Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Crypt in PHP w/ htaccess

Status
Not open for further replies.
gagz

gagz

Programmer
Nov 21, 2002
333
US
Are there crypt methods in PHP that I can use in conjuction with password files that htaccess can read? If so, anyone have any good links to it?
 
Sort by date Sort by votes
If your intent is to write a PHP script which will allow you to manage Apache permissions, I recommend that, if available, you invoke the htpasswd application externally.

Apache's authentication system uses either the system's crypt() function (if available) or a modified version of MD5.


Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
ok, i think that will be best if i can get it too work. I was running htpasswd on the command line, with -b and -c, passing the username and password. Looks like the pw file is created correctly, and my .htaccess file looks fine, but it doesn't like any passwords. Any idea?
 
Upvote 0 Downvote
DaButcher-

Can you expand on that statement? I'm not guru at this, so I don't know what md5 is...
 
Upvote 0 Downvote
Sure it is. Unix crypt() and md5() are both one way hash functions. In fact, many linux distributions use md5 checksums for their system password hashes, it allows you to use longer passwords securely.
 
Upvote 0 Downvote
Hmm.. I know I've had discussions about this, maybe 1 year ago. I wanted to use md5, but ended up using crypt().

the md5 is one-way and therefore the passwords can not be decrypted.

I know this might not be a problem, but I dont remember specifically why crypt() was better.

I will try to look it up.

 
Upvote 0 Downvote
unix crypt() is one-way and cannot be decrypted. It as a misnomer because it is not an encryption, but a hashing algorithm.

The method to authenticate is to take the password the user offers, crypt or md5 it and compare it to the stored hash.

Whoever told you not to use md5 probably didn't know what they were talking about. md5 is actually better than crypt because the probability of a hash collision (two passwords having the same hash value) is orders of magnitude smaller.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

cdlvj
  • Question
PHP Debugging
Replies
0
Views
105
cdlvj
cdlvj
SashaBuilder3
  • Locked
  • Question
import CSV file into MySql table in PhpMyAdmin
Replies
0
Views
373
SashaBuilder3
SashaBuilder3
PeDa
  • Locked
  • Question
Unwanted spaces in php HTML mail 1
Replies
4
Views
312
PeDa
PeDa
Mandy_crw
  • Locked
  • Question
How to send sms in PHP using usb gsm modem?
Replies
1
Views
335
vishvajit
vishvajit
lflynnlrf
  • Locked
  • Question
wordpress/ shortcode/ PHP duplicating code
Replies
1
Views
158
spamjim
spamjim

Part and Inventory Search

Sponsor

Back
Top