chinclub Posted May 24, 2007 Share Posted May 24, 2007 I have a pretty large password protected community using .htpasswd. Now that I am getting the hang of PHP I would like to create a new member area using PHP and cookies so members didn't have to sign into every script. It would take forever to move all of that info into a database. Is there a way to use PHP to let someone log in and check their user info against the .htpasswd file? I've looked all over the internet but the only scripts or tutorials I could find were on writing passwords to the file not logging people in using them. Quote Link to comment Share on other sites More sharing options...
corbin Posted May 24, 2007 Share Posted May 24, 2007 I forget how the passwords are encrypted for storage in a .htpasswd file, but you could use that same encryption in combination with a MySQL table and so something like the following: <?php if (!isset($_SERVER['PHP_AUTH_USER'])) { //you may also want to check a session var or something.... this is copied from http://www.php.net/manual/tw/features.http-auth.php header('WWW-Authenticate: Basic realm="My Realm"'); header('HTTP/1.0 401 Unauthorized'); echo 'Text to send if user hits Cancel button'; exit; } else { $user = $_SERVER['PHP_AUTH_USER']; $pass = $_SERVER['PHP_AUTH_PW']; if(!empty($user) && !empty($pass)) { //connect to a mysql db $q = "SELECT something FROM somewhere WHERE somefield = '".addslashes($user)."' AND someotherfield = '".addslashes($pass)."'"; $q = mysql_query($q); if(mysql_num_rows($q) > 0) { //user correct!!!!! //set some session variable or something } else { //incorrect password.... send the form again } } else { //resend the password prompt and what not } echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>"; echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>"; } ?> http://www.php.net/manual/tw/features.http-auth.php Quote Link to comment Share on other sites More sharing options...
per1os Posted May 24, 2007 Share Posted May 24, 2007 If you know the algorithm you can do it by using www.php.net/file and getting each line into an array than splitting each entry at ":" where first part is username second is password and check the entered password vs the one in the htpasswd file, this is where you would need the algorithm to hash the password they gave you and check it against the one in the file. If it is good set a cookie with the hashed password and username combination and there you go. Quote Link to comment Share on other sites More sharing options...
corbin Posted May 24, 2007 Share Posted May 24, 2007 That was my first thought as well, but once you got into the higher number of users, that could create problems.... Quote Link to comment Share on other sites More sharing options...
per1os Posted May 24, 2007 Share Posted May 24, 2007 Yea MySQL is definitely the way to go for speed etc, but it seems like he wants the "quick fix". Either way he has 2 options now =) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.