|
|
Posted by "Richard Lynch" on 11/13/68 11:21
On Tue, July 5, 2005 4:13 am, Javier said:
> I ve a little script to validate a user using an Apache htpasswd file.
>
> I want to know how could/should I generate a crypted hash (with crypt or
> md5) with the entered password to match the password in the htpasswd file.
You want to use crypt, not md5.
Exactly how you call it depends on your Operating System's default
encryption algorith, I believe.
That's assuming the htpasswd file was created using the htpasswd shell
utility, and I'm sort of assuming that utility follows the Operating
System default encryption algorithm, though you'd have to read the man
pages or try it out to be sure. I suppose there might even be a way to
force htpasswd to use some alternative encryption method.
> I know how to use md5 or crypt functions but passing them entered password
> as a parameter, returned result dont match with the one in htpasswd file.
Give us a sample encrypted password, and show us the line in your script
where you called "crypt"
I'm putting money down that you didn't use the right salt, or that you
didn't use a salt at all, and the wrong encryption method is getting used.
I suppose it's also possible you've screwed up reading and tearing apart
the lines/fields inside the htpasswd file, though that's less likely...
--
Like Music?
http://l-i-e.com/artists.htm
Navigation:
[Reply to this message]
|