PHP :: Bug #24767 :: HTTP Authentication against file created by htpasswd

Bug #24767	HTTP Authentication against file created by htpasswd
Submitted:	2003-07-23 07:57 UTC	Modified:	2003-07-23 08:31 UTC
From:	tgourrier at hotmail dot com	Assigned:
Status:	Not a bug	Package:	HTTP related
PHP Version:	4.3.1	OS:	All
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	tgourrier at hotmail dot com
New email:
PHP Version:		OS:

New Comment:

[2003-07-23 07:57 UTC] tgourrier at hotmail dot com

Description:
------------
This is a functionality enhancement request.

There are two ways to authenticate a user with PHP -- flat file and database. If you use a flat file, there is no simple way (ie built in function) to use a flat file already created by the apache program htpasswd for authentication. Instead you have to perform the following steps:
1) Read the file created by htpasswd.
2) Split the file into lines -- each representing a user.
3) Parse each line into a userid and an encrypted password.
4) Read the first two characters of the encrypted password, and use that as the salt to encrypt user provided password.
5) Compare the file's encrypted password to the user provided encrypted password.

This is a lot of work for such a common task, and seems like there should be a built in function which takes care of this for example:
boolean authenticate_htpasswd(string username, string clear_password, string password_file)

Reproduce code:
---------------
<?
function authenticate_htpasswd ($passwd_file, $auth_passwd = $_SERVER['PHP_AUTH_PW'], $auth_userid = $_SERVER['PHP_AUTH_USER'])
{
   if (file_exists($passwd_file))
   {
	$fp = fopen($passwd_file, "r");
	$file_contents = fread($fp, filesize($passwd_file));
	fclose($fp);
   } else {
   	return false;
   }

   $line = explode("\n", $file_contents);

   $i = 0;

   while($i <= sizeof($line))
   {
	$data_pair = explode(":", $line[$i]);

	if ($data_pair[0] == $auth_userid)
	{
	   $enc_file_passwd = $data_pair[1];
	   $salt = substr($enc_file_passwd,0,2);
	   $enc_auth_passwd = crypt($auth_passwd, $salt);
	   if ($enc_file_passwd == $enc_auth_passwd)
	   {
	   	return true;
	   	break;
	   }
	}
	$i++;
   }

   return false;

}
?>


Expected result:
----------------
Take a string representing a file created by htpasswd and authenticate against either a provided username and password or the _SERVER['PHP_AUTH_*'] variables.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-07-23 08:31 UTC] iliaa@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

If the authentication fails PHP_AUTH_PW & PHP_AUTH_USE won't be populated. If they are populated it implies the authentication had succeeded.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Apr 20 08:01:30 2024 UTC