Mike's Pub -> Discussion Corner -> Questions on Web Programming (Perl/PHP)

 Encrypting htpasswd files using PHP's crypt function [ Reply ] [ Back to Index ] Top Bottom

Author : Jason
Date: 2002/09/18 06:34

I've created a htaccess authentication system using PHP, which encrypts the password using
DES with the crypt() function with Apache for Unix based systems, but I'm having a problem
editting the system for use on Apache for Windows.

It says that windows uses MD5 encryption, however the MD5 which the crypt function uses
must be different. Any input?

see ya,
Jason

 Re: Encrypting htpasswd files using PHP's crypt function [ Reply ] [ Back to Index ] Top Bottom

Author: Jasper
Date: 2002/09/19 12:43

Well, I'm having the same problem. Some research resulted in the discovery that Apache
apparently uses a modified MD5 algorithm, which, of course, PHP doesn't use. Bummer....

 Re: Encrypting htpasswd files using PHP's crypt function [ Reply ] [ Back to Index ] Top Bottom

Author : Mike
Date: 2002/09/19 17:09

Indeed, the normal MD5 crypt uses the format

magic $1$ followed by 12-char salt followed by 22-char hash

while Apache MD5 crypt seems to use the format

magic $apr1$ followed by 8-char salt followed by $ followed by 22-char hash

So when you try to use PHP's default crypt($password,$hashedpwd) function, it doesn't
recognize the hashed password as a valid MD5 format, and won't generate the same hash in
return either.

Perl has solved this with the Crypt::PasswdMD5 module (available from CPAN), but there
doesn't seem to be an equivalent for PHP yet.

So if you want to generate valid Apache MD5 passwords, you'll probably have to go through
the htpasswd.exe function (included in Apache's /bin directory). Of course, you don't want
to use this to *validate* passwords, only to *generate* them if you can't find some other
way...

You can probably re-write the Perl module into a PHP function too, of course.

 PEAR! [ Reply ] [ Back to Index ] Top Bottom

Author: Eloi Granado
Date: 2004/09/07 08:58

It may be newer than the discussion here, but if anyone arrives here from Google, head
onto http://pear.php.net/package/File_Passwd/

 Re: Encrypting htpasswd files using PHP's crypt function [ Reply ] [ Back to Index ] Top Bottom

Author : comee qin
Date: 2004/10/08 00:28

just created one program that I think you may be interested. Some of the code were
borrowed from apache apr.lib source.

You may look at http://php.kuchingfest.com

Did a source comparison with File_Passwd class. The code Written is similar.

 Reply [ Back to Index ] Top Bottom
Name : or OpenID OpenID Login
E-mail : (optional)
Subject :
Message :
MathGuard security question: 1 + 2 =
 

Mike's Pub -> Discussion Corner -> Questions on Web Programming (Perl/PHP)