswd file should be in root (non-web-accessible) on most servers).

I should be able to check via the actual information sent via the login.  For the life of me I can not find my Perl script I did this in but want to say it was a check to see if $ENV('REMOTE_USER') or AUTH_USER (or something along those lines) was empty, give the warning - if it had info, they log'd in.

Such a lack of sleep the past week however, that may be a code snippet floating in my head from something completely different.

#4 Ifa

Ifa
  • Members
  • PipPipPip
  • Advanced Member
  • 88 posts
  • LocationRauma, Finland

Posted 27 July 2006 - 06:39 AM

Would file_exists($_SERVER['DOCUMENT_ROOT'].'.htpasswd'); help?
I'm just a guy who likes to code for fun...

#5 Braet

Braet
  • Members
  • PipPip
  • Member
  • 12 posts

Posted 27 July 2006 - 07:50 AM

well.. yes & no.

Yes:  it would likely show me that the .htpasswd file is in root, and that there is an .htaccess in the proper directory. 

No:  It would not show me if that directory was password protected (as both files could be blank, or the .htpasswd could have auth info for a diff directory, etc).

still researching it and if I find the answer before someone comes up w/it here I'll post my results for any searching in the future.



#6 Ifa

Ifa
  • Members
  • PipPipPip
  • Advanced Member
  • 88 posts
  • LocationRauma, Finland

Posted 27 July 2006 - 08:19 AM

Well, I can honestly say that I know little about .hta and .htp files, and so this may seem very stupid, but how about using $array = file('.htaccess');
and then just
if(in_array('what ever needs to be there', $array)) echo 'Your all good!';
else echo 'Your not so good';
:-\
I'm just a guy who likes to code for fun...

#7 Braet

Braet
  • Members
  • PipPip
  • Member
  • 12 posts

Posted 27 July 2006 - 09:44 AM

an .htpasswd file stores the username and (usually encrypted) password(s) for login to a specific directory.

an .htaccess file is basically a set of server instructions.  In this instance, it would provide the server w/the instruction that this directory is password protected, and you can look here (path to .htpasswd file) to find the user/pass information that is allowed (.htaccess can be used for so much more, this is just one use).

an .htaccess/.htpasswd can have various info in it - some things will always be different (username, encrypted password in the .htpasswd file - path to user root, log in comment, and other things depending if they will have only 1 user or multiples).

ie: lots of coding to strip, match, if/else, etc - when I know that perl can do it in 2 lines (if they didnt authenticate to get here, tell 'em they have a security issue).

If perl can do it, I know php can.

From what I have found so far, seems the methods would be different depending if you are running php in cgi mode (my host does).  I will find this, I will I will I will! ;)

#8 Ifa

Ifa
  • Members
  • PipPipPip
  • Advanced Member
  • 88 posts
  • LocationRauma, Finland

Posted 27 July 2006 - 09:48 AM

Ah, ok. I hope you find a solution. I only use .htaccess for denying access to a certain folder, I use php to make my authing stuff... :)
I'm just a guy who likes to code for fun...

#9 Braet

Braet
  • Members
  • PipPip
  • Member
  • 12 posts

Posted 27 July 2006 - 10:35 PM

givinga little bump hoping someone today has an idea on this - still haven't found an answer.

tia




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users