PHP: how to validate a password from htpasswd
Hello, I'm creating a script/page using PHP which will give the possibility to a user to change his password from htpasswd file, but I'm not sure how to ensure that the current password matches the password from htpasswd.
Does anybody know how to validate 'current password' against the password saved in htpasswd? |
It depends on http password format
See code example in http://httpd.apache.org/docs/2.2/mis...cryptions.html |
Quote:
|
To verify password, php should be able to open and read the file where http passwords are stored
Then you get the line that starts with "Username:<crypted password>" and compare the crypted password with the password you want to check crypted with same algorythm Function to crypt password: https://www.virendrachandak.com/tech...htpasswd-file/ |
Passwords are ordinarily stored in databases, not in files.
The most common strategy is to store a "salted hash." The password, plus a random number (the "salt"), is hashed using SHA1 (not MD5 ...), and both the resulting hash and the random number are stored. (The random number is not concealed.) |
Quote:
|
Quote:
Quote:
Quote:
|
Here is quick little PHP program that reads an APACHE htpasswd file and checks if the input password is valid
Code:
<?php |
All times are GMT -5. The time now is 01:43 AM. |