Jump to content

Archived

This topic is now archived and is closed to further replies.

Braet

Verify that .htpasswd is in place or warn?

Recommended Posts

I know in perl it is a very easy thing to check to see if an .htaccess/.htpasswd is in place on (and used to access) the directory your script resides in - and then print a warning (ie: you lazy bum, add some pass protection to this will you?).  Seems I am at a loss on how to do this with php however.  I have tried various searches and have come to the conclusion I'm just not using the proper key words. 

I do not want to authenticate w/php - just want to remind the user that they haven't locked up their admin.

any code snips?  Links?  examples?  sympathies?
tia!

Share this post


Link to post
Share on other sites
[url=http://www.php.net/file_exists]file_exists[/url]?

Share this post


Link to post
Share on other sites
that will only show if it exists, not that they exist in the proper places (the .htaccess would of course be an obvious check - it would need to be in the same directory - but the .htpasswd file should be in root (non-web-accessible) on most servers).

I should be able to check via the actual information sent via the login.  For the life of me I can not find my Perl script I did this in but want to say it was a check to see if $ENV('REMOTE_USER') or AUTH_USER (or something along those lines) was empty, give the warning - if it had info, they log'd in.

Such a lack of sleep the past week however, that may be a code snippet floating in my head from something completely different.

Share this post


Link to post
Share on other sites
Would file_exists($_SERVER['DOCUMENT_ROOT'].'.htpasswd'); help?

Share this post


Link to post
Share on other sites
well.. yes & no.

Yes:  it would likely show me that the .htpasswd file is in root, and that there is an .htaccess in the proper directory. 

No:  It would not show me if that directory was password protected (as both files could be blank, or the .htpasswd could have auth info for a diff directory, etc).

still researching it and if I find the answer before someone comes up w/it here I'll post my results for any searching in the future.

Share this post


Link to post
Share on other sites
Well, I can honestly say that I know little about .hta and .htp files, and so this may seem very stupid, but how about using $array = file('.htaccess');
and then just
if(in_array('what ever needs to be there', $array)) echo 'Your all good!';
else echo 'Your not so good';
:-\

Share this post


Link to post
Share on other sites
an .htpasswd file stores the username and (usually encrypted) password(s) for login to a specific directory.

an .htaccess file is basically a set of server instructions.  In this instance, it would provide the server w/the instruction that this directory is password protected, and you can look here (path to .htpasswd file) to find the user/pass information that is allowed (.htaccess can be used for so much more, this is just one use).

an .htaccess/.htpasswd can have various info in it - some things will always be different (username, encrypted password in the .htpasswd file - path to user root, log in comment, and other things depending if they will have only 1 user or multiples).

ie: lots of coding to strip, match, if/else, etc - when I know that perl can do it in 2 lines (if they didnt authenticate to get here, tell 'em they have a security issue).

If perl can do it, I know php can.

From what I have found so far, seems the methods would be different depending if you are running php in cgi mode (my host does).  I will find this, I will I will I will! ;)

Share this post


Link to post
Share on other sites
Ah, ok. I hope you find a solution. I only use .htaccess for denying access to a certain folder, I use php to make my authing stuff... :)

Share this post


Link to post
Share on other sites
givinga little bump hoping someone today has an idea on this - still haven't found an answer.

tia

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.