alexweber15 Posted June 2, 2009 Share Posted June 2, 2009 I've beta testing a website using htpasswd to protect the directory but I rely on 3rd party tools to generate user & password combinations and I don't like that. Some places say it's md5, others crypt() and others say its a specific apache md5 version but at the end of the day I haven't been able to emulate it... Can anyone shed some light please so that I can generate my own username & password combinations without relying on a third-party website? Thanks! Alex Quote Link to comment https://forums.phpfreaks.com/topic/160717-htpasswd-algorithm/ Share on other sites More sharing options...
PFMaBiSmAd Posted June 2, 2009 Share Posted June 2, 2009 It can actually be any algorithm, as long as you use the same one when you generate the value and compare the value. The most common is the crypt() DES-based The first thing you do is generate a random two character salt - <?php $salt_chars = array_merge(range(0,9),range('a','z'),range('A','Z')); // any printing ASCII character is allowed, I just used the numbers and letters in this example. shuffle($salt_chars); $salt = $salt_chars[0]; shuffle($salt_chars); $salt .= $salt_chars[0]; ?> Next, you generate the encrypted value from the entered password and the salt you just generated - <?php $user_input = "mypassword"; // this is the password you want to encrypt $htpass = crypt($user_input, $salt); // $salt is the two character random salt from the above code echo $htpass; ?> The line you put into the .htpasswd is just the usename with the above generated $htpass value - someusername:$htpass Quote Link to comment https://forums.phpfreaks.com/topic/160717-htpasswd-algorithm/#findComment-848193 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.