HTTP-Authentication with .htpasswd file
https://stackoverflow.com/questions/10887735
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
PHP offers the possibility to use HTTP-Authentication.
However, it is difficult to use .htpasswd-files.
There are scripts to check the .htpasswd file within php (for example this one). However, these scripts are quite complex and most of them don't support all relevant encryption types (like MD5 which is the default used by the program htpasswd).
With a standard .htaccess file it is much easier (just AuthUserFile <.htpasswd-file> is needed).
However, I would like to avoid an explicit .htaccess file and use php instead.
Is there an easy way to check a .htpasswd-file using php? Can php perhaps "ask" apache if access should be granted?
La solution
I doubt that there is direct way to ask apache for authenticating user, but there are few workarounds for it:
- implement missing algos for yourself: APR1-MD5, SHA
- Use with
shell_exec("htpasswd -nb $user $password")to generate hash and check in .htpasswd file - Setup virtual server on internal interface that uses .htpasswd file to authenticate and perform curl call (with user credentials) to it, checking response header (200 for authorized, 4xx for not authorized)
