From: tgourrier at hotmail dot com
Operating system: All
PHP version: 4.3.1
PHP Bug Type: HTTP related
Bug description: HTTP Authentication against file created by htpasswd
Description:
------------
This is a functionality enhancement request.
There are two ways to authenticate a user with PHP -- flat file and
database. If you use a flat file, there is no simple way (ie built in
function) to use a flat file already created by the apache program
htpasswd for authentication. Instead you have to perform the following
steps:
1) Read the file created by htpasswd.
2) Split the file into lines -- each representing a user.
3) Parse each line into a userid and an encrypted password.
4) Read the first two characters of the encrypted password, and use that
as the salt to encrypt user provided password.
5) Compare the file's encrypted password to the user provided encrypted
password.
This is a lot of work for such a common task, and seems like there should
be a built in function which takes care of this for example:
boolean authenticate_htpasswd(string username, string clear_password,
string password_file)
Reproduce code:
---------------
<?
function authenticate_htpasswd ($passwd_file, $auth_passwd =
$_SERVER['PHP_AUTH_PW'], $auth_userid = $_SERVER['PHP_AUTH_USER'])
{
if (file_exists($passwd_file))
{
$fp = fopen($passwd_file, "r");
$file_contents = fread($fp, filesize($passwd_file));
fclose($fp);
} else {
return false;
}
$line = explode("\n", $file_contents);
$i = 0;
while($i <= sizeof($line))
{
$data_pair = explode(":", $line[$i]);
if ($data_pair[0] == $auth_userid)
{
$enc_file_passwd = $data_pair[1];
$salt = substr($enc_file_passwd,0,2);
$enc_auth_passwd = crypt($auth_passwd, $salt);
if ($enc_file_passwd == $enc_auth_passwd)
{
return true;
break;
}
}
$i++;
}
return false;
}
?>
Expected result:
----------------
Take a string representing a file created by htpasswd and authenticate
against either a provided username and password or the
_SERVER['PHP_AUTH_*'] variables.
--
Edit bug report at http://bugs.php.net/?id=24767&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=24767&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=24767&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=24767&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=24767&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=24767&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=24767&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=24767&r=support
Expected behavior: http://bugs.php.net/fix.php?id=24767&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=24767&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=24767&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=24767&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=24767&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=24767&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=24767&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=24767&r=gnused
